Jump to content

Malwarebytes removed Trojan-Ransom, but am I still infected?


DKap

Recommended Posts

Hello! I'm new to the forum and hope you can help.

My week-old Win7 computer started showing suspicious behavior two days ago. Some of the system icons, such as .mp3 changed to a generic white rectangle, though the files still work. Various "fixes" posted on Microsoft failed.

I downloaded Malwarebytes which discovered Trojan-Ransom and removed it (McAfee which is running on the system did not find it). I've rebooted several times and re-scanned with Malwarebytes, which does not see any further infection. I'm concerned that the Trojan may still be lurking, based on other reports of recurrent infection. Can you help me investigate further? THX :)

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455

Run by David at 20:10:40 on 2012-11-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8153.5675 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\mfevtps.exe

C:\PROGRA~2\SQUEEZ~1\server\SqueezeSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

uDefault_Page_URL = hxxp://dell13.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121110234248.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{C708C6C8-AA35-497C-9F47-265D94DEE69F} : DHCPNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20121110234248.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-2 16152]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-2 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-2 204288]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-2 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 399432]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-11-13 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-11-13 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-11-13 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-11-2 237920]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-11-2 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-2 177144]

R2 squeezesvc;Logitech Media Server;C:\PROGRA~2\SQUEEZ~1\server\SqueezeSvr.exe [2012-11-14 14032993]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-2 363800]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-11-2 76960]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-2 93712]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-2 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-2 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-2 787736]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-2 648808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-13 196440]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-26 25928]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-11-2 224704]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]

S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-9-4 25584]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-12 1255736]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-11-13 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-26 22:42:52 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes

2012-11-26 22:42:43 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-26 22:42:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-26 22:42:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-26 17:06:46 -------- d-----w- C:\Program Files (x86)\Staples CD Labeler v5

2012-11-26 16:58:04 -------- d-----w- C:\Users\David\AppData\Local\MicroVision Applications

2012-11-26 16:45:45 -------- d-----w- C:\Program Files (x86)\Staples CD Labeler

2012-11-26 16:45:45 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared

2012-11-25 17:03:08 -------- d-----w- C:\Users\David\AppData\Roaming\FreeFileSync

2012-11-25 17:01:35 -------- d-----w- C:\Program Files\FreeFileSync

2012-11-25 17:01:34 -------- d-----w- C:\Users\David\AppData\Local\CrashDumps

2012-11-24 22:25:35 -------- d-----w- C:\Users\David\AppData\Local\Apps

2012-11-24 18:47:46 -------- d--h--w- C:\ProgramData\CanonIJScan

2012-11-20 01:04:55 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity

2012-11-20 01:03:25 -------- d-----w- C:\Program Files (x86)\Lame For Audacity

2012-11-20 00:48:51 -------- d-----w- C:\Program Files (x86)\Audacity

2012-11-19 04:55:02 -------- d-----w- C:\Programs

2012-11-19 04:14:33 -------- d-----w- C:\Program Files (x86)\IrfanView

2012-11-19 03:29:19 -------- d-----w- C:\Users\David\AppData\Roaming\EAC

2012-11-19 03:29:17 -------- d-----w- C:\Users\David\AppData\Roaming\AccurateRip

2012-11-19 03:29:10 -------- d-----w- C:\Program Files (x86)\Exact Audio Copy

2012-11-19 01:53:48 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

2012-11-19 01:53:33 -------- d-----w- C:\Program Files\Dell Support Center

2012-11-19 00:15:40 -------- d-----w- C:\Users\David\AppData\Roaming\Dell

2012-11-19 00:15:37 -------- d-----w- C:\Users\David\AppData\Roaming\PCDr

2012-11-19 00:15:13 -------- d-----w- C:\ProgramData\PCDr

2012-11-19 00:09:06 -------- d-----w- C:\Users\David\AppData\Local\Dell Edoc Viewer

2012-11-15 21:02:22 -------- d-----w- C:\Users\David\AppData\Local\CutePDF Writer

2012-11-15 19:02:48 -------- d-----w- C:\Program Files (x86)\GPLGS

2012-11-15 19:01:51 87152 ----a-w- C:\Windows\System32\cpwmon64.dll

2012-11-15 19:01:50 -------- d-----w- C:\Program Files (x86)\Acro Software

2012-11-15 13:34:01 -------- d-----w- C:\Users\David\AppData\Local\ElevatedDiagnostics

2012-11-15 05:09:08 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-15 05:09:08 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-15 05:09:08 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-15 05:09:08 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-15 05:05:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-15 05:05:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-15 05:05:20 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-15 05:05:20 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-15 05:05:20 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-15 05:05:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-15 05:05:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-15 05:04:38 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-11-15 05:04:38 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-11-15 05:04:38 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-15 05:04:38 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-11-15 05:04:37 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-11-15 05:04:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-15 05:04:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-11-15 05:04:37 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-11-15 05:04:37 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-11-15 05:04:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-11-15 05:04:35 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-11-15 01:50:12 -------- d-----w- C:\Users\David\AppData\Roaming\foobar2000

2012-11-15 01:50:07 -------- d-----w- C:\Program Files (x86)\foobar2000

2012-11-14 05:59:56 -------- d-----w- C:\Users\David\AppData\Local\Diagnostics

2012-11-14 05:41:19 -------- d-----w- C:\ProgramData\Squeezebox

2012-11-14 05:41:19 -------- d-----w- C:\Program Files (x86)\Squeezebox

2012-11-14 02:48:58 -------- d-----w- C:\updates

2012-11-14 00:56:09 -------- d-----w- C:\Users\David\AppData\Local\Google

2012-11-13 14:23:58 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys

2012-11-12 18:07:12 -------- d-----w- C:\Users\David\AppData\Local\Adobe

2012-11-12 17:47:54 -------- d-----w- C:\Program Files\Common Files\CANON

2012-11-12 17:46:14 -------- d-----w- C:\Program Files\Canon

2012-11-12 17:44:57 -------- d-----w- C:\ProgramData\Canon IJ Network Tool

2012-11-12 17:44:56 -------- d-----w- C:\Program Files (x86)\Canon

2012-11-12 17:44:55 307200 ----a-w- C:\Windows\SysWow64\CNC870L.dll

2012-11-12 17:44:55 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll

2012-11-12 17:44:55 102400 ----a-w- C:\Windows\SysWow64\CNC870U.dll

2012-11-12 17:41:02 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL

2012-11-12 17:41:02 366592 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL

2012-11-12 17:41:02 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL

2012-11-12 17:41:02 -------- d-----w- C:\Windows\System32\STRING

2012-11-12 17:40:24 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA7.DLL

2012-11-12 17:40:24 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA7.DLL

2012-11-12 17:40:05 385024 ----a-w- C:\Windows\System32\CNMLMA7.DLL

2012-11-12 17:40:00 2560 ----a-w- C:\Windows\System32\CNCFLmTH.DLL

2012-11-12 17:40:00 2560 ----a-w- C:\Windows\System32\CNCFLmKR.DLL

2012-11-12 17:40:00 2048 ----a-w- C:\Windows\System32\CNCFLmTW.DLL

2012-11-12 08:31:08 -------- d-----w- C:\Windows\SysWow64\Wat

2012-11-12 08:31:08 -------- d-----w- C:\Windows\System32\Wat

2012-11-11 14:26:48 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

2012-11-11 12:31:26 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-11-11 12:31:20 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2012-11-11 12:31:20 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2012-11-11 12:31:02 395776 ----a-w- C:\Windows\System32\webio.dll

2012-11-11 12:31:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2012-11-11 12:31:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-11-11 12:31:00 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-11-11 12:31:00 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-11-11 12:28:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-11 12:27:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-11-11 12:27:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-11-11 01:46:18 -------- d-----w- C:\Users\David\AppData\Local\Microsoft Help

2012-11-10 23:03:53 -------- dc----w- C:\Users\David\AppData\Local\MigWiz

2012-11-10 23:01:34 -------- d-----w- C:\Users\David\AppData\Roaming\Intel Corporation

2012-11-10 23:00:40 -------- d-----w- C:\Users\David\AppData\Local\BMExplorer

2012-11-10 23:00:34 -------- d-----w- C:\Users\David\AppData\Roaming\Atheros

2012-11-10 23:00:34 -------- d-----w- C:\Users\David\AppData\Local\ATI

2012-11-10 23:00:20 -------- d-----w- C:\Users\David\AppData\Local\VirtualStore

2012-11-10 22:58:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-11-10 22:56:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-11-10 22:56:10 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-11-10 22:56:09 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-11-10 22:56:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-11-02 22:06:20 0 ----a-w- C:\Windows\ativpsrm.bin

2012-11-02 22:05:45 -------- d-----w- C:\Windows\System32\SRSLabs

2012-11-02 22:05:24 -------- d-----w- C:\Program Files\Realtek

2012-11-02 22:05:23 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-11-02 22:00:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2012-11-02 21:57:24 -------- d-----w- C:\Apps

2012-11-02 21:50:03 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-11-02 21:50:00 331264 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys

2012-11-02 21:50:00 14848 ----a-w- C:\Windows\System32\IntcDAuC.dll

2012-11-02 21:47:54 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2012-11-02 21:45:51 -------- d-----w- C:\Windows\System32\oem

2012-11-02 21:45:50 -------- d-----w- C:\Drivers

2012-11-02 20:46:16 -------- d-----w- C:\ProgramData\Atheros

2012-11-02 20:40:48 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2012-11-02 20:37:29 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-11-02 20:37:27 177144 ----a-w- C:\Windows\System32\mfevtps.exe

2012-11-02 20:37:23 -------- d-----w- C:\Program Files\Common Files\mcafee

2012-11-02 20:37:23 -------- d-----w- C:\Program Files (x86)\mcafee.com

2012-11-02 20:37:22 -------- d-----w- C:\Program Files\mcafee.com

2012-11-02 20:37:22 -------- d-----w- C:\Program Files\mcafee

2012-11-02 20:37:22 -------- d-----w- C:\Program Files (x86)\McAfee

2012-11-02 20:37:22 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee

2012-11-02 20:36:02 -------- d-----w- C:\Windows\en

2012-11-02 20:35:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-11-02 20:35:04 -------- d-----w- C:\Windows\PCHEALTH

2012-11-02 20:34:35 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-11-02 20:34:35 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-11-02 20:34:35 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-11-02 20:34:35 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-11-02 20:33:36 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-11-02 20:33:36 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-11-02 20:32:08 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20f355d21cdb93903\DSETUP.dll

2012-11-02 20:32:08 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20f355d21cdb93903\DXSETUP.exe

2012-11-02 20:32:08 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20f355d21cdb93903\dsetup32.dll

2012-11-02 20:32:08 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\210b23941cdb93904\MeshBetaRemover.exe

2012-11-02 20:32:07 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20cd3fcd1cdb93902\DSETUP.dll

2012-11-02 20:32:07 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20a4c8691cdb93901\Silverlight.4.0.exe

2012-11-02 20:32:07 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20cd3fcd1cdb93902\DXSETUP.exe

2012-11-02 20:32:07 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\20cd3fcd1cdb93902\dsetup32.dll

2012-11-02 20:32:07 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-11-02 20:28:44 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys

2012-11-02 20:26:14 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros

2012-11-02 20:25:57 63648 ----a-w- C:\Windows\System32\athihvui.dll

2012-11-02 20:25:57 442528 ----a-w- C:\Windows\System32\athihvs.dll

2012-11-02 20:25:57 2797056 ----a-w- C:\Windows\System32\drivers\athrx.sys

2012-11-02 20:25:57 2797056 ----a-w- C:\Windows\System32\athrx.sys

2012-11-02 20:25:57 -------- d-----w- C:\Windows\System32\nn-NO

2012-11-02 20:25:57 -------- d-----w- C:\Windows\Options

2012-11-02 20:25:55 -------- d-----w- C:\Program Files (x86)\Dell Wireless

2012-11-02 20:25:54 -------- d-----w- C:\Program Files (x86)\Cisco

2012-11-02 20:25:05 -------- d-----w- C:\Program Files (x86)\Multimedia Card Reader(9106)

2012-11-02 20:24:17 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll

2012-11-02 20:24:16 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys

2012-11-02 20:24:16 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys

2012-11-02 20:24:16 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2012-11-02 20:24:16 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys

2012-11-02 20:24:12 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2012-11-02 20:23:29 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2012-11-02 20:21:05 -------- d-----w- C:\Intel

2012-11-02 20:21:02 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-11-02 20:20:53 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-11-02 20:20:44 -------- d-----w- C:\Program Files\ATI

2012-11-02 20:20:44 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-11-02 20:11:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-02 20:11:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-02 20:11:03 -------- d-----w- C:\Program Files\Dell Inc

2012-11-02 20:08:54 142336 ----a-w- C:\Windows\System32\poqexec.exe

2012-11-02 20:08:54 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2012-10-31 20:10:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll

2012-10-31 20:10:00 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2012-10-31 20:10:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2012-10-31 20:10:00 158536 ----a-w- C:\Windows\System32\atl100.dll

2012-10-31 20:10:00 138056 ----a-w- C:\Windows\SysWow64\atl100.dll

.

==================== Find3M ====================

.

2012-11-02 22:00:59 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-11-02 21:47:54 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:\\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

.

============= FINISH: 20:10:49.10 ===============

ATTACH Text

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/10/2012 5:55:37 PM

System Uptime: 11/26/2012 6:22:50 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0YJPT1

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz | CPU 1 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1851 GiB total, 1724.585 GiB free.

D: is CDROM ()

E: is Removable

F: is FIXED (NTFS) - 932 GiB total, 222.093 GiB free.

G: is Removable

H: is Removable

S: is Removable

T: is FIXED (NTFS) - 699 GiB total, 332.423 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP20: 11/15/2012 12:24:39 AM - Windows Update

RP21: 11/15/2012 2:18:09 PM - office bulk win7 updates & foobar

RP22: 11/16/2012 3:00:22 AM - Windows Update

RP23: 11/18/2012 4:56:10 PM - Windows Backup

RP24: 11/19/2012 7:46:47 PM - before audacity install

RP25: 11/25/2012 8:59:26 AM - Installed 7-Zip 9.20 (x64 edition)

RP26: 11/26/2012 11:20:27 AM - Windows Backup

RP27: 11/26/2012 5:25:28 PM - Restore Operation

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4) MUI

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Install Manager

Atheros Bluetooth Suite (64)

Audacity 2.0.2

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.1

Canon MX870 series MP Drivers

Canon Utilities Solution Menu

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CutePDF Writer 3.0

D3DX10

Dell Digital Delivery

Dell Edoc Viewer

Dell Support Center

Dell WLAN and Bluetooth Client Installation

eBay

Exact Audio Copy 1.0beta3

FFmpeg v0.6.2 for Audacity

foobar2000 v1.1.17 beta 1

FreeFileSync 5.9

Google Calendar Sync

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

IrfanView (remove only)

Junk Mail filter update

LADSPA_plugins-win-0.4.15

LAME v3.99.3 (for Windows)

Logitech Media Server 7.7.3

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee SecurityCenter

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

Multimedia Card Reader

QualxServ Service Agreement

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Shared C Run-time for x64

Skype™ 5.10

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

11/26/2012 6:25:21 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

11/26/2012 5:32:19 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

11/26/2012 5:28:17 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

11/26/2012 5:11:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/25/2012 10:54:57 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using the Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select Computer, find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Press the Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.

=====

Also, please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

=====

In your reply please post the contents of the following logs:

  • FRST.txt.
  • RogueKiller log.

Link to post
Share on other sites

Thanks for your quick response...really appreciate your help!

Here are the logs you requested:

FIRST.txt

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : David [Admin rights]

Mode : Scan -- Date : 11/27/2012 09:28:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 1W1ELLDN +++++

--- User ---

[MBR] 6f896d60972a9120b6119a4aa04f8bf1

[bSP] add3a3c021d31e2f1fd31cce66ea33aa : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12544 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25772032 | Size: 1895140 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Fantom External HDD USB Device +++++

--- User ---

[MBR] 7742485611119950435883489a1ff3fa

[bSP] eca0422a871376a7d10cb98dea59eac3 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: JetFlash Transcend 32GB USB Device +++++

--- User ---

[MBR] 56142f7d3cfeaa687d47756b2c9093e3

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 18160 | Size: 30939 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Initio WD7500AAKS-00RBA USB Device +++++

--- User ---

[MBR] 33778a7431a6b4744c14a30fc7e785ca

[bSP] 60e6a503683e98127ac809b6ffc02f92 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: DMI External HDD USB Device +++++

--- User ---

[MBR] a89ac0e6f3e2e749d7e3e0e7b7b5c1da

[bSP] acfb4f17c24d80280252d29e9551be73 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_11272012_02d0928.txt >>

RKreport[1]_S_11272012_02d0928.txt

========================================================================================================

RogueKiller log

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : David [Admin rights]

Mode : Scan -- Date : 11/27/2012 09:28:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: 1W1ELLDN +++++

--- User ---

[MBR] 6f896d60972a9120b6119a4aa04f8bf1

[bSP] add3a3c021d31e2f1fd31cce66ea33aa : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12544 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25772032 | Size: 1895140 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Fantom External HDD USB Device +++++

--- User ---

[MBR] 7742485611119950435883489a1ff3fa

[bSP] eca0422a871376a7d10cb98dea59eac3 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: JetFlash Transcend 32GB USB Device +++++

--- User ---

[MBR] 56142f7d3cfeaa687d47756b2c9093e3

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 18160 | Size: 30939 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Initio WD7500AAKS-00RBA USB Device +++++

--- User ---

[MBR] 33778a7431a6b4744c14a30fc7e785ca

[bSP] 60e6a503683e98127ac809b6ffc02f92 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: DMI External HDD USB Device +++++

--- User ---

[MBR] a89ac0e6f3e2e749d7e3e0e7b7b5c1da

[bSP] acfb4f17c24d80280252d29e9551be73 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_11272012_02d0928.txt >>

RKreport[1]_S_11272012_02d0928.txt

Link to post
Share on other sites

Hey DKap,

Well, no sign of anything nasty in your logs.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

=====

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please provide the contents of the following:

  • OTL.txt.
  • Extras.txt.
  • Both MBAR logs.

Link to post
Share on other sites

Thanks, TBK. Exras.txt. is below. OTL.txt is attached (post was too long even with only OTL.txt pasted as text). I'll send MBAR logs in a follow-on post.

Question: Could Explorer.exe registry errors identified in Extras.txt be related to my issue with replacement of some icons with generic white rectangles on desktop, start menu, and windows explorer (mp3, wav, flac, etc)?

---------------------------------------------

Extras.txt:

OTL Extras logfile created on: 11/28/2012 8:42:15 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.41% Memory free

15.92 Gb Paging File | 12.93 Gb Available in Paging File | 81.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1850.72 Gb Total Space | 1726.14 Gb Free Space | 93.27% Space Free | Partition Type: NTFS

Drive I: | 30.20 Gb Total Space | 29.62 Gb Free Space | 98.07% Space Free | Partition Type: FAT32

Drive U: | 1863.01 Gb Total Space | 1033.07 Gb Free Space | 55.45% Space Free | Partition Type: NTFS

Computer Name: DAVID-OFFICE | User Name: David | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)

"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)

"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)

"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)

"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)

"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)

"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)

"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)

"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)

"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)

"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)

"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)

"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)

"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)

"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)

"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp

"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)

"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)

"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)

"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)

"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)

"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)

"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)

"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)

"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)

"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)

"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)

"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)

"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)

"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)

"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)

"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp

"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{016D8585-0137-401B-A02C-002908CFB2F7}" = lport=139 | protocol=6 | dir=in | app=system |

"{092ADF16-69D4-42EB-961A-8511A3B229E5}" = rport=139 | protocol=6 | dir=out | app=system |

"{10FBFBFF-92C9-4D43-A055-64AD25D7F13D}" = rport=137 | protocol=17 | dir=out | app=system |

"{13099058-29A4-4DFC-B81E-CD1D4489185B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1F6FC048-A400-4673-969F-A2639D91AEBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{203874B8-C0FD-4D5F-A380-55B609FD31B2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{29703D81-787A-4D1E-8535-7A5CA495A988}" = lport=137 | protocol=17 | dir=in | app=system |

"{35503C42-F297-4851-819C-69804A751196}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{397E9A56-8593-403E-BED7-863473C970C2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{3AE84DD1-834B-4C61-9AB5-73338F6B5BB9}" = rport=445 | protocol=6 | dir=out | app=system |

"{43D3C266-9EFB-4F3A-ADC2-80D3DA90E23C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{4DE74282-58D6-4645-BCA2-9DFBFDC230EA}" = lport=445 | protocol=6 | dir=in | app=system |

"{55B88218-377D-4139-9A4D-83E0D58D335C}" = lport=138 | protocol=17 | dir=in | app=system |

"{6D49427E-0336-4154-9306-3504C06BC492}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{782719FC-708D-4EEF-B94B-4BBB8D640C98}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9A169ED0-B22E-4233-BF46-66EB2138FDFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B794E388-35FC-495D-88EB-5AD420C746DF}" = rport=138 | protocol=17 | dir=out | app=system |

"{C07ED11B-ABC7-4AA4-966C-BAC73C7CB14F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C38DA476-07F3-4424-8BFF-EA126893D636}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{CD711EAC-6FA8-46C3-9B6F-DDC37A0882F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{CE0ADA1C-2E01-4778-B2F1-8064F9488FFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D2F64948-4940-4A4D-B15F-E1A9772383DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{EF14EE58-0AEF-4637-A8D0-DB93908C2C1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F6322410-8FC3-4501-B209-85F1B9EE26E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{075831A9-2E5D-4A6D-B85A-66E5DD1EC963}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{08ABFDCC-74A7-4EDC-AFD3-EA2EB6CE42B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1ACE02D6-B4CD-40F0-A00B-5565165DCDBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1DAE53A6-B5B3-4B36-9B2F-05B895B0A841}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1F506B1F-2929-4530-BA68-16BA5BA736AE}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\7zs16f7\hppiw.exe |

"{280D1EF0-4FA0-4854-A532-A0EB425F60DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3029B265-66D3-4F71-BC91-D5EE2DFC71DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{34E51F09-BC09-431A-9C35-473954CEDB37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{38BE1285-500B-4EBB-B767-29303546D5DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{3EC604E1-84F7-4C93-A3C9-55A2B38CB8CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{46AE9073-12A3-4D9E-A9ED-DA75D883AB5C}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\7zs2e46\hppiw.exe |

