Solved Unknown virus/malware - black screen w/ cursor after startup

c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 3453792 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll
+ 2010-09-22 22:05 . 2010-09-22 22:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-09-16 07:08 . 2010-09-16 07:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2010-06-19 21:51 . 2010-06-19 21:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2011-10-16 15:39 . 2011-10-16 15:39 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\d23388948ad58ad0fbd4eb2b8ce3af84\WindowsBase.ni.dll
+ 2011-10-16 15:53 . 2011-10-16 15:53 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\5a2dc348e7292fe2927385e4a31a4532\UIAutomationClientsideProviders.ni.dll
+ 2011-10-16 15:38 . 2011-10-16 15:38 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\9a1aea68b24af9040536b0677c6c35ab\System.Xml.ni.dll
+ 2011-10-16 15:42 . 2011-10-16 15:42 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e814961ae6ed88dea384d113dca52c04\System.Xaml.ni.dll
+ 2011-10-16 15:52 . 2011-10-16 15:52 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\1d65501f517ac04f851625cfc1c20abb\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-10-16 15:52 . 2011-10-16 15:52 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\e6cfefe313cadcf114868e21bf95b546\System.Web.Services.ni.dll
+ 2011-10-16 15:52 . 2011-10-16 15:52 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\680da560f61c4c594f504fe784c04d20\System.Speech.ni.dll
+ 2011-10-16 15:52 . 2011-10-16 15:52 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\ee537f5c792668106adacdcd2e5b185f\System.ServiceModel.Discovery.ni.dll
+ 2011-10-16 15:51 . 2011-10-16 15:51 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3d07edda7a71c988260a553534cab32a\System.ServiceModel.Activities.ni.dll
+ 2011-10-16 15:43 . 2011-10-16 15:43 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\f68180d9f4ade9c313f9ad20422eb1c0\System.Runtime.Serialization.ni.dll
+ 2011-10-16 15:43 . 2011-10-16 15:43 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b719608cfb73833aec4ffb15928325ec\System.Runtime.DurableInstancing.ni.dll
+ 2011-10-16 15:45 . 2011-10-16 15:45 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7fd539a7cc8fba27e16b0e32ba41eb54\System.Printing.ni.dll
+ 2011-10-16 15:49 . 2011-10-16 15:49 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\1bb0e129449a55ddd883368e3aa3c922\System.Management.ni.dll
+ 2011-10-16 15:49 . 2011-10-16 15:49 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\06cd9761b93a2882309d01af90f9cc9c\System.IdentityModel.ni.dll
+ 2011-10-16 15:43 . 2011-10-16 15:43 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\5a86b6067f001cef079bde90f001d54d\System.EnterpriseServices.ni.dll
+ 2011-10-16 15:42 . 2011-10-16 15:42 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\a167f693a1c75650b73e1c63231d879d\System.Drawing.ni.dll
+ 2011-10-16 15:43 . 2011-10-16 15:43 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\860ec610fac6c83debf77d84c6145ab4\System.DirectoryServices.ni.dll
+ 2011-10-16 15:49 . 2011-10-16 15:49 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\39f9fc075ec143345b32e19c2f9a2dde\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-16 15:44 . 2011-10-16 15:44 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\410945be3ec8a637b6cd6eae72e43368\System.Deployment.ni.dll
+ 2011-10-16 15:44 . 2011-10-16 15:44 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\d9c354c0ac635de922c7d53d4619fdb6\System.Data.ni.dll
+ 2011-10-16 15:38 . 2011-10-16 15:38 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\98dd37909515a67fd621cfafd612c24e\System.Data.SqlXml.ni.dll
+ 2011-10-16 15:49 . 2011-10-16 15:49 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\7f671e2b6e3112a0eef84f8353b628b9\System.Data.Services.Client.ni.dll
+ 2011-10-16 15:49 . 2011-10-16 15:49 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\eb7264494ea0af497b92ea427e942ac2\System.Data.Linq.ni.dll
+ 2011-10-16 15:37 . 2011-10-16 15:37 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\88d89c2eb5f36a33cec8d1734c311f23\System.Configuration.ni.dll
+ 2011-10-16 15:46 . 2011-10-16 15:46 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e7b35e6834805f513151c702f842ee65\System.ComponentModel.Composition.ni.dll
+ 2011-10-16 15:45 . 2011-10-16 15:45 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\1540d14fd301d62241d230fa88f0b8ff\System.Activities.ni.dll
+ 2011-10-16 15:46 . 2011-10-16 15:46 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\a68d1111d860d0af6810bbcd4f117c87\System.Activities.Presentation.ni.dll
+ 2011-10-16 15:46 . 2011-10-16 15:46 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\da9be9b930c7a4cf948213101d6ef289\System.Activities.Core.Presentation.ni.dll
+ 2011-10-16 15:45 . 2011-10-16 15:45 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\38ca6544a50c75f91f387f242a7b3f5c\ReachFramework.ni.dll
+ 2011-10-16 15:42 . 2011-10-16 15:42 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\c9bb3f12c4f6f255805f1415f8ec3bb4\PresentationUI.ni.dll
+ 2011-10-16 15:38 . 2011-10-16 15:38 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\db8b919ebdd2b92b529229ada83dd1e8\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-10-16 15:38 . 2011-10-16 15:38 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\a48478443ecab348f6ec13b2c8a2a9bb\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-10-16 15:38 . 2011-10-16 15:38 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\8d82f84f064acfa2e734042c688fd599\Microsoft.VisualBasic.ni.dll
+ 2011-10-16 15:38 . 2011-10-16 15:38 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\72cbd2497c6b84681a6926a84be01f5c\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-16 15:50 . 2011-10-16 15:50 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\fdec29103893482cb31213e4f7d7bfcf\Microsoft.JScript.ni.dll
+ 2011-10-16 15:37 . 2011-10-16 15:37 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\5776a31cf6c5891f87a52a801f9e1f09\Microsoft.CSharp.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
+ 2011-10-16 16:02 . 2011-10-16 16:02 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\ac9379a0db1d8da11fbc46f09da411db\UIAutomationClientsideProviders.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
+ 2011-10-16 16:02 . 2011-10-16 16:02 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e3a0483820fafd51c8cd4576de6eb45f\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-10-16 16:02 . 2011-10-16 16:02 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4cbc10b8a84a7ef0fcf9d2885bfe9832\System.Web.Services.ni.dll
+ 2011-10-16 16:02 . 2011-10-16 16:02 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6663f8ba0327399c1a5b313707cff36f\System.Speech.ni.dll
+ 2011-10-16 16:01 . 2011-10-16 16:01 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a19563d781ccd0807a41d27701d485c6\System.ServiceModel.Activities.ni.dll
+ 2011-10-16 16:01 . 2011-10-16 16:01 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9be7f7f68d488eb02161d3f0663a61a4\System.ServiceModel.Discovery.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0a30a201408744c5315446aef7fb3d5a\System.Printing.ni.dll
+ 2011-10-16 16:00 . 2011-10-16 16:00 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
+ 2011-10-16 16:00 . 2011-10-16 16:00 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\83a815291644645a3ab1ce55452e1e61\System.DirectoryServices.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\1c2d038775f2c9d42468261118019e6b\System.Deployment.ni.dll
