Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Yet Another Garda Malware Victim

  • 16-08-2012 10:12PM
    #1
    nkay1985
    Registered Users, Registered Users 2 Posts: 6,975 ✭✭✭


    Hi lads,

    Got caught with the Garda UKash malware problem on my father-in-law's laptop the night before last.

    I can boot into all three versions of Safe Mode. I've tried some fixes I found online. I had MalwareBytes installed but it was well out of date. I downloaded the new definitions but it didn't seem to update the database.

    I'm now turning to the good old faithful, Boards.

    Most threads seem to be recommending that I run OTL so here are the results of the quick scan.

    OTL.txt:

    OTL logfile created on: 16/08/2012 23:03:51 - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1014.37 Mb Total Physical Memory | 765.82 Mb Available Physical Memory | 75.50% Memory free
    2.39 Gb Paging File | 2.24 Gb Available in Paging File | 93.81% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.43 Gb Total Space | 37.67 Gb Free Space | 54.25% Space Free | Partition Type: NTFS

    Computer Name: DJ92P83J | User Name: Owner | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/16 23:00:55 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
    PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
    PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/08/06 23:13:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2008/06/04 13:28:52 | 000,345,376 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SiteAdvisor\6261\SAService.exe -- (SiteAdvisor Service)
    SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2007/01/10 00:46:34 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2006/11/03 00:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/08/25 01:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
    DRV - [2005/07/23 00:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
    DRV - [2005/07/23 00:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE)
    DRV - [2005/07/23 00:40:58 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071114
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071114
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071114
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/?pc=skyp&ocid=skydhp
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {672BBE22-9079-4D25-8928-CFDFB6954DA2}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{33B16219-9B0D-4F78-B1B6-1575E536F024}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKCU\..\SearchScopes\{672BBE22-9079-4D25-8928-CFDFB6954DA2}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/24 23:59:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/14 01:48:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 20:19:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/04 13:28:59 | 000,000,000 | ---D | M]

    [2012/07/23 20:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2012/07/23 20:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.190.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U19 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
    CHR - Extension: SiteAdvisor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\

    O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120723222913.dll (McAfee, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
    O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [Logan_S2P] C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe ()
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O4 - HKCU..\Run: [vhaynndngmfemxe] C:\Documents and Settings\All Users\Application Data\vhaynndn.exe ()
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F06AB72-DE69-4205-9457-F5D73B9E60C5}: DhcpNameServer = 89.101.160.5 89.101.160.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C64DFA91-41A3-4746-97EF-0ABF1C02AE4C}: DhcpNameServer = 89.101.160.5 89.101.160.4
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell - "" = AutoRun
    O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\autorun.bat
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/16 23:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2012/08/14 01:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl
    [2012/08/10 15:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2012/08/07 22:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2012/07/23 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
    [2012/07/23 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
    [2012/07/23 20:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/07/23 20:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/07/23 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [30 C:\*.tmp files -> C:\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/16 22:56:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/16 22:18:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BE7AC7F7-4E32-420E-8854-32A344E5ACCF}.job
    [2012/08/16 20:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/14 01:53:34 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ryydazpayivooox
    [2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vhaynndn.exe
    [2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner\ms.exe
    [2012/08/14 01:53:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-571566390-892394377-1482031647-1003UA.job
    [2012/08/14 01:53:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-571566390-892394377-1482031647-1003Core.job
    [2012/08/13 19:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/08/13 14:35:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/08/13 14:35:53 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/08/13 14:33:50 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2012/08/13 14:33:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2012/08/09 21:57:58 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/08/09 21:57:57 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
    [2012/08/07 22:57:41 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2012/08/07 16:05:29 | 000,014,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\r.jpg
    [2012/08/07 16:05:14 | 000,016,845 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\g.jpg
    [2012/08/02 23:40:13 | 000,015,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cin.jpg
    [2012/08/02 23:39:57 | 000,015,420 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\whim.jpg
    [2012/07/30 13:29:22 | 000,066,303 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rage.jpg
    [2012/07/29 14:39:58 | 000,018,647 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\net.jpg
    [2012/07/29 14:34:34 | 000,021,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bead.jpg
    [2012/07/28 23:40:36 | 000,047,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\caviar nails.jpg
    [2012/07/28 23:40:17 | 000,049,948 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wedding nails.jpg
    [2012/07/23 20:19:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/23 20:19:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/07/17 23:39:05 | 000,484,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Henry-Cavill-is-Zack-Snyders-Superman.png
    [30 C:\*.tmp files -> C:\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/14 01:53:33 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vhaynndn.exe
    [2012/08/14 01:53:25 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ryydazpayivooox
    [2012/08/14 01:53:22 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Owner\ms.exe
    [2012/08/13 14:33:50 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2012/08/13 14:33:49 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2012/08/07 22:57:41 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2012/08/07 16:05:28 | 000,014,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\r.jpg
    [2012/08/07 16:05:10 | 000,016,845 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\g.jpg
    [2012/08/02 23:40:08 | 000,015,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cin.jpg
    [2012/08/02 23:39:54 | 000,015,420 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\whim.jpg
    [2012/07/30 13:29:19 | 000,066,303 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rage.jpg
    [2012/07/29 14:39:56 | 000,018,647 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\net.jpg
    [2012/07/29 14:34:32 | 000,021,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bead.jpg
    [2012/07/28 23:40:34 | 000,047,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\caviar nails.jpg
    [2012/07/28 23:40:13 | 000,049,948 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wedding nails.jpg
    [2012/07/23 20:35:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/07/23 20:19:17 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/23 20:19:17 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/07/23 20:19:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/17 23:39:21 | 000,484,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Henry-Cavill-is-Zack-Snyders-Superman.png
    [2012/03/07 16:43:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2009/09/27 17:08:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PreferencePane
    [2009/09/27 17:08:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Plugins
    [2009/09/27 17:08:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2009/03/27 15:07:23 | 000,010,496 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SmarThruOptions.xml
    [2008/01/29 13:49:50 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/01 17:19:56 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2009/09/27 17:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2009/02/17 12:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2009/09/27 17:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2012/08/14 01:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl
    [2009/09/27 17:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2012/06/19 12:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/27 17:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
    [2009/03/27 15:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmarThru4
    [2012/08/16 22:18:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BE7AC7F7-4E32-420E-8854-32A344E5ACCF}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Updater:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\My Webs:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\IRISH AIR CORPS AIRCRAFT SINCE 1922:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\bank account tsb:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\Word Processing Exercises:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\maura:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\Here come the girls:Roxio EMC Stream

    < End of report >


    Extras.txt

    OTL Extras logfile created on: 16/08/2012 23:03:51 - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1014.37 Mb Total Physical Memory | 765.82 Mb Available Physical Memory | 75.50% Memory free
    2.39 Gb Paging File | 2.24 Gb Available in Paging File | 93.81% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.43 Gb Total Space | 37.67 Gb Free Space | 54.25% Space Free | Partition Type: NTFS

    Computer Name: DJ92P83J | User Name: Owner | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
    "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
    "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6FFBEAEA-312A-4C3F-AE8A-87E0ABA51033}" = Nero 7 Essentials
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee Total Protection
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Philips Intelligent Agent_is1" = Philips Intelligent Agent
    "Samsung SCX-4500 Series" = Samsung SCX-4500 Series
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 2.0.3
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 4.20 (32-bit)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:00:55 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:01:00 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 16/08/2012 16:01:00 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 16/08/2012 17:58:50 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:50 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:50 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
    arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

    Error - 16/08/2012 17:59:13 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


    < End of report >



    Any help would be greatly appreciated.