"{4BFE54DD-9817-4317-BBFB-DA0E92F53514}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{68AF9366-0F6B-43F2-9006-21E40C2750A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6BB421F6-B47A-4F9F-B5D4-DC1A6FD9594B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6D6E3CC5-26CB-4898-AF8B-51E243230A90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{886D69ED-F144-41E8-8317-C04385206E4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8A66E927-FCD4-4C51-B949-2D367D882F5C}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |

"{8BAC93E8-A3DF-4FD3-9948-0E734516EEB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8C023313-3D5A-495F-9946-3E1AEB04AB05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8EC2891D-7011-49AA-9F86-36FEB46DA26F}" = protocol=6 | dir=out | app=system |

"{9539B8C2-F5C3-4883-9BA4-427F21FC075F}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\7zs2e46\hppiw.exe |

"{9883A783-6AA0-40A8-9859-4EAD1CBDABEF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{9B595D27-5806-475E-943C-2888DA1E8165}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{9D89966C-B81A-4E21-B63B-ABE0E7641651}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |

"{B3F137C6-4D15-4045-9545-3A8B405340F2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{BC150E02-BF19-4A24-90E3-64BBD4769665}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\7zs16f7\hppiw.exe |

"{CFC37D30-BC9B-44B6-A749-4AB4CB33D47E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E22018E0-46A2-4122-AD67-A75BD546AF98}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EFBAED35-F0AB-4FA2-A216-E3E9ED9E2082}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{F5848F0D-E1F4-42AD-AF24-28AC989577B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F5AC07F0-FA44-44D0-9495-1418AAA75A26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{FACAAED1-EA5A-4673-9281-8D7637BEF8A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FDF01D52-86F3-4D8F-91D1-26AFB3BF00A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{D927638D-507E-45D1-9C80-A0564815B7F4}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |

"UDP Query User{5B204574-474D-48AF-9821-72BD71CF3F1E}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}" = AMD Catalyst Install Manager

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{44302C2F-11BD-FC0C-555C-4A3616E8D927}" = ccc-utility64

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{C9270CB8-7F02-D437-EF1D-3924DB369CFE}" = AMD AVIVO64 Codecs

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CutePDF Writer Installation" = CutePDF Writer 3.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00CC71D6-D10E-CD8C-9987-2B21CD89F3B8}" = CCC Help Korean

"{08957908-A58B-21C2-2FF4-CCDC302C319C}" = Catalyst Control Center InstallProxy

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{153286B6-8551-645B-B1AE-C90744899465}" = CCC Help Thai

"{1865CA20-6CA0-2B47-10FB-079D442A0AC4}" = CCC Help Czech

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FAC373D-3564-698C-520D-F0E5E5447514}" = Catalyst Control Center

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2E2C9814-436A-A62D-65B4-5B282B2433E3}" = CCC Help Italian

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34363EEA-096F-5942-7AB8-71035D22CBEF}" = CCC Help English

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader

"{4554C679-5E8A-736B-2077-BCB6FE44F444}" = CCC Help German

"{517FBD21-11B8-C5C6-A117-407A92ADBF21}" = CCC Help Greek

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{583D68F8-9D9A-76CB-DDCB-5B135CFA73C1}" = CCC Help Portuguese

"{5D9E8D1D-9C13-4EA3-2FBF-5BC16B309859}" = CCC Help Swedish

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{70F7F759-6F96-490A-7C83-87F7B3E6DE59}" = CCC Help Chinese Standard

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76BD5955-2A21-A049-4B25-241E107B5D1E}" = CCC Help Turkish

"{7A036E28-AE5C-4662-B24F-8D8B65116F3C}" = Catalyst Control Center - Branding

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{810ADC23-569C-EBB9-015F-DA6658FDC380}" = CCC Help Chinese Traditional

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84F52EFF-C6BB-80E5-0294-3FF7927054E1}" = CCC Help Norwegian

"{856D3E24-0DB4-1C23-8196-3F899C866259}" = Catalyst Control Center Localization All

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DED2990-A33F-E54F-7F8A-8B7622E19D0D}" = CCC Help Polish

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DEAF9B4-3967-DEC7-4721-2624D7A52330}" = CCC Help French

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A69F04D1-01E7-F06E-BD5C-AA5BB72A5124}" = CCC Help Japanese

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI

"{ADF06D43-D3D3-C38F-4627-177BAC9D4C76}" = CCC Help Spanish

"{B9C42CED-B790-78F6-3C25-6C3EE07EE765}" = CCC Help Hungarian

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CD144FE2-58C1-603B-9BD8-A39096D1D9A3}" = CCC Help Danish

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5EB832B-F953-A1BC-B9B4-9EBEBD17D3FB}" = CCC Help Russian

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEFD0E9E-5A6D-34C8-8338-DF2E7770D0FA}" = CCC Help Finnish

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F9145944-F223-777C-CBBE-FF35ED649ACE}" = CCC Help Dutch

"{F91BF1B5-4213-440C-8539-C6EB2F1D1734}" = Dell Digital Delivery

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Audacity_is1" = Audacity 2.0.2

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity

"foobar2000" = foobar2000 v1.1.17 beta 1

"FreeFileSync" = FreeFileSync 5.9

"Google Calendar Sync" = Google Calendar Sync

"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader

"IrfanView" = IrfanView (remove only)

"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15

"LAME_is1" = LAME v3.99.3 (for Windows)

"Logitech Media Server_is1" = Logitech Media Server 7.7.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1

"MSC" = McAfee SecurityCenter

"PROR" = Microsoft Office Professional 2007

"WinLiveSuite" = Windows Live Essentials

"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/11/2012 10:15:24 AM | Computer Name = David-Office | Source = WinMgmt | ID = 10

Description =

Error - 11/12/2012 4:14:36 AM | Computer Name = David-Office | Source = MsiInstaller | ID = 11935

Description =

Error - 11/12/2012 4:33:43 AM | Computer Name = David-Office | Source = WinMgmt | ID = 10

Description =

Error - 11/12/2012 5:02:15 AM | Computer Name = David-Office | Source = DellDigitalDelivery | ID = 0

Description = Failed in handling the PowerEvent. The error that occurred was: System.InvalidOperationException:

Collection was modified; enumeration operation may not execute. at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource

resource) at Dell.Svdc.ClientFulfillmentService.UiWcfSession.ShutDownTrayAppAndDisposeOfClients()

at Dell.Svdc.ClientFulfillmentService.ClientFulfillmentService.OnPowerEvent(PowerBroadcastStatus

powerStatus) at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType,

IntPtr eventData).

[ System Events ]

Error - 11/25/2012 11:54:57 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7031

Description = The McAfee McShield service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.

Error - 11/26/2012 12:39:57 AM | Computer Name = David-Office | Source = Service Control Manager | ID = 7034

Description = The Dell Digital Delivery Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 11/26/2012 6:01:57 AM | Computer Name = David-Office | Source = Service Control Manager | ID = 7034

Description = The Dell Digital Delivery Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 11/26/2012 5:38:59 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7034

Description = The Dell Digital Delivery Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 11/26/2012 5:46:06 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7034

Description = The Dell Digital Delivery Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 11/26/2012 6:10:12 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/26/2012 6:11:50 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/26/2012 6:11:54 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/26/2012 6:14:58 PM | Computer Name = David-Office | Source = Service Control Manager | ID = 7034

Description = The Dell Digital Delivery Service service terminated unexpectedly.

It has done this 1 time(s).

< End of report >

Link to post
Share on other sites

MBAR log files:

mbar-log-2012-11-28 (12-40-58).txt:

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.28.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

David :: DAVID-OFFICE [administrator]

11/28/2012 12:40:58 PM

mbar-log-2012-11-28 (12-40-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 25027

Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

=======================================================================================================

system-log.txt:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.395000 GHz

Memory total: 8548933632, free: 6982688768

------------ Kernel report ------------

11/28/2012 12:34:43

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\iusb3hcs.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\iusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\btath_bus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\iusb3hub.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btath_rcp.sys

\SystemRoot\system32\drivers\btath_avdt.sys

\SystemRoot\system32\drivers\btath_a2dp.sys

\SystemRoot\system32\DRIVERS\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\c:\program files\dell support center\pcdsrvc_x64.pkms

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\urlmon.dll

\Windows\System32\msvcrt.dll

\Windows\System32\normaliz.dll

\Windows\System32\difxapi.dll

\Windows\System32\wininet.dll

\Windows\System32\shell32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\gdi32.dll

\Windows\System32\user32.dll

\Windows\System32\iertutil.dll

\Windows\System32\psapi.dll

\Windows\System32\lpk.dll

\Windows\System32\nsi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\advapi32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\clbcatq.dll

\Windows\System32\usp10.dll

\Windows\System32\ole32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\kernel32.dll

\Windows\System32\imm32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\sechost.dll

\Windows\System32\msctf.dll

\Windows\System32\setupapi.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR9

Upper Device Object: 0xfffffa80169d0060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000a7\

Lower Device Object: 0xfffffa801668a060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk8\DR8

Upper Device Object: 0xfffffa80135b8060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000090\

Lower Device Object: 0xfffffa8013478b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk7\DR7

Upper Device Object: 0xfffffa80135b7060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008f\

Lower Device Object: 0xfffffa80135b4b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR6

Upper Device Object: 0xfffffa80135b3060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008e\

Lower Device Object: 0xfffffa801347eb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa80135b6060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xfffffa801346eb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8010a0c060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800715d050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.28.07

Downloaded database version: v2012.11.27.01

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8010a0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80076aab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8010a0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800715d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a00997ad60, 0xfffffa8010a0c060, 0xfffffa8017647290

Lower DeviceData: 0xfffff8a0208534e0, 0xfffffa800715d050, 0xfffffa8017b98a90

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 37B198F1

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 81920 Numsec = 25690112

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 25772032 Numsec = 3881246720

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000396619264 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-3907004647-3907024647)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa80169d0060, DeviceName: \Device\Harddisk1\DR9\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8013ead0e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80169d0060, DeviceName: \Device\Harddisk1\DR9\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa801668a060, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa80135b6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80135b6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80135b6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa801346eb60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 6, DevicePointer: 0xfffffa80135b3060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80135b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80135b3060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa801347eb60, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 7, DevicePointer: 0xfffffa80135b7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80135b7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80135b7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80135b4b60, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 8, DevicePointer: 0xfffffa80135b8060, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80135b8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80135b8060, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8013478b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

Here goes:

OTL.txt part 1:

OTL logfile created on: 11/28/2012 8:42:11 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.41% Memory free

15.92 Gb Paging File | 12.93 Gb Available in Paging File | 81.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1850.72 Gb Total Space | 1726.14 Gb Free Space | 93.27% Space Free | Partition Type: NTFS

Drive I: | 30.20 Gb Total Space | 29.62 Gb Free Space | 98.07% Space Free | Partition Type: FAT32

Drive U: | 1863.01 Gb Total Space | 1033.07 Gb Free Space | 55.45% Space Free | Partition Type: NTFS

Computer Name: DAVID-OFFICE | User Name: David | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 08:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

