TT_OTL

OTL logfile created on: 12/10/2012 12:23:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Deanne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.96% Memory free
7.50 Gb Paging File | 5.42 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.38 Gb Total Space | 761.51 Gb Free Space | 83.10% Space Free | Partition Type: NTFS
Drive D: | 15.03 Gb Total Space | 1.86 Gb Free Space | 12.37% Space Free | Partition Type: NTFS

Computer Name: DEANNE-HP | User Name: Deanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/12/10 00:20:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deanne\Desktop\OTL.scr
PRC - [2012/12/08 11:39:26 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/01 08:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
PRC - [2012/11/01 08:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
PRC - [2012/11/01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
PRC - [2012/10/31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/08/16 09:21:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Deanne\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/07/14 09:29:24 | 000,026,168 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2010/07/14 09:28:12 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2010/06/23 13:09:36 | 000,125,552 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/06/18 15:30:46 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/06/17 17:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/06/12 19:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/29 17:57:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/08/24 20:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/12/08 11:39:00 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/25 13:19:40 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/06/13 02:34:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 02:33:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/13 02:19:34 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
MOD - [2012/06/13 02:12:27 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 02:12:24 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 02:12:18 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 02:12:17 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/12 12:31:47 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
MOD - [2012/05/12 12:31:46 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012/05/12 12:30:06 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/12 12:30:06 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012/05/12 12:30:05 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 12:26:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 12:23:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 12:23:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 12:23:44 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 12:23:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 12:23:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 12:23:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 12:22:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 12:22:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 22:25:31 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 22:25:28 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 22:25:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 22:25:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 22:25:17 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/25 21:55:24 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/17 18:11:58 | 001,699,384 | ---- | M] () -- C:\Users\Deanne\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/06/17 18:00:10 | 012,286,520 | ---- | M] () -- C:\Users\Deanne\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/02/09 19:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 19:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 19:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 19:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 19:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 19:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 19:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 19:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012/11/07 17:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:[b]64bit:[/b] - [2012/08/16 09:23:17 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:[b]64bit:[/b] - [2012/03/26 17:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2012/03/26 17:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2010/05/12 00:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010/04/29 17:57:24 | 000,944,928 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:[b]64bit:[/b] - [2009/11/17 05:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/12/08 11:39:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012/10/31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/14 09:28:12 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2010/06/23 13:09:36 | 000,125,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/12 19:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/03/20 19:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:[b]64bit:[/b] - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:[b]64bit:[/b] - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/11 03:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:[b]64bit:[/b] - [2010/09/24 02:38:49 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2010/07/13 18:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:[b]64bit:[/b] - [2010/06/18 15:31:30 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2010/05/12 00:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010/05/11 23:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010/05/03 16:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010/04/29 20:01:24 | 000,340,520 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:[b]64bit:[/b] - [2010/04/29 20:00:36 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2010/04/29 20:00:34 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2010/04/29 20:00:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2010/04/29 20:00:32 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2010/02/05 22:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/02/05 22:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/12/04 02:41:28 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {08F9ECC3-87ED-4AF0-BF15-1EF962D2816F}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{08F9ECC3-87ED-4AF0-BF15-1EF962D2816F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{A418DB94-2828-4D1B-87FF-CB70BE11BDBA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B75B229E-5675-4670-B9BE-2394AE993282}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{FCFE2D47-2199-40BA-99EA-7B2AE9848DAC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {08F9ECC3-87ED-4AF0-BF15-1EF962D2816F}
IE - HKLM\..\SearchScopes\{08F9ECC3-87ED-4AF0-BF15-1EF962D2816F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{A418DB94-2828-4D1B-87FF-CB70BE11BDBA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{B75B229E-5675-4670-B9BE-2394AE993282}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{FCFE2D47-2199-40BA-99EA-7B2AE9848DAC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {08F9ECC3-87ED-4AF0-BF15-1EF962D2816F}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {08F9ECC3-87ED-4AF0-BF15-1EF962D2816F}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\SearchScopes,DefaultScope = {5918AFB6-FA37-46B9-9617-F6B212E32575}
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\SearchScopes\{5918AFB6-FA37-46B9-9617-F6B212E32575}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\SearchScopes\{A418DB94-2828-4D1B-87FF-CB70BE11BDBA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\SearchScopes\{B75B229E-5675-4670-B9BE-2394AE993282}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\SearchScopes\{E10B9092-8EDA-4C8A-B542-E6EA08210D5F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\SearchScopes\{FCFE2D47-2199-40BA-99EA-7B2AE9848DAC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/09/24 02:48:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/09/24 02:48:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/18 22:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 11:39:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/18 22:30:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 11:39:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/11 09:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deanne\AppData\Roaming\Mozilla\Extensions
[2012/12/09 15:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deanne\AppData\Roaming\Mozilla\Firefox\Profiles\fuav0843.default\extensions
[2012/12/09 15:56:49 | 000,194,065 | ---- | M] () (No name found) -- C:\Users\Deanne\AppData\Roaming\Mozilla\Firefox\Profiles\fuav0843.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012/12/08 11:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/08 11:39:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/08 11:39:26 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/16 09:44:57 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/16 09:44:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/16 09:44:57 | 000,001,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/09/16 09:44:57 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/10/14 13:41:32 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/09/16 09:44:57 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/16 09:44:57 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1580667454-1155120739-2748471355-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Deanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Deanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Deanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\DH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC042F7A-E9A8-44C4-9462-27ACA4114008}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC042F7A-E9A8-44C4-9462-27ACA4114008}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E37C8F73-7085-44AF-97DA-15E2DB28BC7A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E37C8F73-7085-44AF-97DA-15E2DB28BC7A}: NameServer = 8.26.56.26,156.154.70.22
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:[b]64bit:[/b] 66842018.sys - Driver
SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - Service
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 66842018.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] 66842018.sys - Driver
SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] BFE - Service
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] MPSSvc - Service
SafeBootNet:[b]64bit:[/b] MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - Service
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 66842018.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{707b55c2-84be-42f0-9864-d04b805cc107} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2012/12/10 00:20:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Deanne\Desktop\OTL.scr
[2012/12/09 16:05:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/08 19:40:27 | 000,000,000 | ---D | C] -- C:\Users\Deanne\Desktop\RK_Quarantine
[2012/12/08 19:06:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Deanne\Desktop\tdsskiller.exe
[2012/12/08 18:14:37 | 000,000,000 | ---D | C] -- C:\Users\Deanne\Desktop\mine