    Thanks,
    nkay.


Comments

  • #2
    ED E
    Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    I cleared one of these recently by using safe mode and MSCONFIG to remove start items. Took all of ten seconds.


    If that doesnt work then try a kasp live disk: burn, boot, update, scan, delete, done.


  • #3
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL copy and paste this into the custom scan/fixes box



    :OTL
    O4 - HKCU..\Run: [vhaynndngmfemxe] C:\Documents and Settings\All Users\Application Data\vhaynndn.exe ()
    O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell - "" = AutoRun
    O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\autorun.bat
    [2012/08/14 01:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl
    [30 C:\*.tmp files -> C:\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2012/08/14 01:53:34 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ryydazpayivooox
    [2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vhaynndn.exe
    [2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner\ms.exe

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click Run Fix, reboot the PC and post the log it gives you.



    Then try update MBAM now, if it works(it should), do a quick scan, post the log from that.


  • #4
    nkay1985
    Registered Users, Registered Users 2 Posts: 6,975 ✭✭✭nkay1985


    Having run the fix, am I o.k. to boot into Windows normally?


  • #5
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    yeah


  • #6
    nkay1985
    Registered Users, Registered Users 2 Posts: 6,975 ✭✭✭nkay1985


    Here's the log after the reboot following the OTL fix:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vhaynndngmfemxe deleted successfully.
    C:\Documents and Settings\All Users\Application Data\vhaynndn.exe moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
    File E:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\ not found.
    File E:\autorun.bat not found.
    C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl folder moved successfully.
    C:\LOG10.tmp deleted successfully.
    C:\LOG11.tmp deleted successfully.
    C:\LOG12.tmp deleted successfully.
    C:\LOG13.tmp deleted successfully.
    C:\LOG14.tmp deleted successfully.
    C:\LOG15.tmp deleted successfully.
    C:\LOG16.tmp deleted successfully.
    C:\LOG17.tmp deleted successfully.
    C:\LOG18.tmp deleted successfully.
    C:\LOG19.tmp deleted successfully.
    C:\LOG1A.tmp deleted successfully.
    C:\LOG1B.tmp deleted successfully.
    C:\LOG1D.tmp deleted successfully.
    C:\LOG27.tmp deleted successfully.
    C:\LOG2D.tmp deleted successfully.
    C:\LOG3.tmp deleted successfully.
    C:\LOG30.tmp deleted successfully.
    C:\LOG31.tmp deleted successfully.
    C:\LOG3A.tmp deleted successfully.
    C:\LOG4.tmp deleted successfully.
    C:\LOG5.tmp deleted successfully.
    C:\LOG6.tmp deleted successfully.
    C:\LOG7.tmp deleted successfully.
    C:\LOG8.tmp deleted successfully.
    C:\LOG9.tmp deleted successfully.
    C:\LOGB.tmp deleted successfully.
    C:\LOGC.tmp deleted successfully.
    C:\LOGD.tmp deleted successfully.
    C:\LOGE.tmp deleted successfully.
    C:\LOGF.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\msxml6.dll.tmp deleted successfully.
    C:\WINDOWS\002680_.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ryydazpayivooox moved successfully.
    File C:\Documents and Settings\All Users\Application Data\vhaynndn.exe not found.
    C:\Documents and Settings\Owner\ms.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 32768 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 32768 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 267656 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 65263415 bytes
    ->Temporary Internet Files folder emptied: 27477857 bytes
    ->Java cache emptied: 35453 bytes
    ->FireFox cache emptied: 62656164 bytes
    ->Google Chrome cache emptied: 444312927 bytes
    ->Flash cache emptied: 14216 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109811673 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 4036664355 bytes

    Total Files Cleaned = 4,527.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Unable to start System Restore Service. Error code 10
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.57.0 log created on 08172012_151034

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Advertisement
  • #7
    nkay1985
    Registered Users, Registered Users 2 Posts: 6,975 ✭✭✭nkay1985


    MBAM log:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.17.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: DJ92P83J [administrator]

    Protection: Enabled

    17/08/2012 15:20:03
    mbam-log-2012-08-17 (15-20-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209154
    Time elapsed: 11 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Clear, it seems.

    Thanks a lot.


  • #8
    ikeano29
    Registered Users, Registered Users 2 Posts: 344 ✭✭ikeano29


    ED E wrote: »
    I cleared one of these recently by using safe mode and MSCONFIG to remove start items. Took all of ten seconds.


    If that doesnt work then try a kasp live disk: burn, boot, update, scan, delete, done.

    You stopped the splash screen from running is all you did, you didn't actually remove the real threat.


  • #9
    Torqay
    Closed Accounts Posts: 5,835 ✭✭✭Torqay


    OT: Had two "victims" last week, a retired Garda and the other guy rang up the local barracks, asking if he could pay cash since he didn't have a credit card. :D


  • #10
    ZENER
    Registered Users, Registered Users 2 Posts: 6,163 ✭✭✭ZENER


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    That's a lot of AV software isn't it ? Machine must be very slow ?

    Ken


  • #11
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    That's just a registry setting, its not a list of currently installed or previously installed AV programs. I have the exact same one, I'd hazard a guess you do too.


  • Advertisement
  • #12
    ZENER
    Registered Users, Registered Users 2 Posts: 6,163 ✭✭✭ZENER


    Doubt it ;) I use a Mac.

    Just to say though, I always find your post very informative. Though I haven't had cause to use any of your tips here I do appreciate the time you take to help those that do.

    Ken


  • #13
    yenom
    Registered Users, Registered Users 2 Posts: 659 ✭✭✭yenom


    Just got this, I'm able to log on using another user on the PC. Just ran full Malware and Anti Virus, hope this works.


  • #14
    Hedgecutter
    Registered Users, Registered Users 2 Posts: 1,065 ✭✭✭Hedgecutter


    OTL has not worked. I scanned,copy and pasted the notebook in to the fix window and ran fix.

    Bloody thing still there. Am I missing something ?


  • #15
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    this isn't a universal fix, it changes for all machines. lets try this instead

    download and run combofix, post the log from it

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


  • #16
    Anthonyk2010
    Registered Users, Registered Users 2 Posts: 295 ✭✭Anthonyk2010


    ASJ112 wrote: »
    this isn't a universal fix, it changes for all machines. lets try this instead

    download and run combofix, post the log from it

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Ok I'll give that a go. Why do I need to post the log?


  • #17
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    so I can remove any malware that is left over on your PC


  • #18
    Hedgecutter
    Registered Users, Registered Users 2 Posts: 1,065 ✭✭✭Hedgecutter


    Downloading combofix now will post list when i have it.