PRC - [2012/11/11 02:06:52 | 014,032,993 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/17 01:33:34 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2012/01/21 11:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/01/21 11:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/12/29 18:12:06 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011/12/26 20:53:00 | 000,076,960 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/15 00:57:12 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8bb44e1dd221cada48308ce5f5d20561\IAStorUtil.ni.dll

MOD - [2012/11/15 00:57:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0461c2bf4c5b235c0ca1d923c10d6849\IAStorCommon.ni.dll

MOD - [2012/11/15 00:14:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/15 00:14:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/15 00:14:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/15 00:14:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012/11/15 00:14:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/15 00:14:10 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/15 00:14:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/15 00:14:06 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2011/10/26 14:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/03/08 17:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/11/11 02:06:52 | 014,032,993 | ---- | M] () [Auto | Running] -- C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe -- (squeezesvc)

SRV - [2012/11/02 15:11:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/09 10:22:48 | 000,173,568 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/27 06:32:34 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\David\AppData\Local\Temp\7zS16F7\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012/01/21 11:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/01/21 11:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011/12/29 18:12:06 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)

SRV - [2011/12/29 17:53:48 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2011/12/26 20:53:00 | 000,076,960 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)

SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/02 17:00:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/11/02 17:00:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/11/02 17:00:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/09/04 00:50:20 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)

DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/02/01 18:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2011/12/29 18:02:50 | 000,548,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011/12/29 18:02:24 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011/12/29 18:02:12 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011/12/29 18:01:42 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011/12/29 18:01:24 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011/12/29 18:01:12 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011/12/29 18:00:54 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2011/12/29 18:00:42 | 000,338,592 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011/12/13 11:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/11/24 02:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/10/26 15:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/10/26 13:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/10/18 05:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4B859847-F617-49DD-9DB7-B8746DBA5905}

IE:64bit: - HKLM\..\SearchScopes\{4B859847-F617-49DD-9DB7-B8746DBA5905}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {4B859847-F617-49DD-9DB7-B8746DBA5905}

IE - HKLM\..\SearchScopes\{4B859847-F617-49DD-9DB7-B8746DBA5905}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:Tabs [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKCU\..\SearchScopes,DefaultScope = {4B859847-F617-49DD-9DB7-B8746DBA5905}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/13 09:23:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/13 21:35:47 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121110234248.dll (McAfee, Inc.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121110234248.dll (McAfee, Inc.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C708C6C8-AA35-497C-9F47-265D94DEE69F}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 08:37:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

[2012/11/28 08:37:13 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\repair 11-28-12

[2012/11/27 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/11/27 12:22:05 | 000,000,000 | ---D | C] -- C:\FRST

[2012/11/27 09:27:50 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine

[2012/11/27 09:26:48 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2012/11/26 19:37:00 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Trojan Ransom

[2012/11/26 17:42:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes

[2012/11/26 17:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/26 17:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/26 17:42:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/11/26 17:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/26 17:06:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/26 17:06:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/26 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\My SureThing Projects

[2012/11/26 12:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Staples CD Labeler v5

[2012/11/26 11:58:04 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\MicroVision Applications

[2012/11/26 11:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SureThing Shared

[2012/11/26 11:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Staples CD Labeler

[2012/11/25 15:00:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\FreeFileSync

[2012/11/25 12:03:08 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\FreeFileSync

[2012/11/25 12:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync

[2012/11/25 12:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileSync

[2012/11/25 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\CrashDumps

[2012/11/25 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012/11/25 08:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012/11/24 17:25:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Apps

[2012/11/24 13:47:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan

[2012/11/24 13:47:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Canon

[2012/11/24 13:28:19 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Trio Kinsky,Quatuor Prazak - Musique de chambre - vol.3

[2012/11/24 12:26:30 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Chandos CHSA 5094-Delius VC Little

[2012/11/19 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ffmpeg For Audacity

[2012/11/19 20:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity

[2012/11/19 19:49:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Audacity

[2012/11/19 19:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2012/11/18 23:55:02 | 000,000,000 | ---D | C] -- C:\Programs

[2012/11/18 23:14:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView

[2012/11/18 23:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView

[2012/11/18 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\EAC

[2012/11/18 22:29:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\AccurateRip

[2012/11/18 22:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy

[2012/11/18 22:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy

[2012/11/18 20:53:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2012/11/18 20:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows

[2012/11/18 20:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center

[2012/11/18 19:15:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Dell

[2012/11/18 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\PCDr

[2012/11/18 19:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr

[2012/11/18 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Dell Edoc Viewer

[2012/11/15 16:02:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\CutePDF Writer

[2012/11/15 14:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS

[2012/11/15 14:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF

[2012/11/15 14:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software

[2012/11/15 10:42:17 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Style Manuals

[2012/11/15 08:34:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics

[2012/11/15 08:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2012/11/15 00:09:08 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/11/15 00:09:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/11/15 00:06:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/11/15 00:06:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/11/15 00:06:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/11/15 00:06:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/11/15 00:06:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/11/15 00:06:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/11/15 00:06:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/11/15 00:06:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/11/15 00:06:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/11/15 00:06:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/11/15 00:06:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/11/15 00:06:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/11/15 00:06:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/11/15 00:06:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/11/15 00:06:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/11/15 00:05:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/11/15 00:05:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/11/15 00:05:20 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/11/15 00:05:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/11/15 00:04:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/11/15 00:04:37 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012/11/15 00:04:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012/11/15 00:04:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012/11/14 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\foobar2000

[2012/11/14 20:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000

[2012/11/14 08:56:50 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/14 08:56:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/14 08:56:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/14 08:56:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/14 08:56:44 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/14 08:56:44 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/14 08:56:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/14 08:56:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/14 08:56:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/14 08:56:32 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/14 08:56:32 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/11/14 00:59:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Diagnostics

[2012/11/14 00:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Media Server

[2012/11/14 00:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Squeezebox

[2012/11/14 00:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Squeezebox

[2012/11/13 21:48:58 | 000,000,000 | ---D | C] -- C:\updates

[2012/11/13 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Google

[2012/11/13 19:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/11/13 09:23:58 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys

[2012/11/12 13:07:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Adobe

[2012/11/12 12:48:36 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Cannon

[2012/11/12 12:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON

[2012/11/12 12:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2012/11/12 12:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series

[2012/11/12 12:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2012/11/12 12:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities

[2012/11/12 12:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool

[2012/11/12 12:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

[2012/11/12 12:44:55 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC870L.dll

[2012/11/12 12:44:55 | 000,102,400 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC870U.dll

[2012/11/12 12:44:55 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll

[2012/11/12 12:41:02 | 000,366,592 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL

[2012/11/12 12:41:02 | 000,359,936 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL

[2012/11/12 12:41:02 | 000,039,424 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL

[2012/11/12 12:41:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING

[2012/11/12 12:40:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/11/12 12:40:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information

[2012/11/12 12:40:05 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA7.DLL

[2012/11/12 12:40:00 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmTH.DLL

[2012/11/12 12:40:00 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmKR.DLL

[2012/11/12 12:40:00 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmTW.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmUS.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmSE.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmRU.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmPT.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmPL.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmNL.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmIT.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmID.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmGR.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmFR.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmFI.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmES.DLL

[2012/11/12 12:39:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmDE.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmTR.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmNO.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmJP.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmHU.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmDK.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmCZ.DLL

[2012/11/12 12:39:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmAR.DLL

[2012/11/12 12:39:59 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLmCN.DLL

[2012/11/12 12:39:58 | 000,343,552 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Lm.DLL

[2012/11/12 12:39:58 | 000,182,272 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSm.EXE

[2012/11/12 12:39:56 | 000,245,760 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUA7.DLL

[2012/11/12 12:39:52 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2012/11/12 03:31:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2012/11/12 03:31:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2012/11/12 03:04:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Skype

[2012/11/11 19:44:13 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\new computer

[2012/11/11 19:43:40 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe

[2012/11/11 09:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery

[2012/11/11 07:58:27 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Word Processing

[2012/11/11 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Travel

[2012/11/11 07:54:42 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\TomTom

[2012/11/11 07:54:31 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\To Do

[2012/11/11 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\to deskktop

[2012/11/11 07:53:13 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\System Utilities

[2012/11/11 07:53:12 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony PMB

[2012/11/11 07:53:12 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Reflect

[2012/11/11 07:52:43 | 000,000,000 | R--D | C] -- C:\Users\David\Documents\Receipts

[2012/11/11 07:52:24 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\PW

[2012/11/11 07:47:58 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\My Scans

[2012/11/11 07:31:02 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2012/11/11 07:31:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2012/11/11 07:31:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/11/11 07:31:00 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/11/11 07:31:00 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/11/11 07:30:58 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2012/11/11 07:30:58 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2012/11/11 07:30:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/11/11 07:30:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/11/11 07:30:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/11/11 07:30:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/11/11 07:30:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/11/11 07:30:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/11/11 07:30:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/11/11 07:30:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/11/11 07:30:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/11/11 07:30:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/11/11 07:30:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/11/11 07:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/11/11 07:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/11/11 07:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/11/11 07:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/11/11 07:30:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/11/11 07:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/11/11 07:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/11/11 07:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/11/11 07:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/11/11 07:30:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/11/11 07:30:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/11/11 07:30:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/11/11 07:30:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/11/11 07:30:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/11/11 07:30:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/11/11 07:30:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/11/11 07:30:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/11/11 07:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/11/11 07:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/11/11 07:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/11/11 07:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/11/11 07:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/11/11 07:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/11/11 07:30:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/11/11 07:30:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/11/11 07:30:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/11/11 07:30:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/11/11 07:30:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/11/11 07:30:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/11/11 07:30:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/11/11 07:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/11/11 07:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/11/11 07:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/11/11 07:30:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/11/11 07:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/11/11 07:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/11/11 07:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/11/11 07:30:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/11/11 07:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/11/11 07:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/11/11 07:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/11/11 07:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/11/11 07:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/11/11 07:30:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/11/11 07:30:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/11/11 07:30:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/11/11 07:30:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/11/11 07:30:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/11/11 07:30:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/11/11 07:30:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/11/11 07:30:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/11/11 07:30:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/11/11 07:30:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/11/11 07:30:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/11/11 07:30:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/11/11 07:30:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/11/11 07:30:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/11/11 07:30:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/11/11 07:30:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/11/11 07:30:25 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/11/11 07:30:24 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/11/11 07:30:24 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/11/11 07:30:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/11/11 07:28:38 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012/11/11 07:28:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/11/11 07:28:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012/11/11 07:28:18 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012/11/11 07:28:17 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012/11/11 07:28:07 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2012/11/11 07:28:03 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012/11/11 07:28:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/11/11 07:28:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012/11/11 07:28:00 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/11/11 07:28:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/11/10 23:13:32 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\My Digital Editions

[2012/11/10 22:45:57 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Music

[2012/11/10 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Install programs

[2012/11/10 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\InfoSelect

[2012/11/10 22:42:49 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Info Select_8

[2012/11/10 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\home tech

[2012/11/10 22:39:03 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\gardening

[2012/11/10 22:37:08 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Audio

[2012/11/10 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\fonts

[2012/11/10 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Everio MediaBrowser 4

[2012/11/10 22:34:34 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Elissa's Music

[2012/11/10 22:34:10 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\DVD Copy software

[2012/11/10 22:33:35 | 000,000,000 | R--D | C] -- C:\Users\David\Documents\Dropbox