[2012/12/08 11:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/04 02:41:28 | 000,037,976 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysWow64\drivers\CFRMD.sys
[2012/11/25 13:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/25 13:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/13 20:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012/11/04 14:29:33 | 000,000,000 | ---D | C] -- C:\Users\Deanne\Documents\Cell phone Back up
[2012/10/31 00:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/31 00:15:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/31 00:14:54 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/30 21:31:53 | 000,000,000 | ---D | C] -- C:\Users\Deanne\AppData\Roaming\Softland
[2012/10/30 21:31:52 | 000,025,480 | ---- | C] (Softland) -- C:\Windows\SysNative\dopdfmn7.dll
[2012/10/30 21:31:52 | 000,020,872 | ---- | C] (Softland) -- C:\Windows\SysNative\dopdfmi7.dll
[2012/10/30 21:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2012/10/30 21:31:51 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2012/10/30 21:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2012/10/30 21:31:05 | 004,240,488 | ---- | C] (Softland                                                    ) -- C:\Users\Deanne\Documents\dopdf-7.exe
[2012/10/23 20:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/23 20:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/23 20:45:21 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/10/23 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/23 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/23 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/23 20:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/18 22:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CrashPlan
[2012/10/18 22:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\CrashPlan
[2012/10/18 22:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2012/10/18 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\Deanne\AppData\Roaming\CrashPlan
[2012/10/09 21:55:10 | 000,000,000 | ---D | C] -- C:\Users\Deanne\AppData\Roaming\MusicBrainz
[2012/10/09 21:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2012/09/17 21:24:47 | 000,000,000 | ---D | C] -- C:\Users\Deanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JFAS
[2012/09/17 21:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFAS
[2012/09/17 21:24:46 | 000,355,384 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\exclexpt.dll
[2012/09/17 21:24:45 | 001,827,384 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\arpro2.dll
[2012/09/17 21:24:45 | 000,604,728 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\Arview2.ocx
[2012/09/17 21:24:45 | 000,375,864 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\pdfexpt.dll
[2012/09/17 21:24:45 | 000,130,104 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\textexpt.dll
[2012/09/17 21:24:44 | 001,287,592 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\SysWow64\EDT32X30.OCX
[2012/09/17 21:24:44 | 000,688,128 | ---- | C] (DevPower Solutions) -- C:\Windows\SysWow64\ButtonBar.ocx
[2012/09/17 21:24:44 | 000,488,448 | ---- | C] (Janus Systems SA de CV) -- C:\Windows\SysWow64\GridEX20.ocx
[2012/09/17 21:24:44 | 000,440,016 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\SysWow64\TAB32X30.OCX
[2012/09/17 21:24:44 | 000,178,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMask32.ocx
[2012/09/17 21:24:44 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012/09/17 21:24:44 | 000,119,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomm32.ocx
[2012/09/17 21:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2012/09/17 21:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/09/17 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/09/17 21:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Jazzercise
[2012/09/17 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jazzercise
[2012/09/17 21:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/09/17 19:31:14 | 000,000,000 | ---D | C] -- C:\Users\Deanne\AppData\Roaming\pdf995
[2012/09/17 19:30:26 | 000,314,368 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\pdfmona64.dll
[2012/09/17 19:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\pdf995
[2012/09/17 19:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2012/12/10 00:20:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deanne\Desktop\OTL.scr
[2012/12/10 00:18:54 | 000,000,204 | ---- | M] () -- C:\Users\Deanne\Desktop\Fix.reg
[2012/12/10 00:10:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 00:10:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 00:07:58 | 000,849,048 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/10 00:07:58 | 000,709,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/10 00:07:58 | 000,140,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/10 00:03:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/10 00:03:07 | 3019,345,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 19:39:55 | 000,753,152 | ---- | M] () -- C:\Users\Deanne\Desktop\RogueKiller.exe
[2012/12/08 19:06:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Deanne\Desktop\tdsskiller.exe
[2012/12/08 16:56:05 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/08 16:56:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/04 02:41:28 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysWow64\drivers\CFRMD.sys
[2012/11/26 18:59:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDeanne.job
[2012/11/25 13:19:55 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/13 20:01:36 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/11/13 20:01:36 | 000,002,045 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/11/13 20:01:36 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/11/07 17:37:57 | 000,022,736 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/11/07 17:37:36 | 000,041,240 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/11/07 17:37:34 | 000,301,264 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/11/07 17:37:31 | 000,390,392 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/10/31 00:14:50 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/31 00:14:48 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/31 00:14:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/31 00:14:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/31 00:14:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/10/31 00:14:47 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/10/30 21:45:25 | 000,673,375 | ---- | M] () -- C:\Users\Deanne\Documents\Back of - Insert for halloween-two lower.pdf
[2012/10/30 21:34:01 | 000,673,391 | ---- | M] () -- C:\Users\Deanne\Documents\Back of - Insert for halloween.pdf
[2012/10/30 21:31:09 | 004,240,488 | ---- | M] (Softland                                                    ) -- C:\Users\Deanne\Documents\dopdf-7.exe
[2012/10/23 20:45:35 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/18 22:28:57 | 000,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/10/18 18:08:37 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 11:50:18 | 000,025,480 | ---- | M] (Softland) -- C:\Windows\SysNative\dopdfmn7.dll
[2012/10/03 11:50:16 | 000,020,872 | ---- | M] (Softland) -- C:\Windows\SysNative\dopdfmi7.dll
[2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/17 21:24:47 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\JFAS.lnk
[2012/09/17 21:24:26 | 000,799,190 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/17 19:30:26 | 000,047,616 | ---- | M] () -- C:\Windows\SysWow64\pdf995mon64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/12/10 00:18:54 | 000,000,204 | ---- | C] () -- C:\Users\Deanne\Desktop\Fix.reg
[2012/12/08 19:39:46 | 000,753,152 | ---- | C] () -- C:\Users\Deanne\Desktop\RogueKiller.exe
[2012/11/25 13:29:33 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDeanne.job
[2012/11/25 13:19:55 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/10/30 21:45:23 | 000,673,375 | ---- | C] () -- C:\Users\Deanne\Documents\Back of - Insert for halloween-two lower.pdf
[2012/10/30 21:33:59 | 000,673,391 | ---- | C] () -- C:\Users\Deanne\Documents\Back of - Insert for halloween.pdf
[2012/10/30 21:31:52 | 000,007,549 | ---- | C] () -- C:\Windows\SysNative\dopdf7.ctm
[2012/10/23 20:45:35 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/18 22:28:57 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/10/09 21:54:57 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[2012/09/17 21:24:47 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\JFAS.lnk
[2012/09/17 19:30:26 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/09/17 19:30:26 | 000,047,616 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64.dll
[2012/09/17 19:30:26 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64ui.dll
[2012/09/17 19:30:26 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2012/08/18 21:30:30 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/08/18 21:30:30 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2012/08/18 13:22:37 | 007,277,148 | ---- | C] () -- C:\Users\Deanne\AppData\Local\census.cache
[2012/08/18 13:22:28 | 000,114,857 | ---- | C] () -- C:\Users\Deanne\AppData\Local\ars.cache
[2012/08/18 13:13:40 | 000,000,036 | ---- | C] () -- C:\Users\Deanne\AppData\Local\housecall.guid.cache
[2011/08/18 22:13:45 | 000,226,406 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/08/14 13:20:45 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2011/12/22 14:43:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1580667454-1155120739-2748471355-1001\$RYZOCYK\Noah_And_The_Whale\L.I.F.E.G.O.E.S.O.N
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012/06/26 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\com.amazon.music.uploader
[2012/10/18 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\CrashPlan
[2011/06/10 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\DisplayTune
[2012/12/10 00:06:33 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Dropbox
[2012/11/03 10:04:31 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\HandBrake
[2012/10/09 21:55:10 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\MusicBrainz
[2011/08/25 22:01:01 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\OpenOffice.org
[2011/07/18 06:29:19 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\OverDrive
[2012/09/17 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\pdf995
[2011/06/10 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\PictureMover
[2012/05/30 07:15:11 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\SharePod
[2012/10/30 21:31:53 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Softland
[2012/09/17 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\TaxCut
[2011/06/16 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\TP
[2012/03/04 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\WinBatch
[2012/10/31 00:13:39 | 000,000,000 | ---D | M] -- C:\Users\DH\AppData\Roaming\CrashPlan
[2011/08/25 21:59:40 | 000,000,000 | ---D | M] -- C:\Users\DH\AppData\Roaming\OpenOffice.org
[2011/06/10 20:44:56 | 000,000,000 | ---D | M] -- C:\Users\DH\AppData\Roaming\PictureMover
[2011/08/25 21:25:20 | 000,000,000 | ---D | M] -- C:\Users\DH\AppData\Roaming\WinBatch
[2011/06/23 23:08:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PictureMover