  • #19
    Hedgecutter
    Registered Users, Registered Users 2 Posts: 1,065 ✭✭✭Hedgecutter


    ComboFix 12-09-15.02 - Anthony 16/09/2012 19:16:14.2.1 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.1788.883 [GMT 1:00]
    Running from: c:\users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVGUHKBQ\ComboFix.exe
    AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
    FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
    SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\BFlix\BFLIx.dll
    c:\program files (x86)\Incredibar.com
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
    c:\programdata\100
    c:\programdata\gzewdejt.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-16 18:25 . 2012-09-16 18:25
    d
    w- c:\users\Public\AppData\Local\temp
    2012-09-16 18:25 . 2012-09-16 18:25
    d
    w- c:\users\Default\AppData\Local\temp
    2012-09-16 18:25 . 2012-09-16 18:25
    d
    w- c:\users\Administrator\AppData\Local\temp
    2012-09-16 17:38 . 2012-09-16 17:58
    d
    w- C:\rei
    2012-09-16 17:38 . 2012-09-16 17:38
    d
    w- c:\program files\Reimage
    2012-09-16 17:37 . 2012-09-16 17:38
    d
    w- c:\program files (x86)\ReImageCompanion
    2012-09-16 15:51 . 2012-09-16 15:51
    d
    w- C:\_OTL
    2012-09-16 10:26 . 2012-09-16 10:26
    d
    w- c:\programdata\dciepjphdmrmncs
    2012-09-12 19:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 19:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 19:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 19:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 19:30 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 19:30 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 19:30 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-07 09:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-09-07 09:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-09-07 08:28 . 2012-09-07 08:28
    d
    w- c:\users\Anthony\AppData\Roaming\ImgBurn
    2012-09-07 08:22 . 2012-09-07 08:22
    d
    w- c:\program files (x86)\ImgBurn
    2012-09-01 11:09 . 2012-09-07 06:31
    d
    w- c:\users\Anthony\AppData\Roaming\uTorrent us1
    2012-08-28 18:55 . 2012-08-28 18:54 111064 ----a-w- c:\windows\system32\BgGamingMonitor.dll
    2012-08-28 18:55 . 2012-08-28 18:54 100216 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-12 20:15 . 2011-05-12 19:26 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-07 16:04 . 2010-11-29 22:47 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-29 15:38 . 2012-03-29 16:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-29 15:38 . 2011-05-18 20:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-16 17:24 . 2012-08-16 17:25 54624 ----a-w- c:\windows\SysWow64\BGLsp.dll
    2012-08-16 17:24 . 2012-08-16 17:25 63840 ----a-w- c:\windows\system32\BGLsp.dll
    2012-07-18 18:15 . 2012-08-16 18:16 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-04 22:16 . 2012-08-16 18:24 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-16 18:24 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-16 18:24 136704 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-16 18:24 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-22 12:53 . 2010-10-12 10:04 38528 ----a-r- c:\windows\system32\drivers\Afw.sys
    2012-06-22 12:52 . 2010-10-12 10:04 445568 ----a-r- c:\windows\system32\drivers\AfwCore.sys
    2012-06-20 08:42 . 2012-06-20 08:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
    .
    .
    ((((((((((((((((((((((((((((( [EMAIL="SnapShot@2011-11-15_22.12.17"]SnapShot@2011-11-15_22.12.17[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-05-12 19:40 . 2009-09-04 16:44 69464 c:\windows\SysWOW64\XAPOFX1_3.dll
    + 2012-02-14 21:04 . 2009-09-04 17:44 69464 c:\windows\SysWOW64\XAPOFX1_3.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 51024 c:\windows\SysWOW64\vcomp100.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 66856 c:\windows\SysWOW64\SynTPEnhPS.dll
    + 2012-03-03 10:28 . 2003-01-26 13:41 40960 c:\windows\SysWOW64\ssubtmr6.dll
    + 2012-07-16 19:28 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
    - 2011-07-02 20:57 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
    + 2012-08-16 18:27 . 2012-05-05 07:46 43008 c:\windows\SysWOW64\srclient.dll
    - 2009-07-13 23:23 . 2009-07-14 01:16 43008 c:\windows\SysWOW64\srclient.dll
    + 2012-03-08 17:50 . 2012-03-08 17:50 49016 c:\windows\SysWOW64\sirenacm.dll
    - 2011-05-13 15:03 . 2011-05-13 15:03 49016 c:\windows\SysWOW64\sirenacm.dll
    - 2011-07-02 20:57 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
    + 2012-07-16 19:28 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
    + 2012-06-04 14:21 . 2006-10-19 23:10 80024 c:\windows\SysWOW64\PICSDK.dll
    + 2012-01-11 20:14 . 2011-11-19 14:01 67072 c:\windows\SysWOW64\packager.dll
    + 2012-08-16 18:24 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
    + 2009-01-22 02:12 . 2009-01-22 02:12 88904 c:\windows\SysWOW64\msxml4r.dll
    + 2012-08-19 17:12 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
    + 2012-08-19 17:12 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 81744 c:\windows\SysWOW64\mfcm100u.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 81744 c:\windows\SysWOW64\mfcm100.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 60752 c:\windows\SysWOW64\mfc100rus.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 43344 c:\windows\SysWOW64\mfc100kor.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 62288 c:\windows\SysWOW64\mfc100ita.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 64336 c:\windows\SysWOW64\mfc100fra.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 63824 c:\windows\SysWOW64\mfc100esn.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 55120 c:\windows\SysWOW64\mfc100enu.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 64336 c:\windows\SysWOW64\mfc100deu.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 36176 c:\windows\SysWOW64\mfc100cht.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 36176 c:\windows\SysWOW64\mfc100chs.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-08-19 17:12 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-06-04 14:21 . 2004-03-03 05:10 21390 c:\windows\SysWOW64\EPPICPattern5.dat
    + 2012-06-04 14:21 . 2004-03-03 05:10 11811 c:\windows\SysWOW64\EPPICPattern4.dat
    + 2012-06-04 14:21 . 2004-03-03 05:10 24903 c:\windows\SysWOW64\EPPICPattern3.dat
    + 2012-06-04 14:21 . 2004-03-03 05:10 20148 c:\windows\SysWOW64\EPPICPattern2.dat
    + 2012-06-04 14:21 . 2004-03-03 05:10 31053 c:\windows\SysWOW64\EPPICPattern131.dat
    + 2012-06-04 14:21 . 2004-03-03 05:10 27417 c:\windows\SysWOW64\EPPICPattern121.dat
    + 2012-06-04 14:21 . 2004-03-03 05:10 26154 c:\windows\SysWOW64\EPPICPattern1.dat
    + 2012-06-04 14:21 . 2006-10-30 23:10 71840 c:\windows\SysWOW64\EPPicMgr.dll
    + 2011-08-30 23:05 . 2011-08-30 23:05 73064 c:\windows\SysWOW64\dnssd.dll
    - 2011-07-12 10:20 . 2011-07-12 10:20 73064 c:\windows\SysWOW64\dnssd.dll
    - 2011-07-12 10:20 . 2011-07-12 10:20 83816 c:\windows\SysWOW64\dns-sd.exe