+ 2011-10-16 13:46 . 2011-10-16 13:46 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll
+ 2011-10-16 13:46 . 2011-10-16 13:46 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\05f8ccf31515e720b1663e710e992211\System.Data.SqlXml.ni.dll
+ 2011-10-16 16:00 . 2011-10-16 16:00 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c05998cb3411b039bdfb5d852e1413be\System.Data.Services.Client.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\d622a2c40d37cfdb88e4eea7315a323e\System.Data.Linq.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
+ 2011-10-16 15:57 . 2011-10-16 15:57 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\e69e487d338ceb3883b7d175885f0794\System.Activities.ni.dll
+ 2011-10-16 15:57 . 2011-10-16 15:57 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\cc25c620acedf02fd6b5c46238643cab\System.Activities.Presentation.ni.dll
+ 2011-10-16 15:57 . 2011-10-16 15:57 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\49577d8acbf16b6091f5466feae43403\System.Activities.Core.Presentation.ni.dll
+ 2011-10-16 15:57 . 2011-10-16 15:57 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\2d23bb6dd81b41002c8f927b95b7b226\ReachFramework.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ec64d7c99f7e030d39c355ce7a968600\PresentationUI.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e173e7c959c2e6743087d628810806f1\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c7dd3d91f33a79c70db8bd805a483f4b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\51df2ad80d91a7669dd1856a9c1061f9\Microsoft.VisualBasic.ni.dll
+ 2011-10-16 15:56 . 2011-10-16 15:56 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\477c9b916a9aee0a8beb041ee00a5fcb\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-16 16:00 . 2011-10-16 16:00 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\614f6f698d269e2c56bf23feba58551c\Microsoft.JScript.ni.dll
+ 2011-10-16 13:46 . 2011-10-16 13:46 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\f03a7f8f2393a04fac7fecc1c55bd02e\Microsoft.CSharp.ni.dll
+ 2011-09-25 14:45 . 2011-09-25 14:45 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4481dd92332b45019023338cf615a630\WindowsBase.ni.dll
+ 2011-10-16 16:43 . 2011-10-16 16:43 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\38422ddfb88ccd3c565063035ebf3244\WindowsBase.ni.dll
+ 2011-10-16 17:14 . 2011-10-16 17:14 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\7fa48da22e345b49d1f50bbaa5ffc39c\UIAutomationClientsideProviders.ni.dll
+ 2011-09-26 01:11 . 2011-09-26 01:11 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\45a7a0e9cfca734aa0aacec24cf58c6a\UIAutomationClientsideProviders.ni.dll
+ 2011-10-16 16:53 . 2011-10-16 16:53 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d444289d3cf8f139ec57cee71c59a4f9\System.Xml.ni.dll
+ 2011-09-21 02:19 . 2011-09-21 02:19 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\55726d96df2a370794eb1a18253c4647\System.Xml.ni.dll
+ 2011-10-16 17:14 . 2011-10-16 17:14 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e8b4dc04ee54e114d7d086a604f182ef\System.WorkflowServices.ni.dll
+ 2011-09-26 01:11 . 2011-09-26 01:11 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\0c53724752b6912479128ea7cc02f6f6\System.WorkflowServices.ni.dll
+ 2011-09-26 01:11 . 2011-09-26 01:11 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\fd1e02085a6aecb0dabeaea2db00b1e4\System.Workflow.Runtime.ni.dll
+ 2011-10-16 16:52 . 2011-10-16 16:52 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\9a013ea903974ab1d883ee7f12ff91b9\System.Workflow.Runtime.ni.dll
+ 2011-09-26 01:10 . 2011-09-26 01:10 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\64e5f32fafa7178f2cb1a16371969ea2\System.Workflow.ComponentModel.ni.dll
+ 2011-10-16 16:52 . 2011-10-16 16:52 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\31c2d4c2fdbe781d15597ea137791683\System.Workflow.ComponentModel.ni.dll
+ 2011-09-26 01:10 . 2011-09-26 01:10 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\cac06ca4c93cbf95921be63b8c09ee44\System.Workflow.Activities.ni.dll
+ 2011-10-16 16:51 . 2011-10-16 16:51 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7c85a4813d3351c2edb5aec87cb12aea\System.Workflow.Activities.ni.dll
+ 2011-09-21 02:21 . 2011-09-21 02:21 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ccb9d0e917993cef0ecfebfcbcb08a5f\System.Web.Services.ni.dll
+ 2011-10-16 17:00 . 2011-10-16 17:00 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\42fb92855615614209655c12a1a3df22\System.Web.Services.ni.dll
+ 2011-10-16 17:13 . 2011-10-16 17:13 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\c4c3f2516a865a48ebdd9cdd545148d6\System.Web.Mobile.ni.dll
+ 2011-09-26 01:10 . 2011-09-26 01:10 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\5bbe971da5ecbe05c515c6f8c4f4e896\System.Web.Mobile.ni.dll
+ 2011-10-16 17:13 . 2011-10-16 17:13 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\fff6d4bb38838e825ee88fdaf546b853\System.Web.Extensions.ni.dll
+ 2011-09-26 01:10 . 2011-09-26 01:10 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e445fe44a510709916e47395b31937c2\System.Web.Extensions.Design.ni.dll
+ 2011-09-26 01:09 . 2011-09-26 01:09 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c7c6e99c36e181c5505986fa8b07146a\System.Web.Extensions.ni.dll
+ 2011-10-16 17:13 . 2011-10-16 17:13 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\7b503d7457232d97971ae8517c02a737\System.Web.Extensions.Design.ni.dll
+ 2011-10-16 17:13 . 2011-10-16 17:13 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\e0ad1fc372b77c63962d0ac7435c8ea7\System.Speech.ni.dll
+ 2011-09-26 01:09 . 2011-09-26 01:09 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\4a9449b7e5a9e2cb569b5960f83215bd\System.Speech.ni.dll
+ 2011-09-26 01:09 . 2011-09-26 01:09 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\ba8d54452dfef1e8c77b7ad958261d16\System.ServiceModel.Web.ni.dll
+ 2011-10-16 17:12 . 2011-10-16 17:12 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3d1ef1b7eca22a288603f0244c8a6b62\System.ServiceModel.Web.ni.dll
+ 2011-09-21 02:25 . 2011-09-21 02:25 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8f2756757122d8e810e54ad9a6a9b934\System.Runtime.Serialization.ni.dll
+ 2011-10-16 17:02 . 2011-10-16 17:02 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0923cf543f311891eeae4e5ce30ca46c\System.Runtime.Serialization.ni.dll
+ 2011-10-16 16:59 . 2011-10-16 16:59 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\9953f48654bc7d17bedab12bc74c3f2e\System.Runtime.Remoting.ni.dll
+ 2011-09-21 02:20 . 2011-09-21 02:20 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1417e3a586572bba058fc1b147932ed5\System.Runtime.Remoting.ni.dll
+ 2011-10-16 17:08 . 2011-10-16 17:08 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\c9a260f49f8d68c27828e886deed8c2a\System.Printing.ni.dll
+ 2011-09-26 01:05 . 2011-09-26 01:05 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\5e6c150a1bfdb5ad172d939f41e4b1d5\System.Printing.ni.dll
+ 2011-10-16 17:07 . 2011-10-16 17:07 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2ecec1b5620795b9330bb6fadbe5e319\System.Management.ni.dll
+ 2011-09-25 14:42 . 2011-09-25 14:42 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\1ce66c0c7c84321e850250fe7e89a6d7\System.Management.ni.dll
+ 2011-10-16 17:02 . 2011-10-16 17:02 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\6be3baa92a2cb8eae4bd5a98df3ef213\System.IdentityModel.ni.dll