[color=#E56717]========== Purity Check ==========[/color]


[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2009/07/24 13:22:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/12/10 00:03:07 | 3019,345,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 22:00:11 | 000,000,040 | ---- | M] () -- C:\log.txt
[2010/09/24 04:31:55 | 000,000,000 | RHS- | M] () -- C:\OS
[2012/12/10 00:03:08 | 4025,794,560 | -HS- | M] () -- C:\pagefile.sys
[2012/12/08 19:08:15 | 000,004,046 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.12.2012_19.07.04_log.txt
[2012/12/08 19:40:08 | 000,669,858 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.12.2012_19.31.25_log.txt
[2012/12/09 16:19:38 | 000,884,286 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.12.2012_16.03.54_log.txt

[color=#A23BEC]< %USERPROFILE%\*.* >[/color]
[2012/12/10 00:33:08 | 005,242,880 | -HS- | M] () -- C:\Users\Deanne\NTUSER.DAT
[2012/12/10 00:33:08 | 000,262,144 | -HS- | M] () -- C:\Users\Deanne\ntuser.dat.LOG1
[2011/06/10 20:19:38 | 000,000,000 | -HS- | M] () -- C:\Users\Deanne\ntuser.dat.LOG2
[2011/06/10 20:43:07 | 000,065,536 | -HS- | M] () -- C:\Users\Deanne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/06/10 20:43:07 | 000,524,288 | -HS- | M] () -- C:\Users\Deanne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/06/10 20:43:07 | 000,524,288 | -HS- | M] () -- C:\Users\Deanne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/06/10 20:19:38 | 000,000,020 | -HS- | M] () -- C:\Users\Deanne\ntuser.ini

[color=#A23BEC]< %USERPROFILE%\temp\*.exe >[/color]

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color]
[2012/08/19 13:20:27 | 000,114,857 | ---- | M] () -- C:\Users\Deanne\AppData\Local\ars.cache
[2012/08/19 13:27:29 | 007,277,148 | ---- | M] () -- C:\Users\Deanne\AppData\Local\census.cache
[2012/04/17 22:42:47 | 000,121,512 | ---- | M] () -- C:\Users\Deanne\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/08/18 13:13:40 | 000,000,036 | ---- | M] () -- C:\Users\Deanne\AppData\Local\housecall.guid.cache
[2012/12/09 23:56:10 | 001,337,241 | -H-- | M] () -- C:\Users\Deanne\AppData\Local\IconCache.db

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*. >[/color]
[2012/06/26 21:52:40 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Adobe
[2011/08/03 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Apple
[2011/08/03 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Apple Computer
[2011/06/10 20:19:38 | 000,000,000 | -HSD | M] -- C:\Users\Deanne\AppData\Local\Application Data
[2011/06/10 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\ATI
[2011/06/10 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Broadcom
[2012/08/20 06:29:52 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Comodo
[2012/11/04 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\CrashDumps
[2011/12/28 08:18:40 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Diagnostics
[2012/12/05 22:46:57 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\ElevatedDiagnostics
[2012/02/28 19:56:12 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\FreeScreenSharing
[2012/05/18 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Hewlett-Packard
[2011/06/10 20:19:38 | 000,000,000 | -HSD | M] -- C:\Users\Deanne\AppData\Local\History
[2011/06/16 19:22:29 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\HP
[2010/09/24 03:09:26 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\HuluDesktop
[2011/06/10 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\IsolatedStorage
[2012/06/16 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Macromedia
[2012/10/09 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Microsoft
[2011/09/13 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Microsoft Help
[2011/06/11 09:14:44 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Mozilla
[2012/10/29 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\PDFC
[2012/12/10 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\Temp
[2011/06/10 20:19:38 | 000,000,000 | -HSD | M] -- C:\Users\Deanne\AppData\Local\Temporary Internet Files
[2011/06/10 20:20:02 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\TouchSmartData
[2011/08/31 20:52:49 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Local\VirtualStore