    + 2011-08-30 23:05 . 2011-08-30 23:05 83816 c:\windows\SysWOW64\dns-sd.exe
    - 2009-07-14 04:54 . 2011-11-11 14:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-09-12 19:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-11 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-12 19:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-12 19:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-11 14:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-06-21 18:58 . 2012-06-02 22:19 44056 c:\windows\system32\wups2.dll
    + 2012-06-21 18:57 . 2012-06-02 22:19 38424 c:\windows\system32\wups.dll
    + 2012-06-21 18:57 . 2012-06-02 22:15 99840 c:\windows\system32\wudriver.dll
    + 2012-06-21 18:58 . 2012-06-02 22:19 57880 c:\windows\system32\wuauclt.exe
    + 2012-06-21 18:57 . 2012-06-02 14:15 36864 c:\windows\system32\wuapp.exe
    - 2011-07-02 20:57 . 2010-11-20 13:25 36864 c:\windows\system32\wuapp.exe
    + 2009-08-22 09:34 . 2012-09-16 15:55 77784 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-09-16 15:55 70152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-12-23 21:33 . 2012-09-16 15:55 22178 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1632850937-2603528192-2068011120-1000_UserData.bin
    + 2011-06-11 01:15 . 2011-06-11 01:15 57168 c:\windows\system32\vcomp100.dll
    - 2011-07-02 20:58 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
    + 2012-01-28 13:21 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
    + 2009-08-22 10:47 . 2009-02-27 03:42 66440 c:\windows\system32\spool\drivers\x64\msonpui.dll
    - 2011-07-02 20:58 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
    + 2012-01-28 13:21 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
    - 2011-07-02 20:59 . 2010-11-20 13:27 77312 c:\windows\system32\rdpwsx.dll
    + 2012-06-16 08:04 . 2012-04-26 05:41 77312 c:\windows\system32\rdpwsx.dll
    + 2012-01-11 20:14 . 2011-11-19 14:58 77312 c:\windows\system32\packager.dll
    + 2012-08-19 17:12 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
    + 2012-08-19 17:12 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 93008 c:\windows\system32\mfcm100u.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 93008 c:\windows\system32\mfcm100.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 60752 c:\windows\system32\mfc100rus.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 43344 c:\windows\system32\mfc100kor.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 43856 c:\windows\system32\mfc100jpn.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 62288 c:\windows\system32\mfc100ita.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 64336 c:\windows\system32\mfc100fra.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 63824 c:\windows\system32\mfc100esn.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 55120 c:\windows\system32\mfc100enu.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 64336 c:\windows\system32\mfc100deu.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 36176 c:\windows\system32\mfc100cht.dll
    + 2011-06-11 01:15 . 2011-06-11 01:15 36176 c:\windows\system32\mfc100chs.dll
    + 2012-01-28 13:21 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
    - 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
    + 2011-12-24 23:39 . 2011-12-26 22:52 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    + 2012-08-19 17:12 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 85504 c:\windows\system32\jsproxy.dll
    + 2012-04-20 19:28 . 2012-03-01 06:33 81408 c:\windows\system32\imagehlp.dll
    + 2010-10-24 13:58 . 2011-11-16 17:16 84240 c:\windows\system32\GDIPFONTCACHEV1.DAT
    - 2010-10-24 13:58 . 2010-10-24 13:58 84240 c:\windows\system32\GDIPFONTCACHEV1.DAT
    + 2012-04-18 17:02 . 2012-03-08 17:40 48488 c:\windows\system32\DRVSTORE\fssfltr_F81BFAB31A96EBC51D97A2D005244F41BE442B43\fssfltr.sys
    - 2009-07-14 05:30 . 2011-09-12 17:32 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2012-09-13 19:34 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2012-02-15 10:01 . 2012-02-15 10:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaapl64.sys
    + 2011-10-14 03:35 . 2011-10-14 03:35 66856 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_b28b907efbdd0634\SynTPEnhPS32.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 58664 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_b28b907efbdd0634\SynTPEnhPS.dll
    + 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys
    + 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys
    + 2012-09-12 19:31 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys
    + 2012-09-12 19:31 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys
    + 2011-05-10 07:06 . 2011-05-10 07:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\netaapl64.sys
    + 2011-11-12 11:18 . 2011-11-12 11:18 40320 c:\windows\system32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_amd64_neutral_8d32ba055a076abd\amd64\btblan.sys
    + 2009-10-09 21:22 . 2009-10-09 21:22 40320 c:\windows\system32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_amd64_neutral_0d528e379981ed05\amd64\btblan.sys
    + 2011-07-16 19:03 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
    + 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
    + 2012-02-15 10:01 . 2012-02-15 10:01 52736 c:\windows\system32\drivers\usbaapl64.sys
    + 2012-03-13 17:19 . 2012-02-17 04:57 23552 c:\windows\system32\drivers\tdtcp.sys
    - 2009-07-14 00:16 . 2009-07-14 00:16 23552 c:\windows\system32\drivers\tdtcp.sys
    + 2012-05-12 15:09 . 2012-03-17 07:58 75120 c:\windows\system32\drivers\partmgr.sys
    + 2011-07-01 13:57 . 2012-03-21 20:53 25160 c:\windows\system32\drivers\NSNetmon.sys
    - 2010-12-21 12:32 . 2011-07-01 13:53 25160 c:\windows\system32\drivers\NSNetmon.sys
    + 2012-07-16 19:28 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
    + 2012-04-18 17:02 . 2012-03-08 17:40 48488 c:\windows\system32\drivers\fssfltr.sys
    - 2011-05-12 19:47 . 2010-09-22 23:36 48488 c:\windows\system32\drivers\fssfltr.sys
    + 2012-04-20 19:28 . 2012-03-01 06:46 23408 c:\windows\system32\drivers\fs_rec.sys
    + 2009-10-09 21:22 . 2009-10-09 21:22 40320 c:\windows\system32\drivers\btblan.sys
    - 2011-07-12 10:34 . 2011-07-12 10:34 85864 c:\windows\system32\dnssd.dll
    + 2011-08-30 23:05 . 2011-08-30 23:05 85864 c:\windows\system32\dnssd.dll
    - 2011-07-12 10:34 . 2011-07-12 10:34 96104 c:\windows\system32\dns-sd.exe
    + 2011-08-30 23:05 . 2011-08-30 23:05 96104 c:\windows\system32\dns-sd.exe
    + 2011-12-15 20:35 . 2011-10-26 05:21 43520 c:\windows\system32\csrsrv.dll
    - 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
    + 2009-10-20 08:54 . 2012-09-08 06:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-20 08:54 . 2011-09-13 15:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-20 08:54 . 2012-09-08 06:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-20 08:54 . 2011-09-13 15:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-09-13 15:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-08 06:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-28 13:44 . 2010-02-02 14:48 60416 c:\windows\system32\athihvui.dll