+ 2011-09-21 02:25 . 2011-09-21 02:25 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\2fc69556c19f1018463627e8691bfac2\System.IdentityModel.ni.dll
+ 2011-10-16 16:58 . 2011-10-16 16:58 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.ni.dll
+ 2011-09-21 02:20 . 2011-09-21 02:20 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.ni.dll
+ 2011-09-21 02:21 . 2011-09-21 02:21 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ece8747d21e40443e5c2228818711917\System.Drawing.ni.dll
+ 2011-10-16 16:50 . 2011-10-16 16:50 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\bb534aa272960f375bef0d75162b5249\System.Drawing.ni.dll
+ 2011-09-21 02:20 . 2011-09-21 02:20 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e08075670461b361f7ab19764a2a65f0\System.DirectoryServices.ni.dll
+ 2011-10-16 16:59 . 2011-10-16 16:59 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d331e73478ddb35b0cdf57fb5d20f36b\System.DirectoryServices.ni.dll
+ 2011-10-16 17:12 . 2011-10-16 17:12 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\8e50c51664409fd0827cad6f3bd6620f\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-26 01:08 . 2011-09-26 01:08 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\465aaeb3843fddc00825724c467ba928\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-16 17:00 . 2011-10-16 17:00 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7c69e3dc27ebcbcfb593441dde062f9f\System.Deployment.ni.dll
+ 2011-09-21 02:23 . 2011-09-21 02:23 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\532040f56e2606c200cc8ea93d678fdb\System.Deployment.ni.dll
+ 2011-10-16 16:48 . 2011-10-16 16:48 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\54a302a693fe200dca13ae027dd1483e\System.Data.ni.dll
+ 2011-09-21 02:21 . 2011-09-21 02:21 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\44fbadec39cc1727a2eb1952bfa34f8a\System.Data.ni.dll
+ 2011-09-21 02:19 . 2011-09-21 02:19 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d432627b67fa9a643f11a2ca01beaf32\System.Data.SqlXml.ni.dll
+ 2011-10-16 16:58 . 2011-10-16 16:58 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\890ddce9d0da20701310973b426ad9bc\System.Data.SqlXml.ni.dll
+ 2011-09-26 01:08 . 2011-09-26 01:08 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\dc74cdf82d4c527716c0876d2a694de4\System.Data.Services.ni.dll
+ 2011-10-16 17:12 . 2011-10-16 17:12 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\a8d27863031d0e4a58d2b07108bfcc40\System.Data.Services.ni.dll
+ 2011-09-26 01:08 . 2011-09-26 01:08 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a5bb5f5edd376d88a883a6c492f6b0b4\System.Data.Services.Client.ni.dll
+ 2011-10-16 17:12 . 2011-10-16 17:12 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\482a5772033d3697d48cd56fabaa8f47\System.Data.Services.Client.ni.dll
+ 2011-10-16 17:00 . 2011-10-16 17:00 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\f94166a266be79a233e9adaef6dab1b7\System.Data.OracleClient.ni.dll
+ 2011-09-21 02:23 . 2011-09-21 02:23 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\4dbca3549ccd921fe1737fefdeb16e59\System.Data.OracleClient.ni.dll
+ 2011-10-16 16:49 . 2011-10-16 16:49 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\a9b091af2bfa6b42d6d4ba21bbab2654\System.Data.Linq.ni.dll
+ 2011-09-21 01:59 . 2011-09-21 01:59 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\95d92aba141d0560112a6aa34512efe4\System.Data.Linq.ni.dll
+ 2011-10-16 17:12 . 2011-10-16 17:12 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\90d0dcfcd0825d796e1f2dc43650940e\System.Data.Entity.Design.ni.dll
+ 2011-09-26 01:08 . 2011-09-26 01:08 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\773aa09083074b4b6ec4412117562ddf\System.Data.Entity.Design.ni.dll
+ 2011-10-16 16:48 . 2011-10-16 16:48 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\d29cd9af48c9f04e62f28a358ce7a5ef\System.Core.ni.dll
+ 2011-09-21 01:59 . 2011-09-21 01:59 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll
+ 2011-10-16 16:58 . 2011-10-16 16:58 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\50f97a989230bfb46ad7522a8b5b2512\System.Configuration.ni.dll
+ 2011-09-21 02:19 . 2011-09-21 02:19 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\2d8a18ff1b0b4029fcea093444920fd2\System.Configuration.ni.dll
+ 2011-10-16 17:08 . 2011-10-16 17:08 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\cea11bf24c34ec3c60e3c625a5352bf8\ReachFramework.ni.dll
+ 2011-09-26 01:05 . 2011-09-26 01:05 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\14ae2040aa87410b5a2f932260423510\ReachFramework.ni.dll
+ 2011-09-26 01:04 . 2011-09-26 01:04 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\de9f5fb58d639cac800701ca9443d21a\PresentationUI.ni.dll
+ 2011-10-16 17:08 . 2011-10-16 17:08 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\2f6ef4c26e7407afd96c67a356654b49\PresentationUI.ni.dll
+ 2011-10-16 17:09 . 2011-10-16 17:09 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\f279cbbbf242e95f1585e0ed3cce3a8c\PresentationBuildTasks.ni.dll
+ 2011-09-26 01:06 . 2011-09-26 01:06 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\05e1fb5e6b68eba9db5e8831b0eaa4f2\PresentationBuildTasks.ni.dll
+ 2011-10-16 17:09 . 2011-10-16 17:09 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\5668e146fdbccc3f9f4b21d5a70b7eb4\Narrator.ni.exe
+ 2011-09-26 01:06 . 2011-09-26 01:06 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\3e805eee7e658fb9d2f94711ea769bb3\Narrator.ni.exe
+ 2011-10-16 17:09 . 2011-10-16 17:09 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\acd4d9299552d5e1680f939da1001675\MMCEx.ni.dll
+ 2011-09-26 01:06 . 2011-09-26 01:06 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\0ef6ee25c2aeab72acbbee9a0207ae76\MMCEx.ni.dll
+ 2011-09-22 01:47 . 2011-09-22 01:47 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\9bf16ef26005c399e46d9ff70c6ba0f2\MIGUIControls.ni.dll
+ 2011-10-16 17:05 . 2011-10-16 17:05 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\251386b18461d44e9ae1c9814fc21f86\MIGUIControls.ni.dll
+ 2011-10-16 17:09 . 2011-10-16 17:09 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\dbe64f362e247628906a5e3d2a6f4382\Microsoft.VisualBasic.ni.dll
+ 2011-09-26 01:05 . 2011-09-26 01:05 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\9a4e215c8cb20a6638d114e84840e491\Microsoft.VisualBasic.ni.dll
+ 2011-10-16 17:02 . 2011-10-16 17:02 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\f0e3b091c929659d66eb6d38806c9918\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-21 03:37 . 2011-09-21 03:37 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\7962020dd38abe36bfa49ba3e081cceb\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-16 17:08 . 2011-10-16 17:08 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a8ca266acdc1120f6cbaf16bf1f5be12\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-26 01:05 . 2011-09-26 01:05 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9bb1e0baeddcd1ff6d4225493f99363a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-25 14:44 . 2011-09-25 14:44 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7977aa15ef526aa517a7d39f1ad1eaa3\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-10-16 17:07 . 2011-10-16 17:07 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\70876695a10b89775f51fd2033220260\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-10-16 17:08 . 2011-10-16 17:08 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\4ee8d9de2acfeb69ef137dc0683adfab\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-25 14:44 . 2011-09-25 14:44 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3f6af47aae50d64bf3823fd2d5cb8e7c\Microsoft.PowerShell.Editor.ni.dll