[2012/11/10 22:22:27 | 000,000,000 | R--D | C] -- C:\Users\David\Documents\David's old docs

[2012/11/10 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Corel User Files

[2012/11/10 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Blackberry backups

[2012/11/10 22:20:27 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Avery Templates

[2012/11/10 22:19:30 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AntiVirus stuff

[2012/11/10 22:19:30 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Anti-Malware

[2012/11/10 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Amazon Downloads

[2012/11/10 20:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012/11/10 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2012/11/10 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2012/11/10 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012/11/10 20:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012/11/10 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Microsoft Help

[2012/11/10 20:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012/11/10 20:45:49 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012/11/10 18:10:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Macromedia

[2012/11/10 18:10:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Adobe

[2012/11/10 18:03:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\MigWiz

[2012/11/10 18:01:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Intel Corporation

[2012/11/10 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\BMExplorer

[2012/11/10 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Bluetooth Folder

[2012/11/10 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ATI

[2012/11/10 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ATI

[2012/11/10 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Atheros

[2012/11/10 18:00:29 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/11/10 18:00:28 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/11/10 18:00:28 | 000,000,000 | R--D | C] -- C:\Users\David\Searches

[2012/11/10 18:00:28 | 000,000,000 | -H-D | C] -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/11/10 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Identities

[2012/11/10 18:00:21 | 000,000,000 | R--D | C] -- C:\Users\David\Contacts

[2012/11/10 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\VirtualStore

[2012/11/10 17:56:50 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/11/10 17:56:50 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/11/10 17:56:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/11/10 17:56:10 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012/11/10 17:56:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012/11/10 17:56:10 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012/11/10 17:56:09 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/11/10 17:56:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/11/10 17:55:45 | 000,000,000 | --SD | C] -- C:\Users\David\AppData\Roaming\Microsoft

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Videos

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Saved Games

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Pictures

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Music

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Links

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Favorites

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Downloads

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Documents

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\Desktop

[2012/11/10 17:55:45 | 000,000,000 | R--D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Temporary Internet Files

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Templates

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Start Menu

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\SendTo

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Recent

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\PrintHood

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\NetHood

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\My Videos

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\My Pictures

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Documents\My Music

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\My Documents

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Local Settings

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\History

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Cookies

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\Application Data

[2012/11/10 17:55:45 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Local\Application Data

[2012/11/10 17:55:45 | 000,000,000 | -H-D | C] -- C:\Users\David\AppData

[2012/11/10 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Temp

[2012/11/10 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\SoftThinks

[2012/11/10 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Microsoft

[2012/11/10 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Media Center Programs

[2012/11/02 17:05:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs

[2012/11/02 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/11/02 17:05:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/11/02 17:04:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2012/11/02 17:01:02 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2012/11/02 17:01:02 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2012/11/02 17:01:01 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2012/11/02 17:01:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2012/11/02 17:01:01 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2012/11/02 17:01:01 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2012/11/02 17:01:01 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2012/11/02 17:01:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2012/11/02 17:01:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2012/11/02 17:01:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2012/11/02 17:01:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2012/11/02 17:01:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2012/11/02 17:01:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2012/11/02 17:01:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2012/11/02 17:01:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2012/11/02 17:01:00 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2012/11/02 17:01:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2012/11/02 17:00:59 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2012/11/02 17:00:59 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2012/11/02 17:00:59 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2012/11/02 17:00:59 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2012/11/02 17:00:59 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2012/11/02 17:00:59 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2012/11/02 17:00:59 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2012/11/02 17:00:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2012/11/02 17:00:59 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2012/11/02 17:00:58 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/11/02 17:00:58 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/11/02 17:00:58 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/11/02 17:00:58 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2012/11/02 17:00:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2012/11/02 17:00:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012/11/02 17:00:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2012/11/02 17:00:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2012/11/02 17:00:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/11/02 17:00:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2012/11/02 17:00:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/11/02 17:00:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012/11/02 17:00:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012/11/02 17:00:57 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012/11/02 17:00:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2012/11/02 17:00:57 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2012/11/02 17:00:57 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2012/11/02 17:00:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2012/11/02 17:00:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012/11/02 17:00:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012/11/02 17:00:56 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/11/02 17:00:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/11/02 17:00:55 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/11/02 17:00:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/11/02 17:00:55 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/11/02 17:00:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012/11/02 17:00:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012/11/02 17:00:53 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012/11/02 17:00:53 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012/11/02 17:00:53 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012/11/02 17:00:53 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll

[2012/11/02 17:00:53 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2012/11/02 17:00:53 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2012/11/02 17:00:53 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll

[2012/11/02 17:00:53 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2012/11/02 17:00:53 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2012/11/02 17:00:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2012/11/02 17:00:53 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2012/11/02 17:00:53 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2012/11/02 17:00:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2012/11/02 17:00:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2012/11/02 17:00:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2012/11/02 17:00:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/11/02 17:00:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2012/11/02 17:00:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2012/11/02 17:00:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2012/11/02 17:00:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2012/11/02 17:00:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2012/11/02 17:00:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/11/02 17:00:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/11/02 17:00:52 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2012/11/02 17:00:52 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2012/11/02 17:00:52 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/11/02 17:00:52 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012/11/02 17:00:52 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2012/11/02 17:00:52 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2012/11/02 17:00:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2012/11/02 17:00:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2012/11/02 17:00:52 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2012/11/02 17:00:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012/11/02 17:00:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012/11/02 17:00:51 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2012/11/02 17:00:51 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2012/11/02 17:00:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2012/11/02 17:00:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2012/11/02 17:00:51 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2012/11/02 17:00:50 | 003,958,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe

[2012/11/02 17:00:50 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2012/11/02 17:00:50 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2012/11/02 17:00:50 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2012/11/02 17:00:50 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2012/11/02 17:00:50 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2012/11/02 17:00:50 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2012/11/02 17:00:50 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll

[2012/11/02 17:00:50 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll

[2012/11/02 17:00:50 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2012/11/02 17:00:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2012/11/02 17:00:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2012/11/02 17:00:50 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2012/11/02 17:00:50 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2012/11/02 17:00:50 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2012/11/02 17:00:49 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2012/11/02 17:00:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL

[2012/11/02 17:00:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAL.DLL

[2012/11/02 17:00:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINDEV.DLL

[2012/11/02 17:00:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINPUN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAL.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINGUJ.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINEN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINDEV.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE2.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE1.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINASA.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINPUN.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINGUJ.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE2.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE1.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINASA.DLL

[2012/11/02 17:00:47 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2012/11/02 17:00:47 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2012/11/02 16:57:24 | 000,000,000 | ---D | C] -- C:\Apps

[2012/11/02 16:50:03 | 000,568,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys

[2012/11/02 16:50:00 | 000,331,264 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys

[2012/11/02 16:50:00 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll

[2012/11/02 16:49:22 | 000,648,808 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2012/11/02 16:49:22 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll

[2012/11/02 16:49:22 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll

[2012/11/02 16:49:20 | 002,615,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2012/11/02 16:49:20 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/11/02 16:49:20 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2012/11/02 16:49:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/11/02 16:49:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/11/02 16:49:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/11/02 16:49:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/11/02 16:49:19 | 003,745,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2012/11/02 16:49:19 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2012/11/02 16:49:19 | 000,823,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2012/11/02 16:49:19 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll

[2012/11/02 16:49:19 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/11/02 16:49:19 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2012/11/02 16:49:19 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/11/02 16:49:19 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/11/02 16:49:19 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/11/02 16:49:19 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2012/11/02 16:49:19 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/11/02 16:49:19 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/11/02 16:49:19 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll

[2012/11/02 16:49:18 | 002,765,312 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCORES64.dat

[2012/11/02 16:49:18 | 000,894,040 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll

[2012/11/02 16:49:18 | 000,750,680 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll

[2012/11/02 16:49:18 | 000,626,264 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll

[2012/11/02 16:49:18 | 000,561,240 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll

[2012/11/02 16:49:18 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2012/11/02 16:49:18 | 000,100,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll

Link to post
Share on other sites

OTL.txt part 2:

[2012/11/02 16:49:18 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll

[2012/11/02 16:49:18 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll

[2012/11/02 16:49:18 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll

[2012/11/02 16:49:17 | 005,996,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2012/11/02 16:49:17 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/11/02 16:49:17 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll

[2012/11/02 16:49:17 | 000,955,736 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll

[2012/11/02 16:49:17 | 000,569,688 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll

[2012/11/02 16:49:17 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2012/11/02 16:49:17 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/11/02 16:49:15 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/11/02 16:49:15 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012/11/02 16:49:15 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012/11/02 16:49:15 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012/11/02 16:49:15 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012/11/02 16:49:15 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2012/11/02 16:49:15 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012/11/02 16:49:15 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012/11/02 16:49:15 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012/11/02 16:49:15 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012/11/02 16:49:15 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012/11/02 16:49:15 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012/11/02 16:49:15 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2012/11/02 16:49:15 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2012/11/02 16:49:14 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2012/11/02 16:49:10 | 004,353,536 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll

[2012/11/02 16:49:10 | 004,189,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll

[2012/11/02 16:49:10 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll

[2012/11/02 16:49:10 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll

[2012/11/02 16:49:10 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll

[2012/11/02 16:49:10 | 000,093,712 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys

[2012/11/02 16:49:10 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll

[2012/11/02 16:49:10 | 000,040,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll

[2012/11/02 16:49:10 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll

[2012/11/02 16:49:09 | 018,757,120 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll

[2012/11/02 16:49:09 | 005,510,144 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll

[2012/11/02 16:49:09 | 004,044,288 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll

[2012/11/02 16:49:09 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll

[2012/11/02 16:49:09 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll

[2012/11/02 16:49:09 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe

[2012/11/02 16:49:09 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll

[2012/11/02 16:49:09 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe

[2012/11/02 16:49:09 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll

[2012/11/02 16:49:09 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll

[2012/11/02 16:49:08 | 024,866,816 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll

[2012/11/02 16:49:08 | 000,326,656 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys

[2012/11/02 16:49:08 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll

[2012/11/02 16:49:08 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll

[2012/11/02 16:49:08 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll

[2012/11/02 16:49:08 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll

[2012/11/02 16:49:08 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll

[2012/11/02 16:49:07 | 010,496,512 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys

[2012/11/02 16:49:07 | 000,517,120 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe

[2012/11/02 16:49:07 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe

[2012/11/02 16:49:07 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll

[2012/11/02 16:49:07 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll

[2012/11/02 16:49:07 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll

[2012/11/02 16:49:07 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll

[2012/11/02 16:49:07 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll

[2012/11/02 16:49:07 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll

[2012/11/02 16:49:06 | 005,041,664 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll

[2012/11/02 16:49:06 | 004,292,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll

[2012/11/02 16:49:06 | 000,892,416 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll

[2012/11/02 16:49:06 | 000,748,544 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll

[2012/11/02 16:49:06 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll

[2012/11/02 16:49:06 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll

[2012/11/02 16:49:06 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll

[2012/11/02 16:49:05 | 009,978,880 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll

[2012/11/02 16:49:05 | 008,449,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll

[2012/11/02 16:49:05 | 000,486,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll

[2012/11/02 16:49:05 | 000,339,968 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll

[2012/11/02 16:49:05 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe

[2012/11/02 16:49:05 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe

[2012/11/02 16:49:05 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll

[2012/11/02 16:49:05 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll

[2012/11/02 16:49:05 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll

[2012/11/02 16:49:05 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll

[2012/11/02 16:47:54 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/11/02 16:47:54 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/11/02 16:47:54 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/11/02 16:47:54 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/11/02 16:47:54 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/11/02 16:47:54 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/11/02 16:47:54 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/11/02 16:47:54 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/11/02 16:47:54 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/11/02 16:47:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/11/02 16:47:54 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/11/02 16:47:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/11/02 16:47:54 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/11/02 16:47:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/11/02 16:47:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/11/02 16:47:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/11/02 16:47:54 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/11/02 16:47:54 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/11/02 16:47:54 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/11/02 16:47:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/11/02 16:47:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/11/02 16:47:54 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/11/02 16:47:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/11/02 16:47:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/11/02 16:47:54 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/11/02 16:47:54 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/11/02 16:47:54 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/11/02 16:47:54 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/11/02 16:47:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/11/02 16:47:54 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/11/02 16:47:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/11/02 16:47:54 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/11/02 16:47:54 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/11/02 16:47:54 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/11/02 16:47:54 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/11/02 16:47:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/11/02 16:47:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/11/02 16:47:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/11/02 16:47:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/11/02 16:47:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/11/02 16:47:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/11/02 16:47:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/11/02 16:47:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/11/02 16:47:54 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/11/02 16:47:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/11/02 16:47:54 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/11/02 16:47:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/11/02 16:47:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/11/02 16:47:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/11/02 16:47:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/11/02 16:47:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/11/02 16:47:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/11/02 16:47:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/11/02 16:47:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/11/02 16:47:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/11/02 16:47:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/11/02 16:47:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/11/02 16:45:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem

[2012/11/02 16:45:50 | 000,000,000 | ---D | C] -- C:\Drivers

[2012/11/02 15:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros

[2012/11/02 15:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation

[2012/11/02 15:37:29 | 000,010,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys

[2012/11/02 15:37:27 | 000,177,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe

[2012/11/02 15:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mcafee.com

[2012/11/02 15:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\mcafee

[2012/11/02 15:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\mcafee.com

[2012/11/02 15:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\mcafee

[2012/11/02 15:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee

[2012/11/02 15:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mcafee

[2012/11/02 15:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/11/02 15:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/11/02 15:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/11/02 15:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/11/02 15:36:02 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/11/02 15:35:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012/11/02 15:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2012/11/02 15:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2012/11/02 15:35:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012/11/02 15:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/11/02 15:34:35 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll

[2012/11/02 15:34:35 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2012/11/02 15:34:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2012/11/02 15:34:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2012/11/02 15:33:36 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll

[2012/11/02 15:33:36 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2012/11/02 15:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/11/02 15:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/11/02 15:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2012/11/02 15:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012/11/02 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBay

[2012/11/02 15:31:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/11/02 15:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/02 15:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/11/02 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/11/02 15:28:44 | 000,151,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WimFltr.sys

[2012/11/02 15:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

[2012/11/02 15:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot

[2012/11/02 15:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net

[2012/11/02 15:26:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program

[2012/11/02 15:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros

[2012/11/02 15:25:57 | 002,797,056 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys

[2012/11/02 15:25:57 | 002,797,056 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys

[2012/11/02 15:25:57 | 000,442,528 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll

[2012/11/02 15:25:57 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll

[2012/11/02 15:25:57 | 000,000,000 | ---D | C] -- C:\Windows\Options

[2012/11/02 15:25:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO

[2012/11/02 15:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Wireless

[2012/11/02 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2012/11/02 15:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell

[2012/11/02 15:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Card Reader(9106)

[2012/11/02 15:24:17 | 000,041,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\USB3Ver.dll

[2012/11/02 15:24:16 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll

[2012/11/02 15:24:16 | 000,787,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3xhc.sys

[2012/11/02 15:24:16 | 000,356,120 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hub.sys

[2012/11/02 15:24:16 | 000,016,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hcs.sys

[2012/11/02 15:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel

[2012/11/02 15:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2012/11/02 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent

[2012/11/02 15:23:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

[2012/11/02 15:21:05 | 000,000,000 | ---D | C] -- C:\Intel

[2012/11/02 15:21:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2012/11/02 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

[2012/11/02 15:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/11/02 15:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/11/02 15:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/11/02 15:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2012/11/02 15:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2012/11/02 15:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2012/11/02 15:11:05 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/11/02 15:11:05 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/11/02 15:11:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2012/11/02 15:11:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/11/02 15:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Inc

[2012/11/02 15:08:54 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2012/11/02 15:08:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2012/11/02 15:08:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/10/31 15:10:00 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll

[2012/10/31 15:10:00 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll

[2012/10/31 15:10:00 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll

[2012/10/31 15:10:00 | 000,158,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl100.dll

[2012/10/31 15:10:00 | 000,138,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll

========== Files - Modified Within 30 Days ==========

[2012/11/28 08:04:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/28 08:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/28 08:02:24 | 012,961,620 | ---- | M] () -- C:\Users\David\Desktop\mbar-1.01.0.1009.zip

[2012/11/28 08:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

[2012/11/27 09:34:02 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/27 09:34:02 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/27 09:31:01 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/27 09:31:01 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/27 09:31:01 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/27 09:26:29 | 2116,730,879 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/27 01:45:02 | 000,752,128 | ---- | M] () -- C:\Users\David\Desktop\RogueKiller.exe

[2012/11/26 17:42:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/26 13:46:43 | 000,292,213 | ---- | M] () -- C:\Users\David\Desktop\12402(023)D Kaplan 11-20-12 annotated.pdf

[2012/11/26 13:10:00 | 000,288,172 | ---- | M] () -- C:\Users\David\Desktop\12402(023)D Kaplan 11-20-12.pdf

[2012/11/26 12:59:42 | 000,314,487 | ---- | M] () -- C:\Users\David\Desktop\Eudoxie_Intake_pdf.pdf

[2012/11/26 06:19:59 | 000,002,066 | ---- | M] () -- C:\Users\David\Desktop\Logitech Control Panel.lnk

[2012/11/26 06:02:42 | 000,001,558 | ---- | M] () -- C:\Users\David\Desktop\Receipts 2012.lnk

[2012/11/26 06:02:42 | 000,001,445 | ---- | M] () -- C:\Users\David\Desktop\DVD Copy software.lnk

[2012/11/26 06:02:42 | 000,001,436 | ---- | M] () -- C:\Users\David\Desktop\System Utilities.lnk

[2012/11/26 06:02:42 | 000,001,373 | ---- | M] () -- C:\Users\David\Desktop\home tech.lnk

[2012/11/26 06:02:42 | 000,001,344 | ---- | M] () -- C:\Users\David\Desktop\Travel.lnk

[2012/11/26 06:02:42 | 000,001,335 | ---- | M] () -- C:\Users\David\Desktop\To Do.lnk

[2012/11/26 06:02:42 | 000,001,333 | ---- | M] () -- C:\Users\David\Desktop\Music.lnk

[2012/11/26 06:02:42 | 000,001,211 | ---- | M] () -- C:\Users\David\Desktop\Downloads.lnk

[2012/11/25 12:01:35 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk

[2012/11/24 23:18:59 | 000,000,846 | ---- | M] () -- C:\Users\David\Desktop\RarZilla.lnk

[2012/11/24 17:22:46 | 000,000,259 | ---- | M] () -- C:\Users\David\Desktop\associate Edit with Notepad.url

[2012/11/24 09:35:04 | 000,001,340 | ---- | M] () -- C:\Users\David\Desktop\Everything Indexer.lnk

[2012/11/20 15:52:36 | 000,001,687 | ---- | M] () -- C:\Users\David\Desktop\recently played music.lnk

[2012/11/19 23:02:00 | 000,000,787 | ---- | M] () -- C:\Users\David\Desktop\mp3DirectCut.lnk

[2012/11/19 20:39:46 | 000,000,126 | ---- | M] () -- C:\Users\David\Desktop\RareWares.url

[2012/11/19 19:48:56 | 000,001,013 | ---- | M] () -- C:\Users\David\Desktop\Audacity.lnk

[2012/11/19 18:41:19 | 000,000,683 | ---- | M] () -- C:\Users\David\Desktop\pathlen.exe.lnk

[2012/11/19 18:35:35 | 000,001,134 | ---- | M] () -- C:\Users\David\Desktop\UniExtractor.lnk

[2012/11/19 18:32:07 | 000,001,193 | ---- | M] () -- C:\Users\David\Desktop\CDWav.exe.lnk

[2012/11/18 23:55:43 | 000,001,153 | ---- | M] () -- C:\Users\David\Desktop\Tagscan.exe.lnk

[2012/11/18 23:14:36 | 000,001,896 | ---- | M] () -- C:\Users\David\Desktop\IrfanView Thumbnails.lnk

[2012/11/18 23:14:36 | 000,001,004 | ---- | M] () -- C:\Users\David\Desktop\IrfanView.lnk

[2012/11/18 22:29:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk

[2012/11/18 11:35:00 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/11/17 11:11:57 | 003,845,654 | ---- | M] () -- C:\Users\Public\Documents\abutters.pdf

[2012/11/15 00:27:02 | 000,001,139 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/11/15 00:11:53 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/14 15:00:31 | 000,001,269 | ---- | M] () -- C:\Users\David\Desktop\Local - App Data.lnk

[2012/11/14 00:56:02 | 000,001,058 | ---- | M] () -- C:\Users\David\Desktop\Logitech Media Server.lnk

[2012/11/14 00:41:27 | 000,001,060 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk

[2012/11/13 19:56:09 | 000,002,216 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk

[2012/11/12 17:16:08 | 014,492,672 | ---- | M] () -- C:\Users\David\Documents\calendar.pst

[2012/11/12 10:45:48 | 000,170,095 | ---- | M] () -- C:\Users\Public\Documents\bookmarks_11_12_12.html

[2012/11/11 17:51:50 | 000,002,977 | ---- | M] () -- C:\Users\David\Desktop\Family.lnk

[2012/11/11 17:24:41 | 000,001,013 | ---- | M] () -- C:\Users\David\Desktop\David.lnk

[2012/11/10 18:09:42 | 000,001,443 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/11/10 17:42:44 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012/11/10 17:42:44 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2012/11/02 17:06:20 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2012/11/02 17:06:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/11/02 17:03:41 | 000,030,752 | RH-- | M] () -- C:\dell.sdr