    - 2011-07-02 21:00 . 2010-11-20 13:25 67072 c:\windows\splwow64.exe
    + 2012-08-16 18:42 . 2012-02-11 06:36 67072 c:\windows\splwow64.exe
    + 2009-07-14 04:46 . 2012-09-16 09:48 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 04:46 . 2011-11-11 15:05 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-12-23 12:31 . 2011-09-12 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-12-23 12:31 . 2012-02-16 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-06 16:48 . 2011-04-06 16:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
    + 2011-12-15 13:01 . 2011-12-15 13:01 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
    - 2010-03-18 13:27 . 2010-03-18 13:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
    + 2011-05-17 10:08 . 2011-05-17 10:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
    + 2012-01-11 20:14 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
    + 2011-04-06 16:48 . 2011-04-06 16:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
    + 2011-12-15 12:08 . 2011-12-15 12:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    - 2010-03-18 12:16 . 2010-03-18 12:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
    + 2011-05-17 09:27 . 2011-05-17 09:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
    + 2012-01-11 20:14 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2012-06-16 09:55 . 2012-06-16 09:55 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-08-10 18:31 . 2011-08-10 18:31 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-06-16 09:55 . 2012-06-16 09:55 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-06-16 09:54 . 2012-06-16 09:54 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-08-10 18:30 . 2011-08-10 18:30 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-06-16 09:54 . 2012-06-16 09:54 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-04-18 16:59 . 2012-04-18 16:59 24576 c:\windows\Installer\3e0a48.msp
    + 2011-05-12 19:48 . 2011-05-12 19:48 56832 c:\windows\Installer\3e0a41.msi
    + 2012-04-18 16:59 . 2012-04-18 16:59 65536 c:\windows\Installer\3e0a36.msi
    + 2012-04-18 16:59 . 2012-04-18 16:59 30720 c:\windows\Installer\3e0a31.msp
    + 2011-05-12 19:48 . 2011-05-12 19:48 74240 c:\windows\Installer\3e0a2c.msi
    + 2012-04-18 16:59 . 2012-04-18 16:59 23552 c:\windows\Installer\3e0a27.msp
    + 2011-05-12 19:47 . 2011-05-12 19:47 29696 c:\windows\Installer\3e0a22.msi
    + 2012-04-18 16:59 . 2012-04-18 16:59 60416 c:\windows\Installer\3e0a1c.msp
    + 2012-04-18 16:59 . 2012-04-18 16:59 29184 c:\windows\Installer\3e09bd.msp
    + 2011-09-15 13:35 . 2011-09-15 13:35 67072 c:\windows\Installer\3e09b7.msi
    + 2012-04-18 16:56 . 2012-04-18 16:56 39936 c:\windows\Installer\3e07ee.msp
    + 2011-05-12 19:40 . 2011-05-12 19:40 74240 c:\windows\Installer\3e07e9.msi
    + 2012-04-18 16:56 . 2012-04-18 16:56 26112 c:\windows\Installer\3e07e0.msi
    + 2012-07-20 20:05 . 2012-07-20 20:05 25600 c:\windows\Installer\3731e0.msi
    + 2012-04-11 03:55 . 2012-04-11 03:55 41472 c:\windows\Installer\17a63ab.msi
    - 2011-09-15 14:02 . 2011-09-15 14:02 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
    + 2012-04-18 17:03 . 2012-04-18 17:03 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
    + 2012-08-16 19:15 . 2012-08-16 19:15 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    - 2011-06-17 20:46 . 2011-06-17 20:46 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    - 2009-08-22 10:48 . 2011-06-17 20:46 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-08-22 10:48 . 2012-08-16 19:16 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-08-22 10:48 . 2012-08-16 19:16 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    - 2009-08-22 10:48 . 2011-06-17 20:46 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-08-22 10:48 . 2012-08-16 19:16 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    - 2009-08-22 10:48 . 2011-06-17 20:46 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    - 2011-06-17 20:46 . 2011-06-17 20:46 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2012-08-16 19:15 . 2012-08-16 19:15 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2012-01-16 22:13 . 2012-01-16 22:13 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2012-01-16 22:13 . 2012-01-16 22:13 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
    - 2009-08-22 10:24 . 2010-12-16 15:39 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
    + 2009-08-22 10:24 . 2012-04-20 19:40 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
    + 2012-05-30 19:06 . 2012-05-30 19:06 53608 c:\windows\Installer\$PatchCache$\Managed\C8FDA2211ADDC08499638CF882522B56\2.1.9\pthreadVC2.dll
    + 2012-05-30 19:06 . 2012-05-30 19:06 17256 c:\windows\Installer\$PatchCache$\Managed\C8FDA2211ADDC08499638CF882522B56\2.1.9\AppleVersions.dll
    + 2005-12-02 14:18 . 2005-12-02 14:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe
    + 2009-10-14 13:24 . 2009-10-14 13:24 99976 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe
    + 2008-11-11 23:15 . 2008-11-11 23:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf
    + 2012-01-03 09:45 . 2012-01-03 09:45 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll
    + 2012-01-03 22:51 . 2012-01-03 22:51 37296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe
    + 2012-01-03 09:44 . 2012-01-03 09:44 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll
    + 2012-01-03 22:15 . 2012-01-03 22:15 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe
    + 2012-01-03 21:52 . 2012-01-03 21:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe
    + 2012-01-03 08:19 . 2012-01-03 08:19 16824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe
    + 2012-01-03 08:16 . 2012-01-03 08:16 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll
    + 2012-01-03 08:16 . 2012-01-03 08:16 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll
    + 2011-11-02 07:34 . 2011-11-02 07:34 92008 c:\windows\Installer\$PatchCache$\Managed\13E9CB1493D0E264E8C467B7123A1B3C\3.1.8\com.apple.DotMacSync.client_main.dll
    + 2011-11-02 07:34 . 2011-11-02 07:34 55144 c:\windows\Installer\$PatchCache$\Managed\13E9CB1493D0E264E8C467B7123A1B3C\3.1.8\com.apple.DotMacSync.client.exe
    + 2009-02-26 13:06 . 2009-02-26 13:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
    + 2009-02-26 13:06 . 2009-02-26 13:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
    + 2009-02-26 13:09 . 2009-02-26 13:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
    + 2009-02-26 18:43 . 2009-02-26 18:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
    + 2009-02-26 17:45 . 2009-02-26 17:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
    + 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
    + 2009-02-26 14:24 . 2009-02-26 14:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
    + 2009-02-26 14:24 . 2009-02-26 14:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
    + 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
    + 2009-04-02 12:01 . 2009-04-02 12:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