+ 2011-10-16 17:07 . 2011-10-16 17:07 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\10508e612e25aeb8b29a7ef98429ecb4\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-25 14:43 . 2011-09-25 14:43 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0dea2cad63e23249fc20d63a79047947\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-22 01:45 . 2011-09-22 01:45 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6d3ccbb2ad5726656c7cce38d947462\Microsoft.MediaCenter.UI.ni.dll
+ 2011-10-16 17:03 . 2011-10-16 17:03 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7218c2e9747ae0b0de010750e6f4f6cc\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-25 14:43 . 2011-09-25 14:43 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\69f3a2caef03aa1802dbf72889d44277\Microsoft.JScript.ni.dll
+ 2011-10-16 17:07 . 2011-10-16 17:07 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\0d63b26057e00a40a7cfdfb58d7593cd\Microsoft.JScript.ni.dll
+ 2011-09-22 01:48 . 2011-09-22 01:48 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\f3e97852244f77a0524e6902b59a7386\Microsoft.Ink.ni.dll
+ 2011-10-16 17:06 . 2011-10-16 17:06 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3045878874146498c9da9a6eed4be62b\Microsoft.Ink.ni.dll
+ 2011-10-16 17:06 . 2011-10-16 17:06 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\82f74fab143033cd45fcd41b17ad022c\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-10-16 17:06 . 2011-10-16 17:06 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\72488f2c9eb8bf1a2dde5c3496d8522a\Microsoft.Build.Tasks.ni.dll
+ 2011-09-22 01:48 . 2011-09-22 01:48 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1682b069fc1fd9a6c81257a16a8af255\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-22 01:48 . 2011-09-22 01:48 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\077f3aa04081b94d8f8e785947d26b5e\Microsoft.Build.Tasks.ni.dll
+ 2011-10-16 16:58 . 2011-10-16 16:58 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ce277fc44040a06e7b22f2715d7a05bf\Microsoft.Build.Engine.ni.dll
+ 2011-10-16 17:06 . 2011-10-16 17:06 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\9fa4fecb821f6b383105ca9c998822ff\Microsoft.Build.Engine.ni.dll
+ 2011-09-22 01:48 . 2011-09-22 01:48 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8b3186906166d0e1ce1db762ac594598\Microsoft.Build.Engine.ni.dll
+ 2011-09-21 02:20 . 2011-09-21 02:20 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6864d3b75b5cbe1abc7a63fab84493bd\Microsoft.Build.Engine.ni.dll
+ 2011-09-22 01:46 . 2011-09-22 01:46 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\18d26ff1dc354d212e8fe28b2365cab5\ehRecObj.ni.dll
+ 2011-10-16 17:04 . 2011-10-16 17:04 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\0430891c4fd63c2c2c57e8818837b8e9\ehRecObj.ni.dll
- 2011-06-18 15:33 . 2011-06-18 15:33 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\0a25c2bbadeb72e06aa2802c467882af\ehiVidCtl.ni.dll
+ 2011-09-22 01:46 . 2011-09-22 01:46 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\0a25c2bbadeb72e06aa2802c467882af\ehiVidCtl.ni.dll
+ 2011-10-16 17:03 . 2011-10-16 17:03 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\010ac6266e27f7d2fa33894ec4741645\ehiVidCtl.ni.dll
+ 2011-10-16 17:02 . 2011-10-16 17:02 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\98e0dc72b212c67832a3ab534793f196\ehiProxy.ni.dll
- 2011-06-18 15:32 . 2011-06-18 15:32 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\520d978bf705fe2387d818ee69e2fe43\ehiProxy.ni.dll
+ 2011-09-21 03:37 . 2011-09-21 03:37 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\520d978bf705fe2387d818ee69e2fe43\ehiProxy.ni.dll
+ 2011-10-16 17:03 . 2011-10-16 17:03 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\a0e13fcedfd3edbc2b31061df9e7103c\ehiPlay.ni.dll
- 2011-06-18 15:33 . 2011-06-18 15:33 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\406ac64462bcc8db7d2a5364c355de25\ehiPlay.ni.dll
+ 2011-09-22 01:46 . 2011-09-22 01:46 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\406ac64462bcc8db7d2a5364c355de25\ehiPlay.ni.dll
+ 2011-10-16 17:03 . 2011-10-16 17:03 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\51f89ed8312bfbd2e4b432063c6b94a5\ehepg.ni.dll
+ 2011-09-22 00:51 . 2011-09-22 00:51 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\1730bf5a48bb393bc6d8bd60f00ce27b\ehepg.ni.dll
+ 2011-10-16 16:54 . 2011-10-16 16:54 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
+ 2011-09-25 15:13 . 2011-09-25 15:13 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll
+ 2011-09-26 00:55 . 2011-09-26 00:55 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e0b47647df7bf34058ed16ae08b5d36f\UIAutomationClientsideProviders.ni.dll
+ 2011-10-16 17:23 . 2011-10-16 17:23 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0bb1ae8e8223cb3155fdc02c81b9c0f6\UIAutomationClientsideProviders.ni.dll
+ 2011-10-16 16:54 . 2011-10-16 16:54 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
+ 2011-09-21 02:02 . 2011-09-21 02:02 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
+ 2011-10-16 16:57 . 2011-10-16 16:57 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
+ 2011-09-22 00:05 . 2011-09-22 00:05 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
+ 2011-09-26 00:55 . 2011-09-26 00:55 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cb4f77127908a815e9288162fa0153d1\System.WorkflowServices.ni.dll
+ 2011-10-16 17:23 . 2011-10-16 17:23 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6dabb1ffbb64fc70a68dab460e675d2d\System.WorkflowServices.ni.dll
+ 2011-09-26 00:55 . 2011-09-26 00:55 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\a167617a58fd061722b5bc033903e089\System.Workflow.Runtime.ni.dll
+ 2011-10-16 16:57 . 2011-10-16 16:57 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\32259fbfebf9a97e29e33871a93f5d8d\System.Workflow.Runtime.ni.dll
+ 2011-10-16 16:57 . 2011-10-16 16:57 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\83db549eedd1bce50ec47994f82b22b7\System.Workflow.ComponentModel.ni.dll
+ 2011-09-26 00:54 . 2011-09-26 00:54 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5734cc1ce5f85aca912fd92584f3b3a7\System.Workflow.ComponentModel.ni.dll
+ 2011-09-26 00:45 . 2011-09-26 00:45 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32aeeece2a23ac0ef310b99c941b6d39\System.Workflow.Activities.ni.dll
+ 2011-10-16 16:57 . 2011-10-16 16:57 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2d2634b61157090f267aac490a552d03\System.Workflow.Activities.ni.dll
+ 2011-10-16 17:15 . 2011-10-16 17:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll
+ 2011-09-22 00:06 . 2011-09-22 00:06 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
+ 2011-09-26 00:45 . 2011-09-26 00:45 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d7f692ee424e8847828383ddbbf278eb\System.Web.Mobile.ni.dll
+ 2011-10-16 17:23 . 2011-10-16 17:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\961b365e93e523044c1825e244f4372f\System.Web.Mobile.ni.dll
+ 2011-10-16 17:22 . 2011-10-16 17:22 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a366c18bbc8075ca50f763097f32e94e\System.Web.Extensions.ni.dll
+ 2011-09-26 00:44 . 2011-09-26 00:44 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\684d0ef675fd640a30bdf94ad4911bb5\System.Web.Extensions.ni.dll
+ 2011-09-26 00:44 . 2011-09-26 00:44 1917952