[color=#A23BEC]< %USERPROFILE%\AppData\Local\temp\*.exe >[/color]
[2012/05/18 21:48:03 | 000,465,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Deanne\AppData\Local\temp\COMAP.EXE
[2011/08/25 22:00:33 | 003,127,456 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Deanne\AppData\Local\temp\FlashPlayerUpdate.exe
[2009/07/17 19:12:26 | 001,957,206 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Deanne\AppData\Local\temp\FP_AX_MSI_INSTALLER.exe
[2010/05/21 17:38:56 | 000,074,808 | ---- | M] (Hewlett-Packard) -- C:\Users\Deanne\AppData\Local\temp\HPHelpUpdater.exe
[2011/06/16 19:52:03 | 000,004,608 | ---- | M] () -- C:\Users\Deanne\AppData\Local\temp\i4jdel0.exe
[2011/11/14 15:08:04 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Deanne\AppData\Local\temp\jre-6u30-windows-i586-iftw-rv.exe
[2010/03/16 08:11:59 | 000,149,352 | R--- | M] (Microsoft Corporation) -- C:\Users\Deanne\AppData\Local\temp\ose00000.exe
[2010/09/14 15:05:54 | 000,036,920 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Deanne\AppData\Local\temp\Resource.exe
[2011/11/15 23:16:48 | 005,590,528 | ---- | M] (Jeffrey Harris) -- C:\Users\Deanne\AppData\Local\temp\sharepod-eject.exe
[2012/03/04 17:28:16 | 057,826,304 | ---- | M] (Hewlett-Packard Development Company, L.P.                   ) -- C:\Users\Deanne\AppData\Local\temp\sp54931.exe
[2012/11/25 13:16:22 | 041,580,520 | ---- | M] (Hewlett-Packard                                             ) -- C:\Users\Deanne\AppData\Local\temp\sp58915.exe
[2012/09/27 13:44:36 | 000,114,080 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Deanne\AppData\Local\temp\UninstallHPSA.exe
[405 C:\Users\Deanne\AppData\Local\temp\*.tmp files -> C:\Users\Deanne\AppData\Local\temp\*.tmp -> ]

[color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*. >[/color]
[2012/06/26 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Adobe
[2012/06/14 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Apple Computer
[2011/06/10 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\ATI
[2012/06/26 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\com.amazon.music.uploader
[2012/10/18 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\CrashPlan
[2012/05/18 21:48:02 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\CyberLink
[2011/06/10 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\DisplayTune
[2012/12/10 00:06:33 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Dropbox
[2012/11/03 10:04:31 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\HandBrake
[2011/06/11 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Hewlett-Packard
[2011/07/04 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\HP
[2012/08/05 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\HP Support Assistant
[2012/11/25 13:18:39 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\hpqLog
[2012/08/05 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\HpUpdate
[2011/06/10 20:27:31 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Identities
[2010/09/24 03:14:49 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Macromedia
[2012/08/19 13:33:28 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Malwarebytes
[2009/07/14 01:44:38 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Media Center Programs
[2012/11/04 14:39:44 | 000,000,000 | --SD | M] -- C:\Users\Deanne\AppData\Roaming\Microsoft
[2011/06/11 09:58:32 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Mozilla
[2012/10/09 21:55:10 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\MusicBrainz
[2011/08/25 22:01:01 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\OpenOffice.org
[2011/07/18 06:29:19 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\OverDrive
[2012/09/17 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\pdf995
[2011/06/10 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\PictureMover
[2012/05/30 07:15:11 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\SharePod
[2012/10/30 21:31:53 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\Softland
[2012/09/17 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\TaxCut
[2011/06/16 18:51:58 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\TP
[2012/03/04 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Deanne\AppData\Roaming\WinBatch

[color=#A23BEC]< %Public%\Documents\Fonts\*.exe >[/color]

[color=#A23BEC]< %Public%\Documents\Config\*.exe >[/color]

[color=#A23BEC]< %Public%\Documents\*.* >[/color]
[2009/07/13 22:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

[color=#A23BEC]< %ProgramData%\*.* >[/color]
[2011/08/18 22:47:04 | 000,011,801 | ---- | M] () -- C:\ProgramData\hpzinstall.log

[color=#A23BEC]< %ProgramData%\*. >[/color]
[2012/10/23 20:45:20 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/08 17:10:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011/06/10 21:57:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011/06/10 21:46:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/09/24 02:49:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Applications
[2010/09/24 02:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2011/06/10 21:15:40 | 000,000,000 | ---D | M] -- C:\ProgramData\CinemaNow
[2012/08/28 05:58:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Comodo
[2010/09/24 03:08:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2012/08/31 21:56:09 | 000,000,000 | ---D | M] -- C:\ProgramData\CPA_VA
[2012/10/18 22:28:49 | 000,000,000 | ---D | M] -- C:\ProgramData\CrashPlan
[2010/09/24 02:58:47 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/08/25 21:21:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2011/08/18 22:30:08 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011/08/18 22:29:53 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Product Assistant
[2012/09/17 21:27:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Jazzercise
[2010/09/24 02:51:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2012/08/19 13:33:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012/08/19 16:28:27 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2012/05/15 19:35:11 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/07/10 22:22:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/05/14 19:18:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2010/09/24 03:14:59 | 000,000,000 | ---D | M] -- C:\ProgramData\NewspaperDirect
[2011/08/25 20:48:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2010/09/24 03:22:51 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2012/12/01 23:42:55 | 000,000,000 | ---D | M] -- C:\ProgramData\pdf995
[2012/12/04 00:18:59 | 000,000,000 | ---D | M] -- C:\ProgramData\PDFC
[2010/09/24 02:59:40 | 000,000,000 | ---D | M] -- C:\ProgramData\PictureMover
[2012/12/08 21:24:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Recovery
[2010/09/24 02:51:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2010/09/24 02:25:30 | 000,000,000 | ---D | M] -- C:\ProgramData\SonicFocus
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/07/07 21:10:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2010/09/24 02:59:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec
[2012/04/16 17:35:04 | 000,000,000 | ---D | M] -- C:\ProgramData\TaxCut
[2010/09/24 02:58:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/13 23:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/09/24 03:15:40 | 000,000,000 | ---D | M] -- C:\ProgramData\TouchSmartData
[2010/09/24 02:51:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2011/06/16 19:24:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WEBREG
[2010/09/24 03:13:23 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2010/09/24 02:59:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
[2011/06/10 21:46:18 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/11/25 13:17:48 | 000,000,000 | ---D | M] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