    + 2009-04-03 18:46 . 2009-04-03 18:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
    + 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
    + 2009-02-26 18:43 . 2009-02-26 18:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
    + 2009-02-26 17:45 . 2009-02-26 17:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
    + 2009-02-26 13:06 . 2009-02-26 13:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
    + 2009-02-26 13:06 . 2009-02-26 13:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
    + 2010-04-14 15:22 . 2010-04-14 15:22 16384 c:\windows\Hewlett-Packard\SystemDiags.dll
    - 2009-07-23 21:52 . 2009-07-23 21:52 16384 c:\windows\Hewlett-Packard\SystemDiags.dll
    + 2010-04-14 09:35 . 2010-04-14 09:35 36864 c:\windows\Hewlett-Packard\Installer.exe
    + 2012-05-13 10:44 . 2012-05-13 10:44 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll
    + 2012-05-13 10:44 . 2012-05-13 10:44 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll
    + 2012-05-13 10:44 . 2012-05-13 10:44 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll
    + 2012-05-13 10:39 . 2012-05-13 10:39 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll
    + 2012-05-13 10:30 . 2012-05-13 10:30 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll
    + 2012-05-12 22:33 . 2012-05-12 22:33 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe
    + 2012-05-12 22:33 . 2012-05-12 22:33 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll
    + 2012-05-13 10:55 . 2012-05-13 10:55 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4add87007e0864467659e6a248a7fe06\UIAutomationProvider.ni.dll
    + 2012-05-13 10:59 . 2012-05-13 10:59 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\28caa2ab8a4999900321b653e8b6ddc1\System.Windows.Presentation.ni.dll
    + 2012-05-13 10:59 . 2012-05-13 10:59 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\4967f3e8b106851802f212e963bb8735\System.Web.ApplicationServices.ni.dll
    + 2012-05-13 10:59 . 2012-05-13 10:59 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll
    + 2012-05-13 10:56 . 2012-05-13 10:56 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a5c37bc9caf315df294f8b680a1ccd6f\System.AddIn.Contract.ni.dll
    + 2012-06-16 14:48 . 2012-06-16 14:48 67072 c:\windows\assembly\NativeImages_v4.0.30319_32\PHOTOfunSTUDIO\484494848cbd34505504dbdaefc8e36a\PHOTOfunSTUDIO.ni.exe
    + 2012-06-16 14:36 . 2012-06-16 14:36 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\PFAC\448339e515640c09589145952ae32f7f\PFAC.ni.exe
    + 2012-06-04 13:59 . 2012-06-04 13:59 10752 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.SMS.Exten#\e2f2f627980bf4e3ec17199e90b9ed08\Panasonic.SMS.Extension.ni.dll
    + 2012-06-04 13:58 . 2012-06-04 13:58 23552 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Framework#\5dfa7dc72e99d8f6e03eb70e776a8dfb\Panasonic.Framework.Extension.ni.dll
    + 2012-06-16 14:33 . 2012-06-16 14:33 33280 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Spec#\f26beaea39d1d9ce2f55dfbebe21ec6f\Panasonic.Core.Spec.Plugin.StillPicture.ni.dll
    + 2012-06-04 13:58 . 2012-06-04 13:58 29696 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Spec#\cb172b65c4431043bd69f88f4710e14d\Panasonic.Core.Spec.PluginFactory.ni.dll
    + 2012-06-04 13:58 . 2012-06-04 13:58 91648 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Help#\94b064ae8fd1be2cb9c416d0af48ebc6\Panasonic.Core.Helper.UAC.ni.dll
    + 2012-06-04 13:58 . 2012-06-04 13:58 95232 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Help#\14e17ed4e5176c526171c7c270a000d3\Panasonic.Core.Helper.AutoPlay.ni.dll
    + 2012-06-04 13:58 . 2012-06-04 13:58 17408 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Core#\0c2d0e01b95d177558b130fea4aa67ef\Panasonic.Core.CoreException.ni.dll
    + 2012-06-04 14:00 . 2012-06-04 14:00 83456 c:\windows\assembly\NativeImages_v4.0.30319_32\MovieRetouch\799e19a4c9421268c8ad6a2f3d68a524\MovieRetouch.ni.exe
    + 2012-05-13 10:54 . 2012-05-13 10:54 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\5ccc57bb582bf753166610089f204601\Microsoft.VisualC.ni.dll
    + 2012-06-04 14:00 . 2012-06-04 14:00 75776 c:\windows\assembly\NativeImages_v4.0.30319_32\Leadtools.Windows.M#\563a3ecd5e56ab502cee0a1712f56333\Leadtools.Windows.Media.TransitionBase.ni.dll
    + 2012-06-04 14:00 . 2012-06-04 14:00 17408 c:\windows\assembly\NativeImages_v4.0.30319_32\ApplicationFramewor#\452f6c90a52d10aa43e136ec81d51a43\ApplicationFramework.View.Effects.ni.dll
    + 2012-05-13 10:54 . 2012-05-13 10:54 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\414da765b5d5bb7fde97c0ea22de7d74\Accessibility.ni.dll
    + 2012-05-13 10:29 . 2012-05-13 10:29 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll
    + 2012-06-16 15:15 . 2012-06-16 15:15 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
    + 2012-05-13 10:28 . 2012-05-13 10:28 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\acd8bdefdcae0ce7c27b5ec016ef865c\System.Web.DynamicData.Design.ni.dll
    + 2012-05-13 10:18 . 2012-05-13 10:18 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\ee709a01b51c82626f4b2c1173f2db28\stdole.ni.dll
    + 2012-05-13 10:25 . 2012-05-13 10:25 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe
    + 2012-05-13 09:59 . 2012-05-13 09:59 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\1a359e9b908a2565c546a8ca04b241c2\PresentationCFFRasterizer.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
    + 2012-05-13 10:24 . 2012-05-13 10:24 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll
    + 2012-05-13 09:55 . 2012-05-13 09:55 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\3c3a6cce983114e7406e0a6e6116ecd8\Microsoft.VisualC.ni.dll
    + 2012-05-13 10:18 . 2012-05-13 10:18 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll
    + 2012-05-13 10:20 . 2012-05-13 10:20 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe
    + 2012-05-13 10:18 . 2012-05-13 10:18 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll
    + 2012-05-13 10:18 . 2012-05-13 10:18 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\1cd9f92749d29b9fd61fcb1c4ae84294\ehiTVMSMusic.ni.dll
    + 2012-05-13 10:17 . 2012-05-13 10:17 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe
    + 2012-05-13 09:59 . 2012-05-13 09:59 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\ae9311dcb0e713330a2a86b04cf361dc\Accessibility.ni.dll
    + 2012-06-16 14:07 . 2012-06-16 14:07 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\6f2890f46db84bc57f09b9e898dcc0e2\WindowsLiveWriter.ni.exe
    + 2012-05-13 10:47 . 2012-05-13 10:47 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b139a1cda26d066860aaa83ff1f0ff91\WindowsLive.Writer.Passport.ni.dll
    + 2012-05-13 10:06 . 2012-05-13 10:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
    + 2012-05-13 10:53 . 2012-05-13 10:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll
    + 2012-06-16 14:21 . 2012-06-16 14:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
    + 2012-05-13 10:51 . 2012-05-13 10:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-05-13 10:09 . 2012-05-13 10:09 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