Continued...
 
Final!!

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\4fe82e4b4223298eae15d094a32f9298\System.Speech.ni.dll
+ 2011-10-16 17:22 . 2011-10-16 17:22 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\44b6cec3e6f65ffdf524a5fb2786e0d9\System.Speech.ni.dll
+ 2011-10-16 17:22 . 2011-10-16 17:22 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ecfad34a8e869b6d7ed9d3ead3a0e97d\System.ServiceModel.Web.ni.dll
+ 2011-09-26 00:44 . 2011-09-26 00:44 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\18be706a5ab335aaceb714f528901fe1\System.ServiceModel.Web.ni.dll
+ 2011-09-25 15:09 . 2011-09-25 15:09 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll
+ 2011-10-16 17:17 . 2011-10-16 17:17 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
+ 2011-09-26 00:41 . 2011-09-26 00:41 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\92bcdd721183b527543af031f307d31f\System.Printing.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\8400b1072cb176c6f5e62909bae1ac51\System.Printing.ni.dll
+ 2011-09-25 15:12 . 2011-09-25 15:12 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8e2ea4d70513035f74a9604fa511754b\System.Management.Automation.ni.dll
+ 2011-10-16 17:18 . 2011-10-16 17:18 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\0ea6852e2bacda9371e60589ca813cd3\System.Management.Automation.ni.dll
+ 2011-10-16 17:17 . 2011-10-16 17:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll
+ 2011-09-25 15:10 . 2011-09-25 15:10 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll
+ 2011-09-22 00:05 . 2011-09-22 00:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
+ 2011-10-16 16:56 . 2011-10-16 16:56 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
+ 2011-09-22 00:07 . 2011-09-22 00:07 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e7a30fe59a12045d837f4ebaf83fc222\System.DirectoryServices.ni.dll
+ 2011-10-16 17:15 . 2011-10-16 17:15 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2abf48d164deefdf200182a3bdadfbeb\System.DirectoryServices.ni.dll
+ 2011-09-22 00:06 . 2011-09-22 00:06 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc9e5e32218f8a3d2f21d89511335713\System.Deployment.ni.dll
+ 2011-10-16 17:14 . 2011-10-16 17:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4e0e6e88d80780d87bb74e72d5bb1230\System.Deployment.ni.dll
+ 2011-10-16 16:55 . 2011-10-16 16:55 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
+ 2011-09-22 00:07 . 2011-09-22 00:07 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
+ 2011-09-22 00:05 . 2011-09-22 00:05 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll
+ 2011-10-16 17:14 . 2011-10-16 17:14 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a4889e54d14864db8f08aa20e4a7736a\System.Data.SqlXml.ni.dll
+ 2011-10-16 17:22 . 2011-10-16 17:22 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f4a17d0040e3f75d243f4ec1c644cea4\System.Data.Services.ni.dll
+ 2011-09-26 00:44 . 2011-09-26 00:44 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d09008a7155891e7f521ce175cef05ca\System.Data.Services.ni.dll
+ 2011-09-22 00:24 . 2011-09-22 00:24 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\9ecfa46a2c92f6493f030b02966f0ced\System.Data.OracleClient.ni.dll
+ 2011-10-16 17:15 . 2011-10-16 17:15 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\9354bcdb983f56cecddb68035849d9a0\System.Data.OracleClient.ni.dll
+ 2011-10-16 16:56 . 2011-10-16 16:56 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\e7424f28e09b19df2dcce8c1ebb1e78f\System.Data.Linq.ni.dll
+ 2011-09-21 02:03 . 2011-09-21 02:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1e810a1e96c671534217557954e7c999\System.Data.Linq.ni.dll
+ 2011-10-16 17:21 . 2011-10-16 17:21 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\619b6d874f92baf012a63329d05af051\System.Data.Entity.ni.dll
+ 2011-09-26 00:43 . 2011-09-26 00:43 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2e9a7977c1be792554d57c8ecd0e6d87\System.Data.Entity.ni.dll
+ 2011-10-16 16:55 . 2011-10-16 16:55 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\a272814095d94aad779e9d07b2e877c9\System.Core.ni.dll
+ 2011-09-21 02:02 . 2011-09-21 02:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\045ff9d980dcb3ffeac2a0868161215e\System.Core.ni.dll
+ 2011-09-26 00:41 . 2011-09-26 00:41 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b0d7aa182cb0028c92896d58ef4529da\ReachFramework.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\afd2adfd3c5547a55b5cfddf362c6417\ReachFramework.ni.dll
+ 2011-09-26 00:41 . 2011-09-26 00:41 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7d6eba2dd1fabc7539b153845b95afa9\PresentationUI.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\30efb8cc2564a09e296fe28653ab377c\PresentationUI.ni.dll
+ 2011-09-26 00:42 . 2011-09-26 00:42 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7ad481b1a2b26bd253f0befb765b2cf1\PresentationBuildTasks.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\05ffe0aaa7e9d46ba1603656fb1ac025\PresentationBuildTasks.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\699c5770ad3d5e67bae2e172b0781d9a\Narrator.ni.exe
+ 2011-09-26 00:41 . 2011-09-26 00:41 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\25fc1b1a3f51770139156021ba97251f\Narrator.ni.exe
+ 2011-10-16 17:19 . 2011-10-16 17:19 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\dc38366e3458237ab394a5082b2f17fe\MMCEx.ni.dll
+ 2011-09-26 00:41 . 2011-09-26 00:41 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\3398454f934691efb9798bb493d2f440\MMCEx.ni.dll
+ 2011-10-16 17:17 . 2011-10-16 17:17 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\7a21126b43da3012cdf81aefc8af03d7\MIGUIControls.ni.dll
+ 2011-09-25 15:11 . 2011-09-25 15:11 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\5c89b0298570e4d1a8443ccb7aca4a1e\MIGUIControls.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
+ 2011-09-26 00:41 . 2011-09-26 00:41 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll
+ 2011-10-16 17:17 . 2011-10-16 17:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\570eaca98d76305811de424f100ecf2c\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-25 15:10 . 2011-09-25 15:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\031dada967314b31703307bd10697079\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-26 00:41 . 2011-09-26 00:41 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b008b1b107c6ccdb8ab234437713b3fa\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-10-16 17:18 . 2011-10-16 17:18 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7d0d44c4dac29fee4fa2ec95495225e2\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-25 15:13 . 2011-09-25 15:13 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\602fed46db569c67500d5d6b00abaeeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-25 15:13 . 2011-09-25 15:13 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d659bc7dce6e73b36f5bb6ed60caccf\Microsoft.PowerShell.Editor.ni.dll
+ 2011-10-16 17:19 . 2011-10-16 17:19 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\45940afe22941c4117712a2205bc9763\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-10-16 17:18 . 2011-10-16 17:18 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\342a1097ed96cd02202482afc52449c0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-25 15:10 . 2011-09-25 15:10 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ddf5b45effdcc461ade1bebf18397ed\Microsoft.MediaCenter.UI.ni.dll
+ 2011-10-16 17:17 . 2011-10-16 17:17 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\842503edef3ebd8bf3c191140118b94b\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-22 00:24 . 2011-09-22 00:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f7c07195d1967d7cc102fa4e8a8b9251\Microsoft.JScript.ni.dll
+ 2011-10-16 17:15 . 2011-10-16 17:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\d827704baef0f300ed2bbee9fb6cf431\Microsoft.JScript.ni.dll
+ 2011-09-25 15:12 . 2011-09-25 15:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\6f69588091b002fc0e8fc5682daf77af\Microsoft.Ink.ni.dll
+ 2011-10-16 17:18 . 2011-10-16 17:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\5e7d10bc7fc82ee30a5b696f4b0b4dc9\Microsoft.Ink.ni.dll
+ 2011-10-16 17:18 . 2011-10-16 17:18 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e696d9164bbb978ea5208643ea66e2e6\Microsoft.Build.Tasks.ni.dll
+ 2011-09-25 15:11 . 2011-09-25 15:11 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cf25827006f4021a68411e023afa3b2c\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-10-16 17:18 . 2011-10-16 17:18 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a8f4947810fb41497af7167b9dd8f957\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-25 15:11 . 2011-09-25 15:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\251635230ec27ea672ef0bfd1db926c2\Microsoft.Build.Tasks.ni.dll
+ 2011-09-22 00:24 . 2011-09-22 00:24 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e7e696376682ecf6d7a5522757ca790b\Microsoft.Build.Engine.ni.dll
+ 2011-10-16 17:16 . 2011-10-16 17:16 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\83e03901d0f3ea0247df30ba82d40855\Microsoft.Build.Engine.ni.dll
+ 2011-09-22 00:05 . 2011-09-22 00:05 4383232 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\6c2e31e01fbee47bb7dfe4488d0b7468\DriversHQ.DriverDetective.Client.ni.exe
+ 2011-10-16 17:14 . 2011-10-16 17:14 4383232 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\27f71cc2e88c4e2bed75d3b2035aabc3\DriversHQ.DriverDetective.Client.ni.exe