[color=#A23BEC]< %CommonProgramFiles%\*.* >[/color]

[color=#A23BEC]< %CommonProgramFiles%\ComObjects*.exe >[/color]

[color=#A23BEC]< %commonprogramfiles(x86)%\*.* >[/color]

[color=#A23BEC]< %ProgramFiles%\*.* >[/color]
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %ProgramFiles%\*. >[/color]
[2012/06/26 21:53:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/06/26 21:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2011/06/10 21:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/24 02:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/09/24 02:35:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVerMedia
[2012/05/28 22:38:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/09/24 02:51:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CinemaNow
[2010/09/24 02:39:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/11/13 20:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/08/31 21:56:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Comodo
[2011/07/09 19:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cricut Software
[2010/09/24 02:48:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2012/11/25 13:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/08/18 22:29:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2010/09/24 03:13:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2012/04/16 17:36:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HRBlock2011
[2012/11/25 13:28:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/08/20 22:10:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/09/24 02:37:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ITE
[2012/10/23 20:45:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/10/31 00:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/09/17 21:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jazzercise
[2010/09/24 03:15:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kobo
[2012/10/18 18:08:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/20 22:04:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/13 19:24:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/13 19:27:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/08/20 21:27:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/09 22:19:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/09/17 21:23:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/09/13 19:27:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/13 19:27:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/09/13 19:27:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
[2011/09/13 19:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/09/24 02:51:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2010/09/24 02:48:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2012/09/17 21:23:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/12/08 11:39:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/08 17:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2011/09/13 19:28:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/06/14 13:05:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/10/09 21:54:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MusicBrainz Picard
[2011/06/16 19:44:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Digital Studio
[2010/09/24 03:14:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewspaperDirect
[2011/06/10 20:23:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/08/25 21:54:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/08/19 16:30:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
[2011/07/13 22:26:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OverDrive Media Console
[2010/09/24 02:35:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Complete
[2012/09/17 19:30:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF995
[2010/09/24 02:59:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/06/10 21:45:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/09/24 02:36:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/09/24 02:59:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/09/24 02:36:47 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/09/24 02:48:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virtual Earth 3D
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/06/10 20:23:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/10 20:21:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/09/24 03:14:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4

[color=#A23BEC]< %ProgramFiles(x86)%\*.* >[/color]
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %ProgramFiles(x86)%\*. >[/color]
[2012/06/26 21:53:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/06/26 21:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2011/06/10 21:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/24 02:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/09/24 02:35:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVerMedia
[2012/05/28 22:38:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/09/24 02:51:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CinemaNow
[2010/09/24 02:39:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/11/13 20:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/08/31 21:56:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Comodo
[2011/07/09 19:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cricut Software
[2010/09/24 02:48:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2012/11/25 13:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/08/18 22:29:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2010/09/24 03:13:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2012/04/16 17:36:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HRBlock2011
[2012/11/25 13:28:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/08/20 22:10:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/09/24 02:37:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ITE
[2012/10/23 20:45:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/10/31 00:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/09/17 21:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jazzercise
[2010/09/24 03:15:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kobo
[2012/10/18 18:08:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/20 22:04:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/13 19:24:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/13 19:27:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/08/20 21:27:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/09 22:19:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/09/17 21:23:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/09/13 19:27:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/13 19:27:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/09/13 19:27:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
[2011/09/13 19:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/09/24 02:51:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2010/09/24 02:48:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2012/09/17 21:23:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/12/08 11:39:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/08 17:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2011/09/13 19:28:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/06/14 13:05:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/10/09 21:54:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MusicBrainz Picard
[2011/06/16 19:44:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Digital Studio
[2010/09/24 03:14:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewspaperDirect
[2011/06/10 20:23:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/08/25 21:54:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/08/19 16:30:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
[2011/07/13 22:26:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OverDrive Media Console
[2010/09/24 02:35:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF Complete
[2012/09/17 19:30:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDF995
[2010/09/24 02:59:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/06/10 21:45:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/09/24 02:36:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/09/24 02:59:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/09/24 02:36:47 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/09/24 02:48:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virtual Earth 3D
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/06/10 20:23:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/10 20:21:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/09/24 03:14:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4

[color=#A23BEC]< %programdata%\Microsoft\Windows\DRM\*.tmp >[/color]

[color=#A23BEC]< %programdata%\Microsoft\Windows\DRM\*.tmp >[/color]

[color=#A23BEC]< %AllUsersProfile%\Microsoft\Windows\DRM\*.tmp >[/color]

[color=#A23BEC]< %AllUsersProfile%\Microsoft\Windows\DRM\*.tmp >[/color]

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >[/color]

[color=#A23BEC]< %windir%\temp\*.exe >[/color]

[color=#A23BEC]< %windir%\*. >[/color]
[2009/07/13 23:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins
[2009/07/13 21:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
[2011/08/16 20:54:09 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2012/11/25 13:21:15 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2009/07/13 23:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2012/08/20 21:56:54 | 000,000,000 | ---D | M] -- C:\Windows\debug
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2009/07/13 23:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
[2010/09/24 02:35:54 | 000,000,000 | ---D | M] -- C:\Windows\Driver Cache
[2012/01/14 03:11:46 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2012/04/16 17:36:33 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2009/07/14 01:50:14 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2012/11/25 13:28:00 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2011/06/16 18:50:04 | 000,000,000 | ---D | M] -- C:\Windows\hpojj4600
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2012/12/10 00:07:58 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2012/11/25 13:21:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2009/07/13 23:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2009/07/13 20:34:24 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2011/06/14 13:18:02 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2009/07/13 23:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2012/06/13 02:42:00 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2012/12/08 19:30:34 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
[2009/07/13 20:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2012/08/20 22:10:21 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2009/07/13 23:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
[2011/06/10 20:19:26 | 000,000,000 | ---D | M] -- C:\Windows\Panther
[2011/06/10 20:21:06 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2009/07/13 21:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2011/06/14 13:19:14 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2012/12/10 00:21:41 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2010/09/24 03:15:07 | 000,000,000 | ---D | M] -- C:\Windows\PRIndex
[2012/09/17 21:22:21 | 000,000,000 | ---D | M] -- C:\Windows\Registration
[2012/07/12 20:12:46 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2009/07/13 20:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2009/07/13 21:20:10 | 000,000,000 | ---D | M] -- C:\Windows\security
[2009/07/13 22:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2011/06/16 18:33:36 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2009/07/24 13:36:12 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2011/09/13 19:28:18 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2011/06/14 11:53:02 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2009/07/13 23:37:44 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2012/08/09 18:27:37 | 000,000,000 | ---D | M] -- C:\Windows\Sun
[2009/07/13 20:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system
[2012/12/10 00:07:58 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2012/11/26 18:59:21 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
[2009/07/13 22:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
[2012/11/25 13:29:33 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2012/12/10 00:20:47 | 000,000,000 | ---D | M] -- C:\Windows\Temp
[2009/07/13 20:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2011/08/25 21:33:04 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2012/11/25 13:27:35 | 000,000,000 | ---D | M] -- C:\Windows\winsxs