    + 2012-05-13 10:49 . 2012-05-13 10:49 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d246780b91fd9f6393e85fb13bde94a6\stdole.ni.dll
    + 2012-05-13 10:51 . 2012-05-13 10:51 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe
    + 2012-05-13 10:06 . 2012-05-13 10:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
    + 2012-05-13 10:51 . 2012-05-13 10:51 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
    + 2012-05-13 10:50 . 2012-05-13 10:50 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
    + 2012-05-13 10:46 . 2012-05-13 10:46 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll
    + 2012-05-13 10:05 . 2012-05-13 10:05 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
    + 2012-05-13 10:49 . 2012-05-13 10:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll
    + 2012-05-13 10:49 . 2012-05-13 10:49 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll
    + 2012-05-13 10:48 . 2012-05-13 10:48 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll
    + 2012-05-13 10:46 . 2012-05-13 10:46 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\763299b8e4ac3c909c996e1eb37c5939\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
    + 2012-05-13 10:48 . 2012-05-13 10:48 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe
    + 2012-05-13 10:06 . 2012-05-13 10:06 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
    + 2012-06-04 13:54 . 2012-06-04 13:54 10096 c:\windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\policy.3.5.System.Data.SqlServerCe.dll
    + 2012-06-04 13:54 . 2012-06-04 13:54 10096 c:\windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91\policy.3.5.System.Data.SqlServerCe.Entity.dll
    + 2012-06-04 13:54 . 2012-06-04 13:54 92016 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.SqlServerCe.dll
    + 2012-03-03 09:05 . 2012-03-03 09:05 73728 c:\windows\assembly\GAC_MSIL\Google.GData.YouTube\1.9.0.0__af04a32718ae8833\Google.GData.YouTube.dll
    + 2012-03-03 09:05 . 2012-03-03 09:05 90112 c:\windows\assembly\GAC_MSIL\Google.GData.Extensions\1.9.0.0__0b4c5df2ebf20876\Google.GData.Extensions.dll
    + 2012-03-08 10:45 . 2012-03-08 10:45 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
    + 2012-03-08 10:45 . 2012-03-08 10:45 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2009-12-26 01:01 . 2009-12-26 01:01 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2009-07-14 00:19 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wmi.dll
    + 2012-04-20 19:28 . 2012-03-01 05:29 5120 c:\windows\SysWOW64\wmi.dll
    + 2011-12-15 20:30 . 2011-11-05 04:26 2048 c:\windows\SysWOW64\tzres.dll
    - 2011-08-24 19:54 . 2011-07-09 04:29 2048 c:\windows\SysWOW64\tzres.dll
    + 2012-07-16 19:28 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
    - 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
    + 2012-06-04 14:21 . 2004-03-03 05:10 4943 c:\windows\SysWOW64\EPPICPattern6.dat
    + 2012-04-20 19:28 . 2012-03-01 06:28 5120 c:\windows\system32\wmi.dll
    - 2009-07-14 00:41 . 2009-07-14 01:33 5120 c:\windows\system32\wmi.dll
    + 2010-03-30 18:46 . 2012-08-25 22:01 6946 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2009-10-20 08:25 . 2011-11-16 17:17 2894 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1632850937-2603528192-2068011120-500_UserData.bin
    - 2011-08-24 19:54 . 2011-07-09 05:26 2048 c:\windows\system32\tzres.dll
    + 2011-12-15 20:30 . 2011-11-05 05:32 2048 c:\windows\system32\tzres.dll
    + 2012-06-16 08:04 . 2012-04-26 05:34 9216 c:\windows\system32\rdrmemptylst.exe
    + 2012-07-16 19:28 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
    - 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
    - 2011-11-15 21:05 . 2011-11-15 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-16 16:24 . 2012-09-16 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-16 16:24 . 2012-09-16 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-11-15 21:05 . 2011-11-15 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-13 10:59 . 2012-05-13 10:59 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\5d0529cca67ada47749f5373ae050a4a\System.Xml.Serialization.ni.dll
    + 2012-05-13 10:54 . 2012-05-13 10:54 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe
    - 2011-05-13 14:42 . 2011-05-13 14:42 302448 c:\windows\WLXPGSS.SCR
    + 2012-03-08 17:37 . 2012-03-08 17:37 302448 c:\windows\WLXPGSS.SCR
    + 2012-02-14 21:04 . 2009-09-04 17:44 515416 c:\windows\SysWOW64\XAudio2_5.dll
    - 2011-05-12 19:40 . 2009-09-04 16:44 515416 c:\windows\SysWOW64\XAudio2_5.dll
    + 2012-04-20 19:28 . 2012-03-01 05:37 172544 c:\windows\SysWOW64\wintrust.dll
    - 2011-07-02 21:00 . 2010-11-20 12:21 492032 c:\windows\SysWOW64\win32spl.dll
    + 2012-08-16 18:42 . 2012-02-11 05:43 492032 c:\windows\SysWOW64\win32spl.dll
    - 2011-07-02 21:00 . 2010-11-20 12:21 314880 c:\windows\SysWOW64\webio.dll
    + 2012-01-28 13:21 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
    + 2012-08-19 17:12 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 231936 c:\windows\SysWOW64\url.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 107816 c:\windows\SysWOW64\SynTPCOM.dll
    - 2009-07-14 23:13 . 2009-07-14 23:13 107816 c:\windows\SysWOW64\SynTPCOM.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 222504 c:\windows\SysWOW64\SynCtrl.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 177448 c:\windows\SysWOW64\SynCOM.dll
    + 2012-07-16 19:28 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
    + 2012-03-13 17:19 . 2012-02-17 05:34 826880 c:\windows\SysWOW64\rdpcore.dll
    - 2009-07-14 00:05 . 2009-07-14 01:16 465408 c:\windows\SysWOW64\psisdecd.dll
    + 2011-11-16 01:15 . 2011-08-17 04:24 465408 c:\windows\SysWOW64\psisdecd.dll
    + 2012-06-04 14:21 . 2007-06-21 23:10 501912 c:\windows\SysWOW64\PICSDK2.dll
    + 2012-06-04 14:21 . 2006-10-19 23:10 108704 c:\windows\SysWOW64\PICEntry.dll
    + 2011-11-16 01:14 . 2011-08-27 04:26 571904 c:\windows\SysWOW64\oleaut32.dll
    - 2011-06-17 19:37 . 2011-02-25 05:34 571904 c:\windows\SysWOW64\oleaut32.dll
    + 2011-11-16 01:14 . 2011-08-27 04:26 233472 c:\windows\SysWOW64\oleacc.dll
    - 2009-07-13 23:26 . 2009-07-14 01:16 233472 c:\windows\SysWOW64\oleacc.dll
    + 2012-02-16 16:25 . 2012-01-04 08:58 442880 c:\windows\SysWOW64\ntshrui.dll
    - 2011-07-02 20:59 . 2010-11-20 12:20 442880 c:\windows\SysWOW64\ntshrui.dll
    - 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
    + 2012-07-16 19:28 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
    + 2012-02-16 16:21 . 2011-12-16 07:52 690688 c:\windows\SysWOW64\msvcrt.dll
    - 2009-07-13 23:12 . 2009-07-14 01:15 690688 c:\windows\SysWOW64\msvcrt.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 773968 c:\windows\SysWOW64\msvcr100.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 421200 c:\windows\SysWOW64\msvcp100.dll
    + 2012-08-29 15:38 . 2012-08-29 15:38 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    + 2012-08-29 15:38 . 2012-08-29 15:38 474824 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
    + 2012-08-16 18:50 . 2012-08-16 18:50 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
    + 2012-03-29 16:18 . 2012-08-29 15:38 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    + 2012-08-19 17:12 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
    - 2011-07-02 12:52 . 2011-05-04 03:52 157472 c:\windows\SysWOW64\javaws.exe
    + 2012-01-28 18:45 . 2012-01-28 18:45 157472 c:\windows\SysWOW64\javaws.exe
    - 2011-07-02 12:52 . 2011-05-04 03:52 145184 c:\windows\SysWOW64\javaw.exe
    + 2012-01-28 18:45 . 2012-01-28 18:45 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-07-02 12:52 . 2011-05-04 03:52 145184 c:\windows\SysWOW64\java.exe
    + 2012-01-28 18:45 . 2012-01-28 18:45 145184 c:\windows\SysWOW64\java.exe
    + 2011-11-16 01:12 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
    - 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
    + 2012-04-20 19:28 . 2012-03-01 05:33 159232 c:\windows\SysWOW64\imagehlp.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-08-19 17:12 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-08-19 17:12 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
    - 2011-09-12 17:08 . 2011-09-12 17:08 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-06-04 14:21 . 2006-10-30 23:10 120992 c:\windows\SysWOW64\EpPicPrt.dll
    + 2012-06-04 14:21 . 2005-05-31 23:20 111932 c:\windows\SysWOW64\EPPICPrinterDB.dat
    + 2011-12-15 20:30 . 2011-10-15 05:38 534528 c:\windows\SysWOW64\EncDec.dll
    - 2011-03-08 21:30 . 2010-12-23 05:54 534528 c:\windows\SysWOW64\EncDec.dll
    - 2011-07-02 12:52 . 2011-05-04 03:52 472808 c:\windows\SysWOW64\deployJava1.dll
    + 2011-07-02 12:52 . 2012-01-28 18:45 472808 c:\windows\SysWOW64\deployJava1.dll
    + 2012-02-14 21:04 . 2009-09-04 17:29 453456 c:\windows\SysWOW64\d3dx10_42.dll
    - 2011-05-12 19:40 . 2009-09-04 16:29 453456 c:\windows\SysWOW64\d3dx10_42.dll
    + 2012-06-16 08:19 . 2012-04-24 04:36 140288 c:\windows\SysWOW64\cryptsvc.dll
    + 2012-06-16 08:19 . 2012-04-24 04:36 103936 c:\windows\SysWOW64\cryptnet.dll
    - 2010-01-24 10:26 . 2011-04-20 19:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-01-24 10:26 . 2012-03-12 16:54 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-07-16 19:26 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
    - 2011-07-02 20:58 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
    + 2011-06-11 01:58 . 2011-06-11 01:58 138056 c:\windows\SysWOW64\atl100.dll
    + 2012-06-21 18:57 . 2012-06-02 14:19 186752 c:\windows\system32\wuwebv.dll
    + 2012-06-21 18:57 . 2012-06-02 22:19 701976 c:\windows\system32\wuapi.dll
    + 2012-04-20 19:28 . 2012-03-01 06:38 220672 c:\windows\system32\wintrust.dll
    - 2011-07-02 21:00 . 2010-11-20 13:27 220672 c:\windows\system32\wintrust.dll
    + 2012-08-16 18:42 . 2012-02-11 06:43 751104 c:\windows\system32\win32spl.dll
    - 2011-07-02 21:00 . 2010-11-20 13:27 751104 c:\windows\system32\win32spl.dll
    - 2011-07-02 21:00 . 2010-11-20 13:27 395776 c:\windows\system32\webio.dll
    + 2012-01-28 13:21 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
    + 2010-01-18 15:39 . 2012-09-06 19:34 214392 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2010-01-02 21:27 . 2012-09-01 21:30 301788 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2011-09-12 17:08 . 2011-09-12 17:08 237056 c:\windows\system32\url.dll
    + 2012-08-19 17:12 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 148776 c:\windows\system32\SynTPCo9.dll
    - 2009-07-14 23:13 . 2009-07-14 23:13 147752 c:\windows\system32\SynTPCo4.dll
    + 2012-01-28 14:01 . 2012-01-28 14:00 147752 c:\windows\system32\SynTPCo4.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 226600 c:\windows\system32\SynTPAPI.dll
    + 2011-10-14 03:35 . 2011-10-14 03:35 277800 c:\windows\system32\SynCtrl.dll
    + 2012-01-28 14:01 . 2011-10-14 03:35 415528 c:\windows\system32\SynCOM.dll
    - 2011-07-02 20:59 . 2010-11-20 13:27 136192 c:\windows\system32\sspicli.dll
    + 2012-01-28 13:21 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
    + 2012-08-16 18:27 . 2012-05-05 08:36 503808 c:\windows\system32\srcore.dll
    - 2011-07-02 21:00 . 2010-11-20 13:25 559104 c:\windows\system32\spoolsv.exe
    + 2012-08-16 18:42 . 2012-02-11 06:36 559104 c:\windows\system32\spoolsv.exe
    + 2009-08-22 10:47 . 2009-02-27 03:42 863128 c:\windows\system32\spool\drivers\x64\msonpdrv.dll
    - 2011-07-02 21:01 . 2010-11-20 13:27 340992 c:\windows\system32\schannel.dll
    + 2012-07-16 19:28 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
    - 2011-07-02 20:59 . 2010-11-20 13:27 149504 c:\windows\system32\rdpcorekmts.dll
    + 2012-06-16 08:04 . 2012-04-26 05:41 149504 c:\windows\system32\rdpcorekmts.dll
    + 2011-11-16 01:15 . 2011-08-17 05:26 613888 c:\windows\system32\psisdecd.dll
    - 2009-07-14 00:20 . 2009-07-14 01:41 613888 c:\windows\system32\psisdecd.dll
    - 2011-07-02 21:00 . 2010-11-20 13:27 209920 c:\windows\system32\profsvc.dll
    + 2012-06-16 07:53 . 2012-05-01 05:40 209920 c:\windows\system32\profsvc.dll
    + 2009-07-14 02:36 . 2012-09-13 19:43 628874 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-09-13 19:43 111026 c:\windows\system32\perfc009.dat
    - 2011-06-17 19:37 . 2011-02-25 06:22 861696 c:\windows\system32\oleaut32.dll
    + 2011-11-16 01:14 . 2011-08-27 05:37 861696 c:\windows\system32\oleaut32.dll
    + 2011-11-16 01:14 . 2011-08-27 05:37 331776 c:\windows\system32\oleacc.dll
    - 2009-07-13 23:39 . 2009-07-14 01:41 331776 c:\windows\system32\oleacc.dll
    + 2012-02-16 16:25 . 2012-01-04 10:44 509952 c:\windows\system32\ntshrui.dll
    - 2011-07-02 21:00 . 2010-11-20 13:27 509952 c:\windows\system32\ntshrui.dll
    + 2012-07-16 19:28 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
    - 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
    - 2009-07-13 23:19 . 2009-07-14 01:41 6


  • #20
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    delete this folder in bold

    c:\programdata\dciepjphdmrmncs


    then we are all done unless there are any issues.


  • #21
    Hedgecutter
    Registered Users, Registered Users 2 Posts: 1,065 ✭✭✭Hedgecutter


    ASJ112 wrote: »
    delete this folder in bold

    c:\programdata\dciepjphdmrmncs


    then we are all done unless there are any issues.

    Cheers ASJ1122


  • Advertisement
  • #22
    Anthonyk2010
    Registered Users, Registered Users 2 Posts: 295 ✭✭Anthonyk2010


    ASJ112 wrote: »
    delete this folder in bold

    c:\programdata\dciepjphdmrmncs


    then we are all done unless there are any issues.

    Working like a dream again ASJ. Thank you.
    How do you know which folder it was ?


  • #23
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    well it was a few different files/folders that were deleted during the process, that was just a left over entry. Randomly named file/folders are often malware related


  • #24
    Anthonyk2010
    Registered Users, Registered Users 2 Posts: 295 ✭✭Anthonyk2010


    ASJ112 wrote: »
    well it was a few different files/folders that were deleted during the process, that was just a left over entry. Randomly named file/folders are often malware related

    Thanks again. Appreciate your help.


Advertisement