+ 2011-08-10 14:50 . 2011-05-04 11:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-18 00:19 . 2011-01-20 11:09 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-10-15 13:58 . 2011-07-08 11:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-18 00:19 . 2011-03-29 10:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-18 00:19 . 2011-03-29 10:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-15 13:58 . 2011-07-08 11:53 4550656
c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-04 07:29 . 2011-11-04 07:29 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2006-11-02 12:33 . 2011-11-04 07:47 10989568 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-06-18 18:23 10989568 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-04 07:29 . 2011-11-04 07:29 17781760 c:\windows\system32\mshtml.dll
+ 2006-11-02 12:35 . 2011-10-16 13:48 50086344 c:\windows\system32\mrt.exe
+ 2011-11-04 07:29 . 2011-11-04 07:29 10886144 c:\windows\system32\ieframe.dll
+ 2011-10-15 13:58 . 2011-07-08 11:52 10020688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-07-11 21:33 . 2011-07-11 21:33 23254016 c:\windows\Installer\62f79.msp
+ 2011-05-19 03:06 . 2011-05-19 03:06 38672896 c:\windows\Installer\489e7.msp
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\18c65.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\18c64.msp
+ 2010-09-23 07:03 . 2010-09-23 07:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2011-10-16 13:43 . 2011-10-16 13:43 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\c9d45f7c0deab777cea3e4fe77c02031\System.ni.dll
+ 2011-10-16 15:45 . 2011-10-16 15:45 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\7850c7a1f97fc3980b67ed7d31416aea\System.Windows.Forms.ni.dll
+ 2011-10-16 15:51 . 2011-10-16 15:51 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\41ff109cc439d1cdb05465f9101261c3\System.ServiceModel.ni.dll
+ 2011-10-16 15:48 . 2011-10-16 15:48 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\f0634b66ceb548b635218f02f1101f18\System.Data.Entity.ni.dll
+ 2011-10-16 15:37 . 2011-10-16 15:37 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\06e5638d1925f6cf87ff8fad1ef06d75\System.Core.ni.dll
+ 2011-10-16 15:42 . 2011-10-16 15:42 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9b5148ac4ab43aa07d5dbcfbe54ceaf5\PresentationFramework.ni.dll
+ 2011-10-16 15:40 . 2011-10-16 15:40 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ffb7c7fb374f445e39f7224134ebca02\PresentationCore.ni.dll
+ 2011-10-16 13:43 . 2011-10-16 13:43 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
+ 2011-10-16 13:45 . 2011-10-16 13:45 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
+ 2011-10-16 16:01 . 2011-10-16 16:01 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
+ 2011-10-16 16:00 . 2011-10-16 16:00 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\78afce4e1bd3d345ef1fff004659191c\System.Data.Entity.ni.dll
+ 2011-10-16 13:47 . 2011-10-16 13:47 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
+ 2011-10-16 13:46 . 2011-10-16 13:46 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
+ 2011-10-16 13:44 . 2011-10-16 13:44 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
+ 2011-10-16 16:43 . 2011-10-16 16:43 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\f12d03e6dad70f35e012254871553713\System.ni.dll
+ 2011-09-21 01:59 . 2011-09-21 01:59 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\b008f0ff2d87b56ea30f138e32aec2eb\System.ni.dll
+ 2011-09-21 02:23 . 2011-09-21 02:23 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\db6376c76598554f7daee0e8accba1e6\System.Windows.Forms.ni.dll
+ 2011-10-16 16:51 . 2011-10-16 16:51 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\5cb03828bc75159bc60c7ba3b192f63d\System.Windows.Forms.ni.dll
+ 2011-09-21 02:21 . 2011-09-21 02:21 15225856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\9f87d3f915300b5051f29bf76b3c1874\System.Web.ni.dll
+ 2011-10-16 16:59 . 2011-10-16 16:59 15225856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\9d8f4ec5694b056b4b4b79f11c6b3b95\System.Web.ni.dll
+ 2011-09-21 02:25 . 2011-09-21 02:25 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\e1c770109a7a73190440f600bcf205ee\System.ServiceModel.ni.dll
+ 2011-10-16 17:02 . 2011-10-16 17:02 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\08b309e856a0be5fd3e19fa2f15a671f\System.ServiceModel.ni.dll
+ 2011-10-16 17:07 . 2011-10-16 17:07 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\f20cd853902d31f596cb77e1fb0a5011\System.Management.Automation.ni.dll
+ 2011-09-25 14:42 . 2011-09-25 14:42 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\9fc8a6b51c78cdcbb9ac8c1a4fcde9e0\System.Management.Automation.ni.dll
+ 2011-09-21 02:22 . 2011-09-21 02:22 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\65bc655515d76c3b195cbc59cc9c033d\System.Design.ni.dll
+ 2011-10-16 16:50 . 2011-10-16 16:50 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\53d32ce36522b35c6617583803e46428\System.Design.ni.dll
+ 2011-09-26 01:08 . 2011-09-26 01:08 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\640116247a8de50592526f7dead06015\System.Data.Entity.ni.dll
+ 2011-10-16 17:11 . 2011-10-16 17:11 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\0359dddfa810980ea79ff603f8977974\System.Data.Entity.ni.dll
+ 2011-10-16 16:47 . 2011-10-16 16:47 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9571673404921b0e6a53a4d1d00891a2\PresentationFramework.ni.dll
+ 2011-09-26 01:04 . 2011-09-26 01:04 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0663fb78a637caeb02ad253e76cdfd80\PresentationFramework.ni.dll
+ 2011-09-25 14:48 . 2011-09-25 14:48 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\fc3d6eb248aee0bbcd2f8c686f73df78\PresentationCore.ni.dll
+ 2011-10-16 16:45 . 2011-10-16 16:45 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\6cc39b5515d14c1670b7a1a47b947420\PresentationCore.ni.dll
+ 2011-09-21 01:58 . 2011-09-21 01:58 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\ee787c7dd39d956a9fdeddc8b5fde80e\mscorlib.ni.dll
- 2011-06-18 14:13 . 2011-06-18 14:14 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\ee787c7dd39d956a9fdeddc8b5fde80e\mscorlib.ni.dll
+ 2011-10-16 16:42 . 2011-10-16 16:42 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\897e1f6e4749dcdf03064150aa556c8c\mscorlib.ni.dll
+ 2011-10-16 17:05 . 2011-10-16 17:05 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\e1807995ad54a8ec2aaef6e7fdd35371\ehshell.ni.dll
+ 2011-09-22 01:47 . 2011-09-22 01:47 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\bb249c873f8577188d3922a092b8fa09\ehshell.ni.dll
+ 2011-09-22 00:06 . 2011-09-22 00:06 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
+ 2011-10-16 16:56 . 2011-10-16 16:56 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
+ 2011-10-16 17:15 . 2011-10-16 17:15 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
+ 2011-09-22 00:07 . 2011-09-22 00:07 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
+ 2011-09-25 15:09 . 2011-09-25 15:09 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll
+ 2011-10-16 17:17 . 2011-10-16 17:17 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll
+ 2011-09-22 00:24 . 2011-09-22 00:24 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7217cd3af229159188896c01174b11f9\System.Design.ni.dll
+ 2011-10-16 16:56 . 2011-10-16 16:56 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\0e8e3007e61a2ba9454600dce8193b65\System.Design.ni.dll
+ 2011-10-16 16:55 . 2011-10-16 16:55 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
+ 2011-09-26 00:40 . 2011-09-26 00:41 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll
+ 2011-09-25 15:15 . 2011-09-25 15:15 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll
+ 2011-10-16 16:54 . 2011-10-16 16:54 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
+ 2011-09-21 02:02 . 2011-09-21 02:02 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
- 2011-06-18 14:25 . 2011-06-18 14:25 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
+ 2011-10-16 16:53 . 2011-10-16 16:53 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\48a08.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-04-26 02:39 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-04-26 81920]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SmileboxTray"="c:\users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-09-29 313160]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
R4 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 27648]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 03:30]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 03:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1560360]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 182808]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.livingston.org/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.oovoostart.com/s/?src=FF-Address&site=Bing&cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56364
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
Toolbar-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-08 22:13:18
ComboFix-quarantined-files.txt 2011-11-09 03:13
ComboFix2.txt 2011-06-18 22:17
ComboFix3.txt 2011-06-18 18:35
.
Pre-Run: 68,113,747,968 bytes free
Post-Run: 69,535,797,248 bytes free
.
- - End Of File - - CC64D06BC8FC0CED2761A07E26E830E8



rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/08/2011 at 22:19:21.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 11/08/2011 at 22:19:27.
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The computer seems to running well now. I haven't had any issues getting into windows whenever I have had to reboot, and the internet seems to be working pretty smooth. I will let you know if anything abnormal occurs.

Here is the OTL.txt file...There was no Attach.txt file though.

OTL


OTL logfile created on: 11/9/2011 12:16:46 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 56.32% Memory free
7.91 Gb Paging File | 6.31 Gb Available in Paging File | 79.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144.04 Gb Total Space | 64.81 Gb Free Space | 44.99% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.73 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.74 Gb Free Space | 93.19% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 00:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2007/10/17 10:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/09/17 20:14:22 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/07 14:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/11/04 02:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/10/25 23:28:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/18 04:15:18 | 007,959,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64) ___ Intel(R)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 14:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2009/04/07 14:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/11/04 02:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/10/15 07:57:50 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/10/15 07:53:44 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/10/15 07:52:24 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/28 22:44:20 | 000,314,880 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/07/20 19:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/07/15 03:39:24 | 000,062,296 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/07/10 21:29:08 | 007,912,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/07/10 04:52:38 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/29 16:52:44 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/26 18:24:20 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/11 20:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/04/29 03:00:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.livingston.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 4E 79 01 33 D3 49 45 BC E6 1F 22 01 79 39 64 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {59c6f12b-f004-43e5-9997-08f2123119b6}:2.5.0.3
FF - prefs.js..keyword.URL: "http://www.oovoostart.com/s/?src=FF-Address&site=Bing&cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56364
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/01 22:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/17 18:18:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/28 23:41:00 | 000,000,000 | ---D | M]

[2010/07/30 23:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/11/08 22:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions
[2010/08/08 23:06:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/01 22:12:12 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/04/25 21:39:52 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
[2011/04/04 22:00:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/25 21:40:05 | 000,002,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\searchplugins\bing-zugo.xml
[2011/05/13 20:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/24 18:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/01 22:02:49 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 12:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/24 18:42:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/11/08 22:09:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7D86A6-5962-483F-89BB-ED5F19941C31}: DhcpNameServer = 167.206.245.130 167.206.245.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 00:14:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/11/08 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/11/08 17:31:24 | 004,286,253 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/11/08 17:31:23 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/11/07 20:11:46 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/07 20:11:46 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/07 20:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/07 20:07:03 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/07 20:07:03 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/07 20:07:03 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/07 20:07:02 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/07 20:07:02 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/07 20:06:44 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/07 20:06:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/07 20:04:10 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/11/07 20:04:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2011/11/06 22:15:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/23 21:10:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FlashDrive_Backup(10-23-11)

========== Files - Modified Within 30 Days ==========

[2011/11/09 00:16:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/09 00:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/11/09 00:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 22:09:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/08 21:45:57 | 000,757,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 21:45:57 | 000,644,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 21:45:57 | 000,117,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 18:15:05 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 18:15:05 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 18:15:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 17:36:57 | 617,993,845 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 16:44:24 | 001,008,092 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.com
[2011/11/08 16:42:12 | 004,286,253 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/11/08 16:41:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/11/07 22:45:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/07 20:11:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/07 20:07:04 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/07 20:02:00 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\x16w8n6q.exe
[2011/11/07 20:01:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2011/11/05 14:20:40 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/11/04 02:37:05 | 000,000,975 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/04 02:30:03 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/11/04 02:30:03 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/11/04 02:30:03 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/11/04 02:30:03 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/11/04 02:29:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/04 02:29:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/03 19:57:51 | 000,002,651 | ---- | M] () -- C:\Users\Owner\Desktop\Word.lnk
[2011/10/22 12:39:36 | 000,029,184 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 11:40:52 | 000,305,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/08 17:31:23 | 001,008,092 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.com
[2011/11/07 20:07:04 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/07 20:04:10 | 051,515,288 | ---- | C] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2011/11/07 20:04:10 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\x16w8n6q.exe
[2011/11/04 02:36:08 | 000,000,981 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/04 02:29:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/04 02:29:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/18 13:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/18 13:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/18 13:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/18 13:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/18 13:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/28 23:29:04 | 000,206,165 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/10/11 23:21:08 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/10/11 23:18:57 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2010/10/11 22:19:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/30 23:21:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/29 11:18:08 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/05/13 21:36:23 | 000,029,184 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 16:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/09/19 10:53:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 10:52:56 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/19 10:52:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/12 19:25:35 | 000,166,615 | ---- | C] () -- C:\Windows\hpoins31.dat
[2008/11/30 10:12:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/03 11:56:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/21 21:49:18 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/08/21 21:49:18 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/08/21 21:49:16 | 000,495,376 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/06/17 04:23:21 | 000,001,691 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/05/15 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
[2010/10/25 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2010/10/18 23:17:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/04/25 21:40:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2011/04/09 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Red Kawa
[2011/10/04 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smilebox
[2009/06/01 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2011/11/07 22:45:02 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/09/03 12:52:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/08 22:13:19 | 000,266,331 | ---- | M] () -- C:\ComboFix.txt
[2008/11/30 09:05:47 | 000,000,000 | ---- | M] () -- C:\detestfrag.txt
[2010/10/12 00:13:40 | 000,000,000 | ---- | M] () -- C:\foo.txt
[2008/09/03 12:57:50 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/10/11 23:47:13 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2011/11/06 23:00:53 | 000,116,632 | ---- | M] () -- C:\OTL2.Txt
[2011/11/07 00:24:20 | 000,116,632 | ---- | M] () -- C:\OTL3.Txt
[2011/11/08 18:14:39 | 171,962,367 | -HS- | M] () -- C:\pagefile.sys
[2008/10/04 03:27:41 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2011/11/08 22:19:27 | 000,000,452 | ---- | M] () -- C:\rkill.log
[2011/03/05 22:10:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/03/07 21:37:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2011/03/13 21:40:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2011/03/27 22:03:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/04/02 20:27:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/05/08 20:48:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/09/06 22:47:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/10/05 20:54:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/14 23:44:39 | 000,000,172 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/08/09 22:38:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/09/02 23:04:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/09/22 21:26:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/10/08 01:39:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/10/27 10:34:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/11/10 02:13:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/11/26 01:29:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/12/04 13:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/12/13 18:48:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2011/02/05 21:03:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2011/03/01 00:50:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2011/03/05 22:10:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/03/07 21:37:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2011/03/13 21:40:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2011/03/27 22:03:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/04/02 20:27:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/05/08 20:48:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/09/06 22:47:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/10/05 20:54:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/14 23:44:39 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/08/09 22:38:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/09/02 23:04:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/09/22 21:26:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/10/08 01:39:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/10/27 10:34:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/11/10 02:13:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/11/26 01:29:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/12/04 13:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/12/13 18:48:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011/02/05 21:03:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011/03/01 00:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/06/18 17:26:06 | 000,065,860 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_18.06.2011_18.24.36_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/04/17 11:25:32 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/04 02:37:05 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/08 16:41:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/11/08 16:42:12 | 004,286,253 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/06/16 20:51:24 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/11/09 00:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/20 18:50:26 | 000,879,028 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2010/12/30 22:26:14 | 051,515,288 | ---- | M] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2011/06/20 18:54:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
[2010/10/27 00:59:30 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\Owner\Desktop\UBCD4WinV360.exe
[2011/11/07 20:02:00 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\x16w8n6q.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/06/10 21:51:05 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/06/10 21:50:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/04/17 11:41:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/04/17 11:41:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/06/10 21:50:36 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/11/30 08:50:14 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/29 11:18:10 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/11/28 23:49:01 | 000,001,999 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Good news :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
FF - prefs.js..network.proxy.http_port: 56364
O2 - BHO: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
System is running very well. The only strange thing that happened, is something about the scheduled java updator. I have gotten two messages saying that the process has stopped. Other than that, everything is good!

OTL

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
Prefs.js: 56364 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 235809 bytes
->Temporary Internet Files folder emptied: 20139525 bytes
->Java cache emptied: 534206 bytes
->FireFox cache emptied: 10161061 bytes
->Flash cache emptied: 17097 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5733 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 887314 bytes

Total Files Cleaned = 31.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11092011_015703

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLF8NEMQ\topic173061-2[1].htm moved successfully.

Registry entries deleted on Reboot...



Checkup

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
Mozilla Firefox (3.6.8) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````
 
Ok, both old versions of Java have been uninstalled, and the weekly scheduler has been stopped from updating.

As for the ESET, it did not produce a log. Should it have?
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Broni,

I'm still with you! I have just been away the past few days. I am going to address the things explained in your post tonight or tomorrow.

Thank you so much for all of your help! You're freaking awesome.

Ken
 
You must log in or register to reply here.

Similar threads

Squid Surprise
Threadripper 7980x Build - occasional black screen?
Replies
5
Views
201
Squid Surprise
Squid Surprise
spzyder
Black screen after bios update
Replies
0
Views
373
spzyder
spzyder
midian182
Neuralink video shows quadriplegic patient who can play chess and video games with his...
Replies
15
Views
246
quadibloc
quadibloc

Latest posts

Back