[color=#A23BEC]< %windir%\installer\*. >[/color]
[2010/09/24 02:37:29 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2010/09/24 02:57:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
[2010/09/24 03:08:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{02EABF5D-E535-4A0F-8658-C1F4BF25850C}
[2010/09/24 03:08:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{053BC793-EB2F-48B6-AB61-6B76CCCCB041}
[2010/09/24 02:38:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{05CA9AF2-E06D-3991-887C-FC5822D5468A}
[2010/09/24 03:08:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{06A1431C-C951-4A9B-8732-04827497BF25}
[2010/09/24 02:38:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{07BF9DB6-69AE-4070-EFBC-44C5BB3E10D2}
[2012/03/04 17:34:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{07FA4960-B038-49EB-891B-9F95930AA544}
[2010/09/24 03:08:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0ACB0830-631B-4C84-81CD-0B33E8129964}
[2010/09/24 03:08:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0C49FC5B-B846-4430-83BA-4F5DD481DC53}
[2010/09/24 02:37:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{104BEA41-8EC0-B483-04AA-FAB143CBBCAE}
[2010/09/24 03:07:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{11070051-3806-4F34-8F1D-A7874ADC296C}
[2012/08/19 16:30:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1111706F-666A-4037-7777-211328764D10}
[2010/09/24 02:51:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{120262A6-7A4B-4889-AE85-F5E5688D3683}
[2012/10/23 20:45:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}
[2010/09/24 03:08:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{157A2E65-1D59-4BE2-BBD4-D16A14EEF959}
[2011/06/10 20:23:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{178832DE-9DE0-4C87-9F82-9315A9B03985}
[2010/09/24 02:52:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
[2010/09/24 02:38:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1D4B453A-6C34-FEDF-4B69-C026E2E58655}
[2011/08/18 22:27:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}
[2010/09/24 03:03:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1F99BAFA-2FD1-42D6-BE19-97144103D758}
[2010/09/24 02:45:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
[2011/06/10 20:21:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}
[2010/09/24 02:37:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{22139F5D-9405-455A-BDEB-658B1A4E4861}
[2010/09/24 03:08:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{22CD5AA1-C28D-458A-AC3D-FB30F74111F9}
[2010/09/24 02:59:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{264FE20A-757B-492a-B0C3-4009E2997D8A}
[2012/04/29 15:22:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F83216032FF}
[2010/09/24 03:08:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{29CE5C81-B7F9-40EA-997E-606C09F515A6}
[2010/09/24 03:09:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{29F19C52-0B82-4741-8015-8D46E28638EC}
[2012/09/17 21:24:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
[2010/09/24 02:45:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3023EBDA-BF1B-4831-B347-E5018555F26E}
[2010/09/24 02:35:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{32A2B967-279F-457D-B767-76352DA2F108}
[2010/09/24 02:38:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{338556DF-B61E-26A0-4DF9-F95658B3454B}
[2010/09/24 02:38:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{37220538-53F8-728A-C7EA-92ABD78CA94B}
[2010/09/24 02:48:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
[2010/09/24 03:08:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3C19AEEC-7779-4FA5-A1DA-AEB93E674294}
[2010/09/24 02:38:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3DAB1C09-2B6C-4FEE-2B95-EABAAF7002FB}
[2011/08/25 21:55:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3E171899-0175-47CC-84C4-562ACDD4C021}
[2010/09/24 02:59:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
[2010/09/24 02:47:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}
[2010/09/24 03:06:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
[2010/09/24 03:16:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
[2010/09/24 02:40:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
[2010/09/24 02:38:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4513B67A-61E4-D7BF-6381-657581C9097C}
[2010/09/24 03:00:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}
[2012/10/23 20:49:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}
[2012/11/22 11:17:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4EAB2511-0135-48CA-A47B-CE1E6836793A}
[2010/09/24 02:38:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5031851B-1BC3-EAB0-AC16-7D5FF880502C}
[2012/09/17 21:22:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
[2011/06/10 21:45:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}
[2010/09/24 02:38:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5924CA2E-D145-87A2-CB65-39313C0D825C}
[2010/09/24 03:08:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5932A032-0BD3-4EEA-9FC3-5E4C98B770C5}
[2010/09/24 03:08:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A9DADC3-6C03-4C83-8622-60405126D1E0}
[2010/09/24 03:08:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5CBE8F58-049D-49FE-B4E3-A23CF3194771}
[2012/10/23 20:33:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}
[2011/06/10 20:22:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}
[2010/09/24 02:58:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{67626E09-5366-4480-8F1E-93FADF50CA15}
[2010/09/24 02:38:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{67AAEC8B-9A0C-154E-21F8-0AEF4A05E98D}
[2010/09/24 03:07:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6807F13C-A925-4DD8-80C0-24D93A6FFE83}
[2010/09/24 02:48:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}
[2010/09/24 02:51:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6C122441-1861-4CD7-B1C5-A163A6984E12}
[2012/05/28 22:38:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[2012/11/25 13:21:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
[2010/09/24 02:38:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6FA22C59-53A4-6C24-4E2B-8024838F1016}
[2010/09/24 02:38:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{713578E2-16BA-B3C5-A1D3-147F4BD6CE14}
[2012/10/23 20:41:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}
[2010/09/24 03:08:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{766486B3-441B-4376-A5F8-0AE2E4BDFB3C}
[2010/09/24 03:08:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{769FA062-69D1-4456-8624-13EC3880787E}
[2010/09/24 02:38:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{777E6DA6-2487-4A56-0FAB-07C9F82B9C18}
[2010/09/24 03:08:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{77B559D7-CBF8-43FE-90BB-BDB6A30E9B61}
[2011/06/10 20:22:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
[2010/09/24 02:38:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{858CA5A0-9A7E-3D84-679F-5934B22255A8}