[2012/11/02 17:01:02 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2012/11/02 17:01:02 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2012/11/02 17:01:01 | 002,315,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2012/11/02 17:01:01 | 002,223,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2012/11/02 17:01:01 | 001,549,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2012/11/02 17:01:01 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2012/11/02 17:01:01 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2012/11/02 17:01:01 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2012/11/02 17:01:01 | 000,491,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2012/11/02 17:01:01 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2012/11/02 17:01:01 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2012/11/02 17:01:01 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2012/11/02 17:01:01 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2012/11/02 17:01:01 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2012/11/02 17:01:01 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2012/11/02 17:01:00 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2012/11/02 17:01:00 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2012/11/02 17:00:59 | 001,395,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2012/11/02 17:00:59 | 001,359,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2012/11/02 17:00:59 | 001,164,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2012/11/02 17:00:59 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2012/11/02 17:00:59 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2012/11/02 17:00:59 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2012/11/02 17:00:59 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2012/11/02 17:00:59 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2012/11/02 17:00:59 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2012/11/02 17:00:58 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/11/02 17:00:58 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/11/02 17:00:58 | 000,294,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/11/02 17:00:58 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2012/11/02 17:00:58 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2012/11/02 17:00:58 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012/11/02 17:00:58 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2012/11/02 17:00:58 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2012/11/02 17:00:58 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/11/02 17:00:58 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2012/11/02 17:00:58 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/11/02 17:00:58 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012/11/02 17:00:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012/11/02 17:00:57 | 002,871,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012/11/02 17:00:57 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2012/11/02 17:00:57 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2012/11/02 17:00:57 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2012/11/02 17:00:57 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2012/11/02 17:00:57 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012/11/02 17:00:57 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012/11/02 17:00:56 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/11/02 17:00:55 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/11/02 17:00:55 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/11/02 17:00:55 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/11/02 17:00:55 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/11/02 17:00:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012/11/02 17:00:54 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012/11/02 17:00:53 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012/11/02 17:00:53 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012/11/02 17:00:53 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012/11/02 17:00:53 | 001,118,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll

[2012/11/02 17:00:53 | 000,961,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2012/11/02 17:00:53 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2012/11/02 17:00:53 | 000,850,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll

[2012/11/02 17:00:53 | 000,642,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2012/11/02 17:00:53 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2012/11/02 17:00:53 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2012/11/02 17:00:53 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2012/11/02 17:00:53 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2012/11/02 17:00:53 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2012/11/02 17:00:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2012/11/02 17:00:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2012/11/02 17:00:53 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/11/02 17:00:53 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2012/11/02 17:00:53 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2012/11/02 17:00:53 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2012/11/02 17:00:53 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2012/11/02 17:00:53 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2012/11/02 17:00:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/11/02 17:00:53 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/11/02 17:00:52 | 002,565,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2012/11/02 17:00:52 | 001,699,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2012/11/02 17:00:52 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/11/02 17:00:52 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012/11/02 17:00:52 | 000,189,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2012/11/02 17:00:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2012/11/02 17:00:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2012/11/02 17:00:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2012/11/02 17:00:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2012/11/02 17:00:52 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012/11/02 17:00:52 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012/11/02 17:00:51 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2012/11/02 17:00:51 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2012/11/02 17:00:51 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2012/11/02 17:00:51 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2012/11/02 17:00:51 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2012/11/02 17:00:50 | 003,958,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe

[2012/11/02 17:00:50 | 000,642,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2012/11/02 17:00:50 | 000,605,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2012/11/02 17:00:50 | 000,566,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2012/11/02 17:00:50 | 000,518,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2012/11/02 17:00:50 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2012/11/02 17:00:50 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2012/11/02 17:00:50 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll

[2012/11/02 17:00:50 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll

[2012/11/02 17:00:50 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2012/11/02 17:00:50 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2012/11/02 17:00:50 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2012/11/02 17:00:50 | 000,020,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2012/11/02 17:00:50 | 000,019,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2012/11/02 17:00:50 | 000,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2012/11/02 17:00:49 | 000,800,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2012/11/02 17:00:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL

[2012/11/02 17:00:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAL.DLL

[2012/11/02 17:00:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINDEV.DLL

[2012/11/02 17:00:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINPUN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAL.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINGUJ.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINEN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINDEV.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE2.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE1.DLL

[2012/11/02 17:00:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINASA.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINPUN.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINGUJ.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE2.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE1.DLL

[2012/11/02 17:00:49 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINASA.DLL

[2012/11/02 17:00:47 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2012/11/02 17:00:47 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2012/11/02 16:48:21 | 000,003,412 | ---- | M] () -- C:\Windows\SysWow64\drivers\1028_Dell_XPS_8500.mrk

[2012/11/02 16:48:21 | 000,003,412 | ---- | M] () -- C:\Windows\SysNative\drivers\1028_Dell_XPS_8500.mrk

[2012/11/02 16:47:54 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/11/02 16:47:54 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/11/02 16:47:54 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/11/02 16:47:54 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/11/02 16:47:54 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/11/02 16:47:54 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/11/02 16:47:54 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/11/02 16:47:54 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/11/02 16:47:54 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/11/02 16:47:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/11/02 16:47:54 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/11/02 16:47:54 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/11/02 16:47:54 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/11/02 16:47:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/11/02 16:47:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/11/02 16:47:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/11/02 16:47:54 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/11/02 16:47:54 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/11/02 16:47:54 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/11/02 16:47:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/11/02 16:47:54 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/11/02 16:47:54 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/11/02 16:47:54 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/11/02 16:47:54 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/11/02 16:47:54 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/11/02 16:47:54 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/11/02 16:47:54 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/11/02 16:47:54 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/11/02 16:47:54 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/11/02 16:47:54 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/11/02 16:47:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/11/02 16:47:54 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/11/02 16:47:54 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/11/02 16:47:54 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/11/02 16:47:54 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/11/02 16:47:54 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/11/02 16:47:54 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/11/02 16:47:54 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/11/02 16:47:54 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/11/02 16:47:54 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/11/02 16:47:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/11/02 16:47:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/11/02 16:47:54 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/11/02 16:47:54 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/11/02 16:47:54 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/11/02 16:47:54 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/11/02 16:47:54 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/11/02 16:47:54 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/11/02 16:47:54 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/11/02 16:47:54 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/11/02 16:47:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/11/02 16:47:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/11/02 16:47:54 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/11/02 16:47:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/11/02 16:47:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/11/02 16:47:54 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/11/02 16:47:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/11/02 16:47:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/11/02 16:47:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/11/02 15:40:24 | 001,070,632 | ---- | M] () -- C:\Windows\SysNative\chklogo6.wtl

[2012/11/02 15:27:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf

[2012/11/02 15:26:18 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin

[2012/11/02 15:26:18 | 000,001,796 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020000_40.dfu

[2012/11/02 15:26:18 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu

[2012/11/02 15:26:18 | 000,001,214 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x03.dfu

[2012/11/02 15:26:18 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu

[2012/11/02 15:26:18 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu

[2012/11/02 15:26:18 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu

[2012/11/02 15:26:18 | 000,001,192 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26_0x01.dfu

[2012/11/02 15:24:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf

[2012/11/02 15:11:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/11/02 15:11:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/11/02 15:07:55 | 000,164,480 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat

[2012/10/31 15:10:00 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll

[2012/10/31 15:10:00 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll

[2012/10/31 15:10:00 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll

[2012/10/31 15:10:00 | 000,158,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\atl100.dll

[2012/10/31 15:10:00 | 000,138,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll

========== Files Created - No Company Name ==========

[2012/11/28 08:37:13 | 012,961,620 | ---- | C] () -- C:\Users\David\Desktop\mbar-1.01.0.1009.zip

[2012/11/27 09:27:26 | 000,752,128 | ---- | C] () -- C:\Users\David\Desktop\RogueKiller.exe

[2012/11/26 17:42:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/26 13:46:43 | 000,292,213 | ---- | C] () -- C:\Users\David\Desktop\12402(023)D Kaplan 11-20-12 annotated.pdf

[2012/11/26 13:10:00 | 000,288,172 | ---- | C] () -- C:\Users\David\Desktop\12402(023)D Kaplan 11-20-12.pdf

[2012/11/26 12:59:42 | 000,314,487 | ---- | C] () -- C:\Users\David\Desktop\Eudoxie_Intake_pdf.pdf

[2012/11/25 12:01:35 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\FreeFileSync.lnk

[2012/11/24 23:17:11 | 000,000,846 | ---- | C] () -- C:\Users\David\Desktop\RarZilla.lnk

[2012/11/24 17:22:46 | 000,000,259 | ---- | C] () -- C:\Users\David\Desktop\associate Edit with Notepad.url

[2012/11/24 09:33:33 | 000,001,340 | ---- | C] () -- C:\Users\David\Desktop\Everything Indexer.lnk

[2012/11/19 20:39:46 | 000,000,126 | ---- | C] () -- C:\Users\David\Desktop\RareWares.url

[2012/11/19 19:48:56 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

[2012/11/19 19:48:56 | 000,001,013 | ---- | C] () -- C:\Users\David\Desktop\Audacity.lnk

[2012/11/19 19:29:08 | 000,000,787 | ---- | C] () -- C:\Users\David\Desktop\mp3DirectCut.lnk

[2012/11/19 18:41:19 | 000,000,683 | ---- | C] () -- C:\Users\David\Desktop\pathlen.exe.lnk

[2012/11/19 18:35:35 | 000,001,134 | ---- | C] () -- C:\Users\David\Desktop\UniExtractor.lnk

[2012/11/19 18:32:07 | 000,001,193 | ---- | C] () -- C:\Users\David\Desktop\CDWav.exe.lnk

[2012/11/18 23:55:43 | 000,001,153 | ---- | C] () -- C:\Users\David\Desktop\Tagscan.exe.lnk

[2012/11/18 23:14:36 | 000,001,896 | ---- | C] () -- C:\Users\David\Desktop\IrfanView Thumbnails.lnk

[2012/11/18 23:14:36 | 000,001,004 | ---- | C] () -- C:\Users\David\Desktop\IrfanView.lnk

[2012/11/18 22:29:11 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk

[2012/11/17 11:18:41 | 003,845,654 | ---- | C] () -- C:\Users\Public\Documents\abutters.pdf

[2012/11/16 09:30:11 | 000,002,066 | ---- | C] () -- C:\Users\David\Desktop\Logitech Control Panel.lnk

[2012/11/15 14:01:51 | 000,087,152 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll

[2012/11/15 00:09:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/15 00:05:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/14 20:50:08 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk

[2012/11/14 15:00:31 | 000,001,269 | ---- | C] () -- C:\Users\David\Desktop\Local - App Data.lnk

[2012/11/14 00:41:27 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk

[2012/11/14 00:41:27 | 000,001,058 | ---- | C] () -- C:\Users\David\Desktop\Logitech Media Server.lnk

[2012/11/13 19:56:09 | 000,002,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk

[2012/11/12 15:38:24 | 014,492,672 | ---- | C] () -- C:\Users\David\Documents\calendar.pst

[2012/11/12 12:58:13 | 000,001,139 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/11/12 12:44:55 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\CNC1743D.TBL

[2012/11/12 10:45:39 | 000,170,095 | ---- | C] () -- C:\Users\Public\Documents\bookmarks_11_12_12.html

[2012/11/11 17:51:50 | 000,002,977 | ---- | C] () -- C:\Users\David\Desktop\Family.lnk

[2012/11/11 17:24:41 | 000,001,013 | ---- | C] () -- C:\Users\David\Desktop\David.lnk

[2012/11/11 17:24:09 | 000,001,211 | ---- | C] () -- C:\Users\David\Desktop\Downloads.lnk

[2012/11/11 17:07:16 | 000,001,373 | ---- | C] () -- C:\Users\David\Desktop\home tech.lnk

[2012/11/11 17:02:38 | 000,001,445 | ---- | C] () -- C:\Users\David\Desktop\DVD Copy software.lnk

[2012/11/11 17:02:21 | 000,001,344 | ---- | C] () -- C:\Users\David\Desktop\Travel.lnk

[2012/11/11 17:02:12 | 000,001,335 | ---- | C] () -- C:\Users\David\Desktop\To Do.lnk

[2012/11/11 17:01:48 | 000,001,436 | ---- | C] () -- C:\Users\David\Desktop\System Utilities.lnk

[2012/11/11 17:01:36 | 000,001,558 | ---- | C] () -- C:\Users\David\Desktop\Receipts 2012.lnk

[2012/11/11 17:01:04 | 000,001,687 | ---- | C] () -- C:\Users\David\Desktop\recently played music.lnk

[2012/11/11 17:00:11 | 000,001,333 | ---- | C] () -- C:\Users\David\Desktop\Music.lnk

[2012/11/11 08:23:59 | 000,065,645 | ---- | C] () -- C:\Users\David\Documents\1126 Oakhurst St..pdf

[2012/11/11 08:23:59 | 000,005,759 | ---- | C] () -- C:\Users\David\Documents\as of Jan 22 10.Theme

[2012/11/11 08:23:59 | 000,005,747 | ---- | C] () -- C:\Users\David\Documents\Lara1.Theme

[2012/11/11 08:23:59 | 000,005,742 | ---- | C] () -- C:\Users\David\Documents\Lara.theme

[2012/11/10 22:37:08 | 000,000,487 | ---- | C] () -- C:\Users\David\Documents\old D4600 deskktop.lnk

[2012/11/10 18:09:42 | 000,001,443 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/11/10 18:00:31 | 000,001,415 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/11/10 18:00:29 | 000,001,449 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/11/10 17:55:53 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk

[2012/11/10 17:55:45 | 000,000,290 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/11/10 17:55:45 | 000,000,272 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/11/02 17:06:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/11/02 17:06:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/11/02 17:05:50 | 000,164,480 | ---- | C] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat

[2012/11/02 17:04:53 | 2116,730,879 | -HS- | C] () -- C:\hiberfil.sys

[2012/11/02 17:03:41 | 000,030,752 | RH-- | C] () -- C:\dell.sdr

[2012/11/02 16:49:19 | 000,204,940 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/11/02 16:49:10 | 001,988,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap

[2012/11/02 16:49:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/11/02 16:49:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat

[2012/11/02 16:49:10 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/11/02 16:49:10 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat

[2012/11/02 16:49:09 | 001,987,040 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap

[2012/11/02 16:49:09 | 000,036,194 | ---- | C] () -- C:\Windows\atiogl.xml

[2012/11/02 16:49:09 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/11/02 16:49:09 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2012/11/02 16:49:07 | 000,239,869 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat

[2012/11/02 16:49:05 | 000,205,712 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb

[2012/11/02 16:49:05 | 000,205,712 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2012/11/02 16:48:21 | 000,003,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\1028_Dell_XPS_8500.mrk

[2012/11/02 16:48:21 | 000,003,412 | ---- | C] () -- C:\Windows\SysNative\drivers\1028_Dell_XPS_8500.mrk

[2012/11/02 16:47:54 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/11/02 16:47:54 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/11/02 15:40:24 | 001,070,632 | ---- | C] () -- C:\Windows\SysNative\chklogo6.wtl

[2012/11/02 15:37:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/11/02 15:35:40 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2012/11/02 15:35:37 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2012/11/02 15:35:22 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012/11/02 15:35:18 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2012/11/02 15:32:06 | 000,000,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Digital Delivery.lnk

[2012/11/02 15:31:39 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk

[2012/11/02 15:27:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf

[2012/11/02 15:25:57 | 000,018,199 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf

[2012/11/02 15:25:57 | 000,008,318 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat

[2012/11/02 15:24:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf

[2012/11/02 15:24:12 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll

[2012/11/02 15:11:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/02/10 11:10:51 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/11/02 17:00:55 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/11/02 17:00:55 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/11/02 17:03:41 | 000,030,752 | RH-- | M] () -- C:\dell.sdr

[2012/11/27 09:26:29 | 2116,730,879 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/27 09:26:30 | 4253,966,335 | -HS- | M] () -- C:\pagefile.sys

[2012/11/13 23:51:10 | 000,042,330 | ---- | M] () -- C:\RPSetup.exe.log

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites

Hello DKap,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {4B859847-F617-49DD-9DB7-B8746DBA5905}
    IE - HKCU\..\SearchScopes,DefaultScope = {4B859847-F617-49DD-9DB7-B8746DBA5905}
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

What issues remain?

Link to post
Share on other sites

<p>Thanks, TDK.</p>

<p> </p>

<p>I ran OTL.exe Run Fix.  Observable result was that OTL reset Windows Explorer to default views (no file extensions, hide system files, etc).  However same Issues remain with file icons.  </p>

<p> </p>

<p>OTL fix log (11292012_081338.log):</p>

<p> </p>

<p> All processes killed</p>

<div>========== OTL ==========</div>

<div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!</div>

<div>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!</div>

<div>64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>

<div>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.</div>

<div>========== COMMANDS ==========</div>

<div> </div>

<div>[EMPTYTEMP]</div>

<div> </div>

<div>User: All Users</div>

<div> </div>

<div>User: David</div>

<div>->Temp folder emptied: 23307443 bytes</div>

<div>->Temporary Internet Files folder emptied: 176098565 bytes</div>

<div>->Flash cache emptied: 2667 bytes</div>

<div> </div>

<div>User: Default</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 0 bytes</div>

<div> </div>

<div>User: Default User</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 0 bytes</div>

<div> </div>

<div>User: Public</div>

<div>->Temp folder emptied: 0 bytes</div>

<div> </div>

<div>%systemdrive% .tmp files removed: 0 bytes</div>

<div>%systemroot% .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div>

<div>Windows Temp folder emptied: 12102030 bytes</div>

<div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes</div>

<div>RecycleBin emptied: 10926006 bytes</div>

<div> </div>

<div>Total Files Cleaned = 212.00 mb</div>

<div> </div>

<div> </div>

<div>OTL by OldTimer - Version 3.2.69.0 log created on 11292012_081338</div>

<div> </div>

<div>Files\Folders moved on Reboot...</div>

<div>C:\Users\David\AppData\Local\Temp\7zS16F7\HPSLPSVC64.DLL moved successfully.</div>

<div>C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\f233f63b6654362865c7577442edb9e3\Win32.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\eb138ef0e4282611dbf485a302784646\LibYAML.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\e56c61f7248672819579325af3387035\POSIX.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\d0bf009923f29116535c26d228271d6d\Scan.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\c668a322917d32a5ea22894518aa9897\Base64.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\c5cce8d16a1bd48692b421dcf46d3396\Util.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\c344fd5536724b2af2e6453833b60203\SHA1.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\c199d3c1960e7aeeecb599487952bed2\HiRes.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\bd5179a413bc0c4b82eedc22c6cab101\re.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\bc147d83c7c868eeee67082dcf55430c\File.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\b979ace6da01e63d651cce9ee2474fdc\Name.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\b6bd87c968599725b8ab2e5c25d3046a\API.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\aff7ee779ea184f884ed432c30a58f5d\Scale.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\7f2598c08178217a0e2c754f3d568f28\Byte.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\7f177c338672436e01c4f0bdbcf94491\EV.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\44727051c604ef6b79894b64d4c63832\Expat.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\4461f48e31bde5c56b31b973b773de09\List.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\3b7106dd14676048b10bbb09a990f74c\XS.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\19febd96672ffdb7ea244cef36aaa062\Zlib.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\17d0b152e63e6bfe81b4b19588538896\mro.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\0665c25e931c1ac0151b062449e91028\XSAccessor.dll not found!</div>

<div>File\Folder C:\Windows\temp\pdk-SYSTEM-1288\perl514.dll not found!</div>

<div> </div>

<div>PendingFileRenameOperations files...</div>

<div> </div>

<div>Registry entries deleted on Reboot...</div>

Link to post
Share on other sites

Hi TDK,

Update: I was able to restore the proper "graphic" icons to (I think) all the icons that had reverted to generic white rectangles (there may be some I haven't thought to check). The Microsoft "fixes" which didn't work all focused on deleting and rebuilding the icon cache. I finally realized that the all files with generic icons had lost their default program associations, so I reestablished them and the proper icons were restored (embarassingly obvious fix, I suppose). I would have thought that common file types should display the proper icons even with no default program associations, so I don't know that I have fixed an underlying issue or not. Just wanted to let you know as added info to the logs I posted yesterday. :)

Link to post
Share on other sites

Hey DKap,

Well, your logs look fine. Glad to hear the icon issue has been resolved.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

=====

Also, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=====

In your reply please provide the contents of the following:

  • log.txt.
  • checkup.txt.

What issues remain on your computer?

Link to post
Share on other sites

Thanks, TDK.

I ran ESET online scanner as directed. I found the log.txt in the Program Files (x86) directory since this is a 64 bit machine. the log file was time-stamped for the time I originally set up for online scanning and allowed download installation of the ActiveX control. I did not run the scan until sometime later pending your response, above. The log file does not seem to be updated with the results of the scan. I'm quite sure I clicked all the right buttons after the scan completed. The scan did find one potential threat, which I copied from the ESET screen since I did not see it in the log.txt:

C:\Users\David\Documents\David's old docs\Archive to CD\DOS Apps and Utilities\xTree\VSCHECK.ZIP probably unknown TSR.COM.EXE virus

This is an archived file among those I had copied from my old computer and definitely was not opened or run, either on the old or new computer.

Here is the ESET log.txt

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Is it possible that the ESET online scanner saved a second log somewhere else on the computer? ... I certainly can't find one.

---------------------------------------------------------------

Screen317's checkup.txt:

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader 10.1.4 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Good afternoon DKap,

The log you found for ESET is fine.

Your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

In your reply please let me know how the update goes and if any issues remain on your computer.

Link to post
Share on other sites

Good afternoon TDK,

I ran "Check for Updates" in my Adobe Reader X (Version 10.1.4) .... response was "No Updates Available." I thought the Screen317's checkup.txt warning was strange ... I had updated Adobe Reader very recently. Not sure what prompted the warning.

In any event, do I dare say it, I don't believe I have any issues remaining. What do you think ... are we done? :)

If so, do I need to uninstall or delete any of the files left by the multiple scanners I used? I noticed, for example, that ESET saved an uninstaller.exe in the folder it created in Program Files (x86).

Link to post
Share on other sites

Hey DKap,

OK sounds fine.

Please use the ESET uninstaller.

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

And AdwCleaner:

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Thanks, TDK.

Yes, I'll make sure to follow your suggestions going forward.

One final question: Some of the uninstall instructions are for tools we didn't use, such as adwcleaner.exe. Am I correct that this is a more extensive list and not limited to the tools we used?

I'm very grateful for your terrific support! I may even have learned something. :D

Link to post
Share on other sites

Hello DKap,

One final question: Some of the uninstall instructions are for tools we didn't use, such as adwcleaner.exe. Am I correct that this is a more extensive list and not limited to the tools we used?

My apologies. I thought it had been used. :blush:

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.