[2011/06/14 13:05:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2010/09/24 03:08:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{864BC409-6229-452C-B1FD-FA960D13F824}
[2010/09/24 02:38:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{88B6E7E4-2D44-9C8D-1B7E-1131C8B0D111}
[2010/09/24 02:38:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{88E2586F-E0D5-A3E3-B84F-4CC6E86F4D23}
[2010/09/24 03:08:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89DE8F46-0495-46F7-94EB-DC6AA71BD3EE}
[2012/05/09 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012/12/09 16:01:11 | 000,000,000 | -HSD | M] -- C:\Windows\installer\{8ab922df-6a75-fa7b-8ace-d21af1b25ed3}
[2010/09/24 03:09:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}
[2010/09/24 02:38:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8D016DB5-8672-0757-F228-32BF04278665}
[2010/09/24 03:15:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8DB462BD-8372-47F1-9356-210BE357B1A8}
[2010/09/24 02:50:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8FF90DB8-6DED-44A3-B182-244FEC09012F}
[2011/09/13 19:26:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-002A-0000-1000-0000000FF1CE}
[2011/11/10 03:04:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006E-0409-0000-0000000FF1CE}
[2012/07/10 22:22:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91140000-0011-0000-0000-0000000FF1CE}
[2010/09/24 03:15:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{912CED74-88D3-4C5B-ACB0-13231864975D}
[2010/09/24 02:55:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}
[2011/08/18 22:28:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{92A51949-EE4C-466D-AAF0-99E74A49A63F}
[2010/09/24 02:43:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95140000-0070-0000-0000-0000000FF1CE}
[2010/09/24 02:38:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95251A23-7B7A-BFA7-C812-9A0E4EC04120}
[2012/09/17 21:21:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}
[2010/09/24 03:18:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9B48B0AC-C813-4174-9042-476A887592C7}
[2010/09/24 02:38:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9B51638F-A1F3-05B5-46A1-B54A025766E1}
[2010/09/24 03:08:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9CEE002F-22B8-4335-8D55-A1EE852C8072}
[2012/08/20 21:27:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}
[2010/09/24 03:15:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A1CE6220-A44F-4B0B-B445-738ACB55C25D}
[2010/09/24 02:38:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A6D0B261-9CF1-1C7E-5A5C-6D42EE9AE9E6}
[2011/06/10 20:22:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
[2010/09/24 02:38:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AB92BB15-CF56-0490-64D9-06DD82522CC5}
[2012/08/20 06:27:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
[2010/09/24 02:38:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B1588559-57A0-5948-0A3F-F768AC350F29}
[2010/09/24 02:38:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B191C95B-7E4A-6419-F332-307810CE4FA5}
[2010/09/24 02:38:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B4DFE240-836F-3EA4-B764-BE778EB7B86B}
[2012/09/17 21:22:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}
[2010/09/24 03:08:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B770307B-2E7E-4BAD-BF75-1511A76AD277}
[2010/09/24 02:38:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BD30FF0E-FFD3-8200-68F1-7772F0C091DD}
[2010/09/24 03:09:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BDDA1E1E-204E-4368-B0C2-737F16B76307}
[2010/09/24 03:08:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BFA6DE67-F8EF-427B-B962-D03ADAF56734}
[2010/09/24 02:38:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C1441CC5-D9DC-C781-F5FC-B7CA0FBA0914}
[2010/09/24 02:48:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[2012/04/16 21:29:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}
[2011/06/10 21:44:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
[2010/09/24 02:53:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C9DCE03F-8CB7-4146-A99C-0612D75177EA}
[2010/09/24 02:46:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
[2010/09/24 02:37:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CBF9CADC-3F81-44E4-3B0F-B0E288D0FBEC}
[2012/11/22 11:17:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
[2010/09/24 02:46:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D36DD326-7280-11D8-97C8-000129760CBE}
[2012/10/18 22:28:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D377B43D-DF58-4D54-A809-781D4F576FE6}
[2011/07/13 22:26:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}
[2012/11/22 11:17:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}
[2012/05/15 19:35:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}
[2011/06/10 20:22:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
[2011/08/18 22:26:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D79113E7-274C-470B-BD46-01B10219DF6A}
[2010/09/24 03:22:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D79A02E9-6713-4335-9668-AAC7474C0C0E}
[2010/09/24 03:08:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DBE1BE19-6D8E-4623-83B1-EE017908A8B7}
[2011/08/18 22:30:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DC635845-46D3-404B-BCB1-FC4A91091AFA}
[2010/09/24 02:57:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DCCAD079-F92C-44DA-B258-624FC6517A5A}
[2010/09/24 03:14:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DE665CEA-0968-4211-B0B0-2A917CE9EC7E}
[2010/09/24 02:42:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DE77FE3F-A33D-499A-87AD-5FC406617B40}
[2010/09/24 03:08:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E1FD99EF-7312-426E-A9BD-92ECD2093B4A}
[2012/11/13 20:01:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E21161DD-05A2-42ED-A0EC-9C1393F51A64}
[2010/09/24 02:37:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E2D662AD-3FE3-26C5-5540-90E4974EF412}
[2012/11/22 11:17:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E62381A7-B1C1-4121-8262-84D38C77786C}
[2010/09/24 02:38:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB235F08-D1FC-D35F-BD8A-84C232184AF2}
[2010/09/24 02:38:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB69F7A5-778B-2F95-1FFD-949157FB94CA}
[2012/11/25 13:19:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}
[2010/09/24 02:55:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}
[2011/06/10 20:22:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2010/09/24 03:08:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F33B9785-B646-4564-849B-BEE3A1700694}
[2011/06/14 13:06:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2010/09/24 02:38:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F6A4B871-A06A-0EB2-DA8F-BD26CA4B7D90}
[2011/06/10 20:21:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
[2010/09/24 03:08:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F9A36074-25AD-4F2E-969E-AEDF452DC57B}
[2010/09/24 02:52:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}
[2012/11/22 11:17:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}

[color=#A23BEC]< %windir%\system32\*. >[/color]
[2012/08/09 18:34:38 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/13 21:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2010/09/24 02:49:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg
[2009/07/13 21:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/13 20:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/13 20:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2010/09/24 02:49:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2010/09/24 02:49:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\da
[2011/06/16 18:33:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2010/09/24 02:49:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\de
[2009/07/13 21:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2012/12/05 21:33:49 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2010/09/24 02:49:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\el
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2012/06/13 02:28:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\es
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/13 20:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/13 20:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/13 20:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\it
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/13 21:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2010/09/24 02:35:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2012/07/12 19:43:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/13 20:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\no
[2011/06/16 18:33:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2010/09/24 02:36:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\RTCOM
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2011/08/18 22:27:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2011/06/16 18:33:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/13 21:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2011/06/14 13:12:53 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2012/09/17 19:29:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2010/09/24 02:49:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CHS
[2010/09/24 02:49:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CHT
[2009/07/13 21:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2009/07/13 21:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2009/07/13 21:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

[color=#A23BEC]< %windir%\sysnative\*. >[/color]
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2010/09/24 02:38:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2010/09/24 02:38:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2011/06/16 18:32:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2012/10/23 22:35:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2012/11/01 14:01:21 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2010/09/24 02:36:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2009/07/13 23:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2012/12/02 20:30:12 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2011/06/16 18:33:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2010/09/24 02:38:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2011/06/16 18:33:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2012/12/09 16:03:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2012/10/23 20:41:25 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2012/10/23 20:45:21 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2010/09/24 02:38:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2012/07/12 19:43:12 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2010/09/24 02:38:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2011/06/16 18:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\EventProviders
[2010/09/24 02:38:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2010/09/24 02:38:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2011/11/21 22:46:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/13 20:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/13 20:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/13 21:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/13 20:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2012/12/08 21:10:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2011/11/28 21:21:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2010/09/24 03:16:29 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2012/07/12 19:43:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2011/06/16 18:33:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2009/07/13 23:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2010/09/24 02:38:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2012/08/20 21:23:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/13 21:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2009/07/24 13:22:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\OEM
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2009/07/13 23:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/13 21:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2010/09/24 03:10:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2011/06/10 20:26:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/13 21:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2009/07/13 22:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/13 21:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2011/06/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2011/06/16 18:08:25 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SPReview
[2009/07/13 21:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2010/09/24 05:20:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2012/11/25 13:29:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2010/09/24 02:38:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/13 21:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2011/06/14 13:12:53 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2011/06/16 18:33:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2009/07/13 23:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2011/06/10 23:10:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2009/07/13 23:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/13 21:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2009/07/13 23:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2010/09/24 02:38:58 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2010/09/24 02:38:58 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2010/09/24 02:38:58 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW

[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]
[2012/12/04 02:41:28 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\system32\drivers\CFRMD.sys

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /90 >[/color]
[2012/12/04 02:41:28 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\syswow64\drivers\CFRMD.sys

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color]

[color=#A23BEC]< %systemroot%\*. /rp /s >[/color]

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color]
[2012/03/04 17:32:28 | 000,022,584 | ---- | M] () MD5=BD1DF0D6DB26F210CE52DA48A59F96C4 -- C:\Windows\assembly\temp\O8JWJO715P\HP.SupportFramework.Communicator.dll

[color=#A23BEC]< %systemroot%\assembly\GAC\*.ini >[/color]

[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]

[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]

[color=#A23BEC]< %SystemRoot%\assembly\GAC_MSIL\*.ini >[/color]

[color=#A23BEC]< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >[/color]

[color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color]

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color]
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 19:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color]
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >[/color]
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color]
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 19:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color]
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color]
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/13 19:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color]
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s >[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\MSOLoad /s >[/color]

[color=#A23BEC]< bcdedit /enum all /v >C:\boot.txt /c >[/color]

[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: DEANNE-HP
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E                       DVD-ROM         0 B  No Media
  Volume 1         SYSTEM       NTFS   Partition    100 MB  Healthy    System
  Volume 2     C   OS           NTFS   Partition    916 GB  Healthy    Boot
  Volume 3     D   HP_RECOVERY  NTFS   Partition     15 GB  Healthy
  Volume 4     G                       Removable       0 B  No Media

[color=#A23BEC]< MD5 for: AFD.SYS  >[/color]
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 22:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 20:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 17:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 22:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 03:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 20:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 21:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 21:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 20:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: CSC.SYS  >[/color]
[2009/07/13 17:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) MD5=4A6173C2279B498CD8F57CAE504564CB -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_fa3d3a8e759850bd\csc.sys
[2010/11/20 03:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys

[color=#A23BEC]< MD5 for: DFSC.SYS  >[/color]
[2009/07/13 17:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=3F1DC527070ACB87E40AFE46EF6DA749 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_e38f1f84ffcceb85\dfsc.sys
[2011/04/26 20:45:11 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=59E1C75E5DDBB70BF5A9C6A34D31B4AC -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_e43734fe18d3f691\dfsc.sys
[2010/11/20 03:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 03:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
[2011/04/26 20:57:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9C253CE7311CA60FC11C774692A13208 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_e3e4a818ff8ce469\dfsc.sys

[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/06/06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2010/09/24 03:13:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/24 03:15:36 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/24 03:13:58 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/09/24 03:12:25 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/24 03:15:36 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/24 03:12:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/24 03:15:36 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/24 03:12:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/24 03:15:36 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/09/24 03:13:58 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/24 03:12:25 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/09/24 03:13:58 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS  >[/color]
[2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys
[2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

[color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
[2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 00:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011/11/17 01:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2011/11/17 01:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
[2012/06/04 01:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2012/06/01 23:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BF63CE11A25F3509129888710D5111FC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
[2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe
[2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2011/11/17 00:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe

[color=#A23BEC]< MD5 for: NETBT.SYS  >[/color]
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 17:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 06:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 06:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 07:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 07:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[color=#A23BEC]< MD5 for: SERIAL.SYS  >[/color]
[2009/07/13 18:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/13 18:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 18:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2012/08/19 16:56:01 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2011/04/24 23:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 11:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 07:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 00:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2012/03/30 04:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 23:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 05:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 04:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009/07/13 19:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 23:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 00:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 10:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 00:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 00:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 00:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 10:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 10:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS  >[/color]
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 19:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/24 03:15:36 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/24 03:15:36 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >