verification needed ,is this spyware???? [Archive]

View Full Version : verification needed ,is this spyware????

mjd59

2012-06-21, 11:31

hi, i am no computer experte but looking at these file of mine seem to tell me either 1, i have a live hacker. 2. an over suspisious girlfriend. 3, some form of goverment / public protection [as they would call it] program. i ddo also think my modem has being hijacked and maybe reading my cell phone info . i do have actual files which are in need of analistic eyes , i could be just paranoid ????/ please help before i go mad chasing this around my c drive
thanks
mick

p.s dds has been renamed my porn to try throw off any chance of it been tampered

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by admin at 18:55:08 on 2012-06-21
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.3316.1110 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SRSAENotifier] c:\program files\srs labs\srs audio essentials\AENotifier.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1FF946B5-3569-49FD-B766-744DCCA3A297} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ci05knef;Vba32 Armour Driver;c:\windows\system32\drivers\ci05knef.sys [2012-6-19 35904]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-20 654408]
R2 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-6-20 439632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-17 1153368]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2011-12-15 2521880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-20 22344]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-5-1 404256]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-23 136176]
S2 SRSHDAudioService;SRS HDAudio Lab Service;"c:\program files\common files\srs labs\srs hd audio lab service\srsaudiolabservice.exe" --> c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-5-26 30312]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-23 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-5-26 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-5-26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-5-26 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-5-26 114280]
SUnknown MpKsl5cb10997;MpKsl5cb10997; [x]
.
=============== Created Last 30 ================
.
2012-06-21 08:42:12 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad17be3a-25e4-497d-be8b-5553a624810c}\mpengine.dll
2012-06-20 12:15:59 -------- d-----w- c:\programdata\Trend Micro
2012-06-20 12:05:55 -------- d-----w- c:\program files\WinPcap
2012-06-20 11:01:43 -------- d-----w- c:\program files\Safer Networking
2012-06-20 08:42:26 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-19 14:12:04 -------- d-----w- c:\users\admin\appdata\local\MPlayer
2012-06-19 11:31:27 388096 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-19 11:31:25 -------- d-----w- c:\program files\Trend Micro
2012-06-19 09:29:57 35904 ----a-w- c:\windows\system32\drivers\ci05knef.sys
2012-06-13 03:29:37 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-06-13 03:29:37 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f469b385-4890-4ffe-87a5-3241d146f901}\gapaengine.dll
2012-06-12 18:19:06 -------- d-----w- c:\users\admin\appdata\local\Apps
2012-06-12 07:25:58 -------- d-----w- c:\users\admin\appdata\local\temp
2012-06-12 07:25:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-10 16:18:51 98816 ----a-w- c:\windows\sed.exe
2012-06-10 16:18:51 518144 ----a-w- c:\windows\SWREG.exe
2012-06-10 16:18:51 256000 ----a-w- c:\windows\PEV.exe
2012-06-10 16:18:51 208896 ----a-w- c:\windows\MBR.exe
2012-06-08 13:42:43 -------- d-----w- c:\windows\system32\appmgmt
2012-06-08 07:36:44 -------- d-----w- c:\program files\HP
2012-06-06 12:36:38 -------- d-----w- c:\users\admin\appdata\local\Samsung
2012-06-06 12:36:23 -------- d-----w- c:\users\admin\appdata\roaming\Samsung
2012-06-06 12:04:42 -------- d-----w- c:\users\admin\appdata\local\Adobe
2012-06-06 11:38:24 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2012-06-04 18:24:05 -------- d-----w- c:\program files\Yontoo
2012-06-04 18:24:02 -------- d-----w- c:\programdata\Tarma Installer
2012-06-03 07:42:50 -------- d-----w- c:\programdata\FilesOpened
2012-06-03 07:41:41 -------- d-----w- c:\programdata\RegWork
2012-06-03 07:41:28 -------- d-----w- c:\program files\Ask.com
2012-06-03 07:41:12 -------- d-----w- c:\program files\RegWork
2012-05-30 09:38:19 -------- d-----w- c:\program files\iPod
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-26 11:17:39 -------- d-----w- C:\Temp
2012-05-26 00:37:30 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-05-26 00:37:30 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-05-26 00:37:30 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-05-26 00:37:30 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-05-26 00:37:30 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-05-26 00:37:30 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-05-26 00:37:30 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-05-26 00:37:30 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-05-26 00:37:30 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-05-26 00:37:30 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-05-26 00:37:30 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-05-26 00:36:38 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-05-26 00:36:38 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-05-26 00:36:38 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-05-26 00:36:38 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-05-26 00:36:38 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-05-26 00:36:38 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-05-26 00:36:38 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-05-26 00:35:37 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-05-26 00:35:02 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-05-26 00:35:02 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-05-26 00:35:02 -------- d-----w- c:\program files\MarkAny
2012-05-26 00:33:59 -------- d-----w- c:\programdata\Samsung
2012-05-26 00:33:59 -------- d-----w- c:\program files\Samsung
2012-05-24 08:18:33 -------- d-----w- c:\program files\Morphyre
2012-05-24 07:35:28 -------- d-----w- C:\inetpub
2012-05-24 06:11:40 -------- d-----w- c:\programdata\SpeedMaxPc
.
==================== Find3M ====================
.
2012-05-31 06:57:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 06:57:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-18 10:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 18:55:54.85 ===============

ken545

2012-06-30, 22:50

:snwelcome:

Sorry for the delay but sometimes a log or two falls through the cracks, if you still need help lets run OTL and see whats going on

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

mjd59

2012-07-01, 07:29

hi and thanks for helping me out i have ran otl but could not find extras, but have a log from the 19/6/2012 which i have added , also i have 2 systems which may be affected the original is a dell optiplex 755 and also a dell optiplex745 which the latter is not as bad . i am finding hidden text ,files which i can not open and check boxes that i can not check ,also think web pages are not ligitamate and exspired security certs,i look forward to your reponse , thanks again

mick

mjd59

2012-07-01, 07:30

here are the otl logs

OTL logfile created on: 1/07/2012 2:16:18 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = E:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.24 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 46.90% Memory free
6.70 Gb Paging File | 4.99 Gb Available in Paging File | 74.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 28.87 Gb Free Space | 38.75% Space Free | Partition Type: NTFS
Drive D: | 76.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: ADM-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SRSHDAudioService) -- C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (spiceworks) -- C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (RUBotSrv) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\AMT\UNS.exe (Intel)
SRV - (atchksrv) Intel(R) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\mic\AppData\Local\Temp\catchme.sys File not found
DRV - (MpKsl89d0f867) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF88B44A-AF4E-4381-B890-8E11C1A9A7F4}\MpKsl89d0f867.sys ()
DRV - (ci05knef) -- C:\Windows\System32\drivers\ci05knef.sys (VirusBlokAda Ltd.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\adm\Desktop
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{4E398B64-32F0-49C2-9873-FEBBD6D2AD8F}: "URL" = http://www.oolone.com?search={searchTerms}&source=IE
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enAU476
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enAU476
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\..\SearchScopes,DefaultScope = {EBE9E25F-F8A2-4714-87DA-C6ECEE8FA6BF}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\..\SearchScopes\{EBE9E25F-F8A2-4714-87DA-C6ECEE8FA6BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 23:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/22 23:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 08:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 09:02:29 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/15 09:02:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 09:02:29 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/15 09:02:29 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/15 09:02:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/15 09:02:29 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/06/11 02:28:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1001..\Run: [SRSHDAudioLab] "C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe" auto File not found
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1002..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\suzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..Trusted Domains: google.com.au ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF946B5-3569-49FD-B766-744DCCA3A297}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 08:57:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012/06/24 08:53:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/06/24 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/06/23 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Favorites\Documents\TagsRevisited
[2012/06/23 15:43:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiceworks
[2012/06/23 15:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spiceworks
[2012/06/23 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/06/23 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/06/23 15:02:03 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/23 15:02:03 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/06/23 15:02:03 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/23 15:01:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/06/23 15:01:53 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/06/22 23:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/22 23:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/22 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/22 23:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc
[2012/06/22 18:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/22 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/22 18:05:28 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/22 18:05:28 | 000,687,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/22 18:05:28 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/22 18:05:05 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/22 18:05:05 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/22 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/22 18:04:03 | 000,000,000 | ---D | C] -- C:\Sun
[2012/06/22 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/22 13:38:13 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Favorites\Documents\My Videos
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Favorites\Documents\My Pictures
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Favorites\Documents\My Music
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/06/22 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/06/22 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/06/22 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData
[2012/06/22 13:19:00 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2012/06/22 13:19:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftsrch.dll
[2012/06/22 13:19:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx041e.dll
[2012/06/22 13:19:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx0411.dll
[2012/06/22 06:59:51 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 06:59:51 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 06:59:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 06:59:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 06:59:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 06:59:34 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 06:59:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/22 06:08:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 22:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/06/20 22:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/06/20 22:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/06/20 22:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2012/06/20 21:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/06/20 21:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/06/19 21:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/19 19:29:57 | 000,035,904 | ---- | C] (VirusBlokAda Ltd.) -- C:\Windows\System32\drivers\ci05knef.sys
[2012/06/18 22:33:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/11 02:30:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/11 02:18:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/11 02:18:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/11 02:18:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/11 02:18:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/11 01:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/08 23:42:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/06/08 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/06/05 19:23:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/06/05 04:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/06/05 04:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/03 17:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FilesOpened
[2012/06/03 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RegWork
[2012/06/03 17:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FilesOpened
[2012/06/03 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/06/03 17:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 14:05:33 | 000,638,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/01 14:05:33 | 000,116,630 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/01 14:02:42 | 000,000,272 | ---- | M] () -- C:\Users\Administrator\Desktop\OTL - Shortcut.lnk
[2012/07/01 13:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 13:18:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 13:18:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:55:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 11:18:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/07/01 11:18:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 11:18:30 | 3477,716,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 17:59:59 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/06/24 10:45:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/24 10:45:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/24 09:38:15 | 000,001,344 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk.colors
[2012/06/24 08:52:57 | 000,001,028 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2012/06/23 18:49:28 | 000,143,125 | ---- | M] () -- C:\Users\Administrator\rubygems-1.8.21.zip.s7cp9kw.partial
[2012/06/23 17:15:20 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/23 16:44:53 | 000,246,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/23 15:43:37 | 000,000,868 | ---- | M] () -- C:\Users\Administrator\Desktop\Spiceworks Desktop.lnk
[2012/06/23 15:02:05 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/23 15:01:30 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/06/23 09:24:52 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/06/22 23:51:02 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 18:04:54 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/22 18:04:54 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/22 18:04:54 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/22 18:04:54 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/22 18:04:54 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/21 09:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job.bak
[2012/06/21 09:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job.bak
[2012/06/19 19:29:57 | 000,035,904 | ---- | M] (VirusBlokAda Ltd.) -- C:\Windows\System32\drivers\ci05knef.sys
[2012/06/18 22:33:24 | 311,289,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/11 02:28:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/05 19:25:57 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2012/06/05 19:24:53 | 352,059,392 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2012/06/05 19:24:51 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2012/06/05 19:24:51 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2012/06/03 08:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 08:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/03 08:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/03 08:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/03 08:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 14:02:42 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Desktop\OTL - Shortcut.lnk
[2012/06/24 09:38:09 | 000,001,344 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk.colors
[2012/06/24 08:52:57 | 000,001,028 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2012/06/24 08:45:50 | 3477,716,992 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/23 18:49:25 | 000,143,125 | ---- | C] () -- C:\Users\Administrator\rubygems-1.8.21.zip.s7cp9kw.partial
[2012/06/23 17:15:20 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/23 15:43:37 | 000,000,868 | ---- | C] () -- C:\Users\Administrator\Desktop\Spiceworks Desktop.lnk
[2012/06/23 15:02:05 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/23 15:02:02 | 000,000,944 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/23 15:01:53 | 000,000,915 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/06/22 23:51:02 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/22 23:51:02 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 23:17:50 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/06/22 23:17:14 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/06/22 23:17:13 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/06/22 20:55:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/22 18:04:24 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/22 13:38:13 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/22 13:38:13 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/18 22:33:24 | 311,289,054 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/11 02:18:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/11 02:18:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/11 02:18:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/11 02:18:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/11 02:18:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/10 10:17:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012/06/05 19:05:36 | 352,059,392 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2012/06/05 19:05:36 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2012/06/05 19:05:36 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2012/05/03 15:17:10 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/01 07:06:30 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/03/23 13:02:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/23 13:02:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/23 13:01:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/18 16:11:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/15 12:28:59 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2011/12/15 12:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2011/12/15 12:28:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2011/12/15 12:28:59 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/03/22 16:03:09 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\DriverCure
[2012/03/21 14:23:14 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\OpenOffice.org
[2012/06/13 14:18:36 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\Samsung
[2012/05/24 16:11:53 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\SpeedMaxPc
[2012/03/17 18:30:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2012/06/06 22:36:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Samsung
[2012/06/24 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/06/22 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\mic\AppData\Roaming\DriverCure
[2012/06/22 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\mic\AppData\Roaming\SpeedMaxPc
[2012/05/18 01:28:21 | 000,000,000 | ---D | M] -- C:\Users\mick\AppData\Roaming\OpenOffice.org
[2012/03/18 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\suzi\AppData\Roaming\OpenOffice.org
[2012/05/26 10:39:08 | 000,000,000 | ---D | M] -- C:\Users\suzi\AppData\Roaming\Samsung
[2012/06/28 18:45:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/28 17:59:59 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/06/23 09:24:52 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/06/23 15:01:30 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc.job

========== Purity Check ==========

< End of report >

ken545

2012-07-01, 12:41

Good Morning,

Nothing earthshattering on your OTL log. I would prefer that you copy and paste the logs into this thread in lew of attaching them, its easier for these old eyes to analyze.

Also, we just do one computer at a time per thread or believe me it could get pretty confusing, so just run the scans and post the logs on the one we are working on and when where done I will close this thread and you can start a new topic for the other one.

I see by your OTL log that you have run Combofix prior to posting, not a good idea, if you run it on your own, this forum, sUbs and myself will not be responsible.

Is this computer a home computer, I see your running Vista Business addition

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
[2012/06/03 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

mjd59

2012-07-03, 10:50

hi, ran what you asked , had to do otl in 2 stages kill processes and then the commands [ dont know if that will affect the results ????] i reloaded mamb, as i fear the original is corrupted ,downloaded updates and ran quick scan as asked . looked at the logs and it says download not completed [ as mamb ran its set up the computer shut down as if rebooting , i dont remember it ever doing that before ?] also we are having trouble logging on to wi-fi on our cell phones , dont know if any of it could be related ,maybe i could have a setting wrong or something as i am not to familiar with vista . thanks for your time once again and anything else you require me to implement with be done as instructed

mjd59

2012-07-03, 10:57

here is the protection log i had to zip the otl log

mjd59

2012-07-03, 11:05

here is the scan log

ken545

2012-07-03, 13:21

I would prefer that you copy and paste the logs into this thread in lew of attaching them, its easier for these old eyes to analyze.

Looking ok, how are things running now ?

mjd59

2012-07-06, 09:57

things seam ok , but ask toolbar has not been removed ?? i know this is /was part of the problem along with alot toolbar

mjd59

2012-07-06, 10:14

thing seam ok ask has not being deleted

ken545

2012-07-06, 13:16

Ok, lets do this,

Ask Toolbar
Ask Toolbar Updater
First go to Start > Control Panel > Programs and Features and see if you can uninstall both of these, there showing up on your uninstall list

Then run a new scan with OTL and post the new log please, then we will look into alot

mjd59

2012-07-07, 10:50

hope i have done this correctly, i can not find the ask file now but would appreciate a last look through to confirm every thing looks ok ,i am sorry but when i try to post unziped files they are too large again sorry for making you squint !!!

mjd59

2012-07-07, 10:52

here is the log

ken545

2012-07-07, 11:38

Hi,

You didn't say if you where able to uninstall ASK ?????????

Lets check for remnants of it along with alot

Also, both logs you posted are from the extras but hang off a bit and lets see what system look finds

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
*Ask*
*alot*

:folderfind
*Ask*
*alot*

:Regfind
Ask
alot

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

mjd59

2012-07-08, 12:15

SystemLook 30.07.11 by jpshortstuff
Log created at 20:01 on 08/07/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Ask* "
C:\Program Files\Common Files\Java\Java Update\task.xml --a---- 1411 bytes [01:07 17/01/2012] [01:07 17/01/2012] 52974053D6D18F78F9E3D430FD87226B
C:\Program Files\Common Files\Java\Java Update\task64.xml --a---- 1416 bytes [01:07 17/01/2012] [01:07 17/01/2012] 15D06149276C6FB179B0B096BF0D76EA
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\buttonlayermask.bmp --a---- 20620 bytes [09:37 03/05/2012] [23:51 25/01/2009] 5DB80BB48D51AEBA08E4E4E139B3C2C5
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\buttonmask.bmp --a---- 478 bytes [09:37 03/05/2012] [11:36 01/12/2008] D8D0CD3AA78352FA36294CD0ABC7CAA8
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\closeactivemask.bmp --a---- 374 bytes [09:37 03/05/2012] [06:44 06/11/2008] 722905B9F29A90CF3F1CA717B99D4025
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\closelayermask.bmp --a---- 8012 bytes [09:37 03/05/2012] [14:29 06/02/2010] 88CF9E96A350C62E37EEFC679E3302CB
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\dialogcloseactivemask.bmp --a---- 5202 bytes [09:37 03/05/2012] [03:50 05/11/2010] B952E54B67979266B9E793CCF46F1F3C
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\dialogcloselayermask.bmp --a---- 8010 bytes [09:37 03/05/2012] [03:51 05/11/2010] 98A865E0E24B093AAEAA5875A8EFB278
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\hwmask.bmp --a---- 222 bytes [09:37 03/05/2012] [03:14 13/08/2007] BE7BD23F8218BD2606E60E9085054DC4
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\layerframemask.bmp --a---- 79784 bytes [09:37 03/05/2012] [02:35 06/09/2010] 921BF4AECD83B68881A302A9E6B8D605
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\mask.bmp --a---- 178278 bytes [09:37 03/05/2012] [09:33 04/11/2008] 806560271A5A21FE149EAE54C7A0645A
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\maxactivemask.bmp --a---- 2334 bytes [09:37 03/05/2012] [06:44 06/11/2008] 19D2E7522425F96DB071D395BAAEA3AF
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\maxlayermask.bmp --a---- 5832 bytes [09:37 03/05/2012] [14:56 06/02/2010] 7B94DFC1EA6389490FFAB96F782D14A4
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\minactivemask.bmp --a---- 2334 bytes [09:37 03/05/2012] [06:46 06/11/2008] 01CC06C981E01AE68377A20379628EB2
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\minlayermask.bmp --a---- 5832 bytes [09:37 03/05/2012] [14:46 06/02/2010] 251F7E0A39671205A73BAC4565F540CB
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\sysactivemask.bmp --a---- 1666 bytes [09:37 03/05/2012] [08:44 06/11/2008] 81F7D3F8AC82C2D23CCD49E79CC597C2
C:\Program Files\FreeMovieConverter.net\Free DVD Converter\skin-black\sysmenulayermask.bmp --a---- 3556 bytes [09:37 03/05/2012] [14:36 06/02/2010] 11528AD66D6CFBE85A5EBEBBFC2F1D1B
C:\Program Files\OpenOffice.org 3\Basis\share\config\soffice.cfg\modules\simpress\toolbar\commontaskbar.xml --a---- 835 bytes [05:37 30/09/2008] [05:37 30/09/2008] 644DB5868BE1DA0D554DF88470622E91
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll --a---- 598016 bytes [03:02 23/03/2012] [00:39 18/02/2009] D8EC761B23A596323DA009E0EF0B582F
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\file_creation_task.rb --a---- 670 bytes [15:25 28/02/2012] [15:25 28/02/2012] 85AA0A704DF2F0BB21D6AD2F7BA0266E
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\file_task.rb --a---- 1314 bytes [15:25 28/02/2012] [15:25 28/02/2012] 561D043A77B5442A5F1916671D497CC8
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\gempackagetask.rb --a---- 283 bytes [15:25 28/02/2012] [15:25 28/02/2012] C79EF1B7DBA9AD23D52F0D0B9573D127
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\multi_task.rb --a---- 418 bytes [15:25 28/02/2012] [15:25 28/02/2012] 078D4DDB11DC09A27AC97C94114DC749
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\packagetask.rb --a---- 5191 bytes [15:25 28/02/2012] [15:25 28/02/2012] CAEAF099FCF420154F50530A7DBE61D9
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\rdoctask.rb --a---- 6707 bytes [15:25 28/02/2012] [15:25 28/02/2012] 889100A70D582F9A97D837C1BE9B9525
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\task.rb --a---- 9694 bytes [15:25 28/02/2012] [15:25 28/02/2012] AA74F3D94F1DA1DB3203A48FC8A10348
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\tasklib.rb --a---- 580 bytes [15:25 28/02/2012] [15:25 28/02/2012] 9175E33594815452898E4BB73FF1D9D8
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\task_arguments.rb --a---- 1676 bytes [15:25 28/02/2012] [15:25 28/02/2012] 52830E116B583C4ED9B51E8216669361
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\task_argument_error.rb --a---- 119 bytes [15:25 28/02/2012] [15:25 28/02/2012] B0A6917CB64C7F548C54A2397072F6E5
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\task_manager.rb --a---- 8979 bytes [15:25 28/02/2012] [15:25 28/02/2012] F6B36FB0CE973482254E16FBA46BE361
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rake\testtask.rb --a---- 5000 bytes [15:25 28/02/2012] [15:25 28/02/2012] F9E9E3FB8EDAD784E5B91371B6456F3C
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rdoc\task.rb --a---- 7684 bytes [15:25 28/02/2012] [15:25 28/02/2012] 43D1E8A1D657A45F1008D0CA0B8FF60D
C:\Program Files\Spiceworks\lib\ruby\1.9.1\rubygems\package_task.rb --a---- 3884 bytes [15:25 28/02/2012] [15:25 28/02/2012] 0346C941C89EE1EEC18476D6A932BE8F
C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\rubygems\package_task.rb --a---- 3869 bytes [15:25 28/02/2012] [15:25 28/02/2012] BD92D8C79E9E222672E6718B447511B1
C:\Program Files\Spiceworks\pkg\gems\delayed_job-2.0.7\lib\delayed\tasks.rb --a---- 418 bytes [15:26 28/02/2012] [15:26 28/02/2012] 3FCADC4A332BC3D24332060BD2AB6ED8
C:\Program Files\Spiceworks\pkg\gems\rails-2.3.8\lib\rails_generator\generators\components\plugin\templates\tasks.rake --a---- 94 bytes [15:26 28/02/2012] [15:26 28/02/2012] AD7718B9233B6C40A460E2F182D119B8
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\forms\buttons\ask_question.gif --a---- 743 bytes [15:27 28/02/2012] [15:27 28/02/2012] A168514F1C6AE5DA23AC53AF38246CC1
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\forms\buttons\ask_question_active.gif --a---- 1151 bytes [15:27 28/02/2012] [15:27 28/02/2012] 002AB42643295018760B1B0021EB85E7
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\forms\buttons\ask_question_disabled.gif --a---- 719 bytes [15:27 28/02/2012] [15:27 28/02/2012] 6E8288A5D292D8EFA022D41733CE855E
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\forms\buttons\ask_question_hover.gif --a---- 750 bytes [15:27 28/02/2012] [15:27 28/02/2012] 81AF2FFDA00D0BF2B2E4E1ADC14B63B6
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\icons\questions\asked.png --a---- 1040 bytes [15:27 28/02/2012] [15:27 28/02/2012] DEE2736C54EBF6ED4E41FBF544B411FC
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\icons\questions\asked_fade.png --a---- 1032 bytes [15:27 28/02/2012] [15:27 28/02/2012] B8D9DE59DD914849D369F511CA09F380
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\icons\questions\asked_small.png --a---- 880 bytes [15:27 28/02/2012] [15:27 28/02/2012] BE55EEAADBD9267C4E474DCA3EFDC6F4
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\screenshots\taskbar_icon.gif --a---- 2038 bytes [15:27 28/02/2012] [15:27 28/02/2012] C9BF2D66DF7864094437102EC2CD88E0
C:\Program Files\Spiceworks\pkg\gems\spiceworks_public-5.3.75941\images\screenshots\taskbar_preferences.png --a---- 1512 bytes [15:27 28/02/2012] [15:27 28/02/2012] 899757B9A4FE9A140E3CCED9564DD25D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk --a---- 1676 bytes [12:54 02/11/2006] [12:54 02/11/2006] B422AEDFE34E1CA0B630D732E45E2AF6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk --a---- 1670 bytes [12:54 02/11/2006] [12:54 02/11/2006] 0C4985BCCC0BDCF47C63F1515FA63AFC
C:\ProgramData\Spybot - Search & Destroy\Snapshots2\RegDTaskMgr-Global.reg --a---- 142 bytes [07:34 24/05/2012] [15:26 10/06/2012] 38D1E94CD7BF1B54D715AC9DD4387A60
C:\Users\adm\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RJKUV6D\au.ask[1].xml --a---- 84 bytes [18:59 22/05/2012] [18:59 22/05/2012] 3D035673D786E89AC413CA82F76ECEC7
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\1D2MMNF5\au.ask[1].xml --a---- 84 bytes [22:49 19/05/2012] [22:49 19/05/2012] 7CF3F6366630AFF9BA31F2605446B2F3
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico --a---- 1150 bytes [07:41 03/06/2012] [07:41 03/06/2012] 3A2621535E6A482B2783AA692B103D04
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml --a---- 921 bytes [07:41 03/06/2012] [07:41 03/06/2012] 36D04573E13760F1625D1FBCB0D1D73E
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd --a---- 86462 bytes [13:47 18/06/2012] [13:58 18/06/2012] 12B1CED74CE21BFC990E87348EB6C12A
C:\Users\admin\Pictures\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8O09KL0L\Codecs-frequently-asked-questions[1].htm --a---- 68409 bytes [10:37 11/06/2012] [04:31 03/05/2012] A0B2819D94A128000A7E428FD80D6BF8
C:\Users\admin\Pictures\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8T81KNJ\mask175[1].png --a---- 2295 bytes [10:38 11/06/2012] [21:13 23/03/2012] F555FD9B68F03F9172401658895FF91F
C:\Users\admin\Pictures\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1CFUI54\mask100gray[1].png --a---- 2283 bytes [10:39 11/06/2012] [21:13 23/03/2012] 041AFD67F5B0ADFEA5FC388F682FCDB7
C:\Users\admin\Pictures\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1CFUI54\mask60[1].png --a---- 813 bytes [10:39 11/06/2012] [21:13 23/03/2012] F0898EE4101864D4279C9C70C8910575
C:\Users\Administrator\Music\John Farnham\Uncovered\08 Please dont ask me.mp3 --a---- 3252224 bytes [09:24 01/07/2012] [09:28 01/07/2012] A1DEDBAEE38FE587485B5E1AAC06F89D
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk --a---- 1676 bytes [12:54 02/11/2006] [12:54 02/11/2006] B422AEDFE34E1CA0B630D732E45E2AF6
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk --a---- 1670 bytes [12:54 02/11/2006] [12:54 02/11/2006] 0C4985BCCC0BDCF47C63F1515FA63AFC
C:\Users\All Users\Spybot - Search & Destroy\Snapshots2\RegDTaskMgr-Global.reg --a---- 142 bytes [07:34 24/05/2012] [15:26 10/06/2012] 38D1E94CD7BF1B54D715AC9DD4387A60
C:\Users\suzi\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\P65RY2HU\ask.metafilter[1].xml --a---- 96 bytes [15:17 13/06/2012] [15:25 13/06/2012] 2C82C3A4074E65DAAE66BD9AA8643F0D
C:\Users\suzi\Favorites\- Ask a Question Get an Answer For Free FuriousTee.url --a---- 2290 bytes [13:33 13/06/2012] [05:10 20/06/2012] 2653F3436B6F1CF29765F20BCF03EF15
C:\Users\suzi\Favorites\Help me find out if someone is spying on my computer - computer security spyware Ask MetaFilter.url --a---- 365 bytes [15:21 13/06/2012] [05:10 20/06/2012] 98C65896E488DFAEB2DDA92B2B80E485
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll --a---- 655360 bytes [03:01 23/03/2012] [10:42 29/03/2009] CD044E0BA510BE6BF4227DBD0FADB284
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll --a---- 802816 bytes [05:52 18/03/2012] [05:52 18/03/2012] 37F17D4698086C90127BBD90E73D7FE2
C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll --a---- 598016 bytes [03:02 23/03/2012] [00:39 18/02/2009] D8EC761B23A596323DA009E0EF0B582F
C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll --a---- 163840 bytes [02:24 21/01/2008] [02:24 21/01/2008] A3412B8CAE691416C7393E542F6C65E3
C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll --a---- 6656 bytes [12:41 02/11/2006] [12:41 02/11/2006] 9AA315F0EB92E005FEDB833766E8C8F9
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\26e5108aa22d39b2054c544eca7f7023\Microsoft.Build.Tasks.ni.dll --a---- 1620992 bytes [04:52 11/05/2012] [04:52 11/05/2012] 2FC403D1518D85492C57221233C063A0
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\304acbf276a1820a1c11f6f923d52745\Microsoft.Build.Tasks.ni.dll --a---- 1620992 bytes [20:43 03/08/2008] [20:43 03/08/2008] BCAA350AAF6B68EF37D2FCF837A637E3
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5ac593ad537e7dd735bdabba9d766e55\Microsoft.Build.Tasks.v3.5.ni.dll --a---- 1966080 bytes [20:43 03/08/2008] [20:43 03/08/2008] ABFD1C1880CDFAA4CF52BB0DA47DC255
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\fcf4a03940394213dfc5ccc00fc7dd83\Microsoft.Build.Tasks.v3.5.ni.dll --a---- 1966080 bytes [04:52 11/05/2012] [04:52 11/05/2012] 73F0EC01BD37FC601A498D2CDDC4D718
C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\fc59920e9bbba90d812714c1748e2cec\PresentationBuildTasks.ni.dll --a---- 1451008 bytes [04:53 11/05/2012] [04:53 11/05/2012] 086B460AD853315EE005AC8CE732CD60
C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\aaccc6d20e77e0f082e5af55a18079b8\TaskScheduler.ni.dll --a---- 235520 bytes [04:54 11/05/2012] [04:54 11/05/2012] F59689C53BA9450C559B251D794ABA36
C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\dff98b9115ba5b0f796550c3604f3ac2\TaskScheduler.ni.dll --a---- 235520 bytes [20:44 03/08/2008] [20:44 03/08/2008] E006535527E2FCF1F8A397CEB5F71D95
C:\Windows\Help\mui\0409\taskscheduler.CHM --a---- 64981 bytes [08:31 21/01/2008] [08:31 21/01/2008] FD8EE8EEFFEE46E4323307058B62430F
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll --a---- 655360 bytes [03:01 23/03/2012] [10:42 29/03/2009] CD044E0BA510BE6BF4227DBD0FADB284
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.Tasks --a---- 6838 bytes [02:24 21/01/2008] [02:24 21/01/2008] 54A4EA347F2C2D5C3E10F7CC6D689600
C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll --a---- 802816 bytes [12:40 29/07/2008] [12:40 29/07/2008] 37F17D4698086C90127BBD90E73D7FE2
C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft.Common.Tasks --a---- 11588 bytes [23:19 16/05/2008] [23:19 16/05/2008] 1D34906C6AA1C79C6E986403896DA7B9
C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll --a---- 40960 bytes [12:40 29/07/2008] [12:40 29/07/2008] 3CA3B76179D437BD898DCD9FB92B0E92
C:\Windows\PolicyDefinitions\Taskbar.admx --a---- 5755 bytes [12:36 02/11/2006] [12:36 02/11/2006] DCBADE1D94CE89C1C026335F2AAA4282
C:\Windows\PolicyDefinitions\TaskScheduler.admx --a---- 5520 bytes [12:36 02/11/2006] [12:36 02/11/2006] 81F5D01FCC855EAA4E2195A41354CF43
C:\Windows\PolicyDefinitions\en-US\Taskbar.adml --a---- 4870 bytes [12:41 02/11/2006] [12:41 02/11/2006] 073D21F5C885E9B47E0FEF98D5F8E475
C:\Windows\PolicyDefinitions\en-US\TaskScheduler.adml --a---- 7038 bytes [12:41 02/11/2006] [12:41 02/11/2006] 09BB6BBD535E6B16043D7DE703670523
C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --a---- 19260 bytes [05:01 16/03/2012] [09:55 08/07/2012] DEC85FDBCE9DD1F3FD2B63C0E1DFF8E2
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6002.18005_de-de_7b500367b9d58bc7.manifest --a---- 2488 bytes [19:05 21/03/2012] [12:48 10/04/2009] E601FAF8DF6F7E95992BF7B39752A956
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6002.18005_es-es_a8317f65d82a532d.manifest --a---- 2488 bytes [19:05 21/03/2012] [12:47 10/04/2009] 6767F9DA74F0DB61A7649B5485439A72
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6002.18005_fr-fr_d5a625e1f612fb5b.manifest --a---- 2488 bytes [19:05 21/03/2012] [12:48 10/04/2009] DAA454F013F020E76D3F287924A0E8A8
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6002.18005_ja-jp_8b561c386dd18a8a.manifest --a---- 2488 bytes [19:05 21/03/2012] [12:49 10/04/2009] DA4D9703FF49B24C0085220A907C18A9
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6002.18005_de-de_a12818806124ef8e.manifest --a---- 2579 bytes [19:05 21/03/2012] [12:48 10/04/2009] C018E6D297D8FA0EF451D375B7A493E6
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6002.18005_es-es_49e44b5d5029ecf8.manifest --a---- 2579 bytes [19:05 21/03/2012] [12:47 10/04/2009] B14F3D58AF3D5EC2BEDC1121374DFE90
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6002.18005_fr-fr_ec9bc15c42fc035a.manifest --a---- 2579 bytes [19:05 21/03/2012] [12:48 10/04/2009] E4AABB8DCD57228615DEF2984115C020
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6002.18005_ja-jp_78e936b00d48fab3.manifest --a---- 2579 bytes [19:05 21/03/2012] [12:49 10/04/2009] 1B032C7CB5C1C67BA2664E19A1F22D3A
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6002.18005_de-de_7b03caf0a8e30520.manifest --a---- 3148 bytes [19:05 21/03/2012] [12:49 10/04/2009] C0952557EA22DBA478278625F750042C
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6002.18005_es-es_23bffdcd97e8028a.manifest --a---- 3148 bytes [19:05 21/03/2012] [12:48 10/04/2009] 6ABBFBCB40FBA087B628C3A0426DD49D
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6002.18005_fr-fr_c67773cc8aba18ec.manifest --a---- 3148 bytes [19:05 21/03/2012] [12:48 10/04/2009] EBDBD4A96FACDDCBE27431A7686E4D79
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6002.18005_ja-jp_52c4e92055071045.manifest --a---- 3148 bytes [19:05 21/03/2012] [12:51 10/04/2009] B6B65CD58E414680927AC95F9E94A1C0
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419\Microsoft.Build.Tasks.dll --a---- 655360 bytes [19:06 21/03/2012] [04:42 30/03/2009] CD044E0BA510BE6BF4227DBD0FADB284
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c\PresentationBuildTasks.dll --a---- 598016 bytes [19:06 21/03/2012] [18:39 18/02/2009] D8EC761B23A596323DA009E0EF0B582F
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.1.6002.18005_none_2f33863c711b37e7\bthudtask.exe --a---- 34304 bytes [19:06 21/03/2012] [06:27 11/04/2009] 7F5936A3FF5E83272EA1DC8985B2A228
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6002.18005_none_6a8074d6d95d7e9b\taskcomp.dll --a---- 270336 bytes [19:06 21/03/2012] [06:28 11/04/2009] 67ECC768ADB04591CBCF15783CB2A817
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3\taskeng.exe --a---- 169984 bytes [19:06 21/03/2012] [06:28 11/04/2009] E5BBFC283D6F5D69B41E464676361020
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_51f8b7ea4a9d538d\PresentationBuildTasks.dll --a---- 598016 bytes [19:06 21/03/2012] [18:39 18/02/2009] D8EC761B23A596323DA009E0EF0B582F
C:\Windows\system\mmtask.tsk --a---- 1152 bytes [07:10 02/11/2006] [07:10 02/11/2006] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\System32\bthudtask.exe --a---- 34304 bytes [03:02 23/03/2012] [12:27 10/04/2009] 7F5936A3FF5E83272EA1DC8985B2A228
C:\Windows\System32\mmtask.tsk --a---- 1152 bytes [07:10 02/11/2006] [07:10 02/11/2006] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\System32\mstask.dll --a---- 206336 bytes [02:24 21/01/2008] [02:24 21/01/2008] 73FD66B14D3C4252F7A524B8836A4359
C:\Windows\System32\schtasks.exe --a---- 151552 bytes [02:25 21/01/2008] [02:25 21/01/2008] 1F171553F1138DC0062A71A7D275055A
C:\Windows\System32\taskcomp.dll --a---- 270336 bytes [02:30 18/03/2012] [18:55 04/11/2010] 2A6A2C09ECC2CB495628E45F1379ECE8
C:\Windows\System32\taskeng.exe --a---- 171520 bytes [02:30 18/03/2012] [16:34 04/11/2010] 3D50C4B10352367D5CB20ED1F50F8DA2
C:\Windows\System32\taskkill.exe --a---- 78848 bytes [02:24 21/01/2008] [02:24 21/01/2008] A643C0DED02A2B3F7D195C115B953648
C:\Windows\System32\tasklist.exe --a---- 80896 bytes [02:24 21/01/2008] [02:24 21/01/2008] 11941F4F7FA19BE171C765E2571EF8F4
C:\Windows\System32\taskmgr.exe --a---- 163840 bytes [02:25 21/01/2008] [02:25 21/01/2008] EF8AE178FAE3C5F97E383753EB1DF3BA
C:\Windows\System32\taskschd.dll --a---- 352768 bytes [02:30 18/03/2012] [18:55 04/11/2010] 52E129522C1775DBB8CC252E7A0655C7
C:\Windows\System32\taskschd.msc --a---- 145059 bytes [07:15 02/11/2006] [21:37 18/09/2006] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\System32\TaskSchdPS.dll --a---- 73216 bytes [08:40 02/11/2006] [09:46 02/11/2006] CDE36A70A5280FC0696E6E4363C4C71D
C:\Windows\System32\en-US\mstask.dll.mui --a---- 53248 bytes [12:41 02/11/2006] [12:41 02/11/2006] 73F4BDA086EA8D974BA0793533E5ADA0
C:\Windows\System32\en-US\schtasks.exe.mui --a---- 81920 bytes [02:26 21/01/2008] [02:26 21/01/2008] 8D69998CA701223902C85197A626ADF6
C:\Windows\System32\en-US\taskcomp.dll.mui --a---- 13824 bytes [12:41 02/11/2006] [12:41 02/11/2006] 61182695EF0ADEEC44FCBB52078218BF
C:\Windows\System32\en-US\TaskEng.exe.mui --a---- 3072 bytes [12:41 02/11/2006] [12:41 02/11/2006] B292CE197E3FB36269F8873EAF5B3EA7
C:\Windows\System32\en-US\taskkill.exe.mui --a---- 16384 bytes [12:40 02/11/2006] [12:40 02/11/2006] 92BBC74D1482C44F8CA4D443409F3578
C:\Windows\System32\en-US\tasklist.exe.mui --a---- 15360 bytes [12:40 02/11/2006] [12:40 02/11/2006] CF89B7621E62939BD1C4D2F100CF8080
C:\Windows\System32\en-US\taskmgr.exe.mui --a---- 40960 bytes [12:41 02/11/2006] [12:41 02/11/2006] 5C682D66A0883A83A1A7EF7A674B7DF9
C:\Windows\System32\en-US\taskschd.dll.mui --a---- 3072 bytes [12:41 02/11/2006] [12:41 02/11/2006] D6C9DCD09590843D7E6C1B834940B786
C:\Windows\System32\en-US\taskschd.msc --a---- 145059 bytes [12:40 02/11/2006] [12:40 02/11/2006] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore --a---- 3628 bytes [01:41 23/03/2012] [01:46 23/03/2012] B885B268A55415B71979D292DBB6F55D
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA --a---- 3880 bytes [01:41 23/03/2012] [01:46 23/03/2012] 45A7AE605D122A417C70A59605B62422
C:\Windows\System32\Tasks\Spybot - Search & Destroy - Scheduled Task --a---- 2392 bytes [05:32 17/03/2012] [05:33 17/03/2012] 7ACC99759322FF3E967B1ADA3C645E83
C:\Windows\System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task --a---- 2398 bytes [18:05 22/05/2012] [18:05 22/05/2012] 921B150C02F38F35F4501A5D3B3D62A1
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask --a---- 1656 bytes [12:53 02/11/2006] [12:53 02/11/2006] EE7EDB09DCAEA32B07D8430F540B064F
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask --a---- 3044 bytes [12:50 02/11/2006] [12:50 02/11/2006] A99C68707285B0424001BE83055D0C40
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask --a---- 3030 bytes [12:50 02/11/2006] [12:50 02/11/2006] A901B201E2133EE537F1B9D9934987F7
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam --a---- 3738 bytes [12:50 02/11/2006] [12:50 02/11/2006] FC6D94B85AA91EEFB313335516E30215
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask --a---- 4462 bytes [12:54 02/11/2006] [12:56 02/11/2006] E51F7F04F14AE9C31F8A7DDDFF2C3595
C:\Windows\System32\wbem\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx --a---- 10489856 bytes [02:10 15/12/2011] [09:17 07/07/2012] 001A4DA1B61B5C00C5026BF160F29411
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --a---- 880 bytes [01:41 23/03/2012] [09:55 08/07/2012] BE61FBAD0F84C2C0DD191E06D0611644
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.bak --a---- 884 bytes [01:41 23/03/2012] [23:51 20/06/2012] 304914E4A8D191D62AA0D8CF58A587D4
C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job --a---- 254 bytes [05:32 17/03/2012] [09:21 07/07/2012] 4813EF52B6945EA05432B094FECD68D4
C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job --a---- 262 bytes [18:05 22/05/2012] [18:05 22/05/2012] 3B7F2082A5BA8918B90A04DD1722CF53
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_mmtask.tsk_f97d0de1 --a---- 1152 bytes [03:16 23/03/2012] [03:09 23/03/2012] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813_mmtask.tsk_f97d0de1 --a---- 1152 bytes [10:43 02/11/2006] [10:41 02/11/2006] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\winsxs\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms --a---- 672 bytes [10:43 02/11/2006] [12:37 02/11/2006] 2EAF6C176CDE6B2797C6BCA5EAC085D5
C:\Windows\winsxs\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms --a---- 680 bytes [10:43 02/11/2006] [12:37 02/11/2006] 3F7D3B2A4FFB6637268B45B415BF963E
C:\Windows\winsxs\FileMaps\$$_system32_tasks_microsoft_windows_synccenter_6c995d37b2976a17.cdf-ms --a---- 688 bytes [12:37 02/11/2006] [12:37 02/11/2006] 9F1B9BD6CAE7DD80B1CA9170AC5CE97A
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6000.16386_en-us_a87c955bd7856a0a.manifest --a---- 583 bytes [12:39 02/11/2006] [12:39 02/11/2006] 4FC1BF8197A22031BF6992EF94851495
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6000.16720_en-us_a8771bbfd78a397e.manifest ------- 583 bytes [05:42 18/03/2012] [23:29 27/07/2008] 479F863CD2D3759DE58EB4865983F3B4
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6000.20883_en-us_91af3263f12c7e71.manifest ------- 583 bytes [05:42 18/03/2012] [23:30 27/07/2008] 838CA3B2F66DA8583171347A4333E00F
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6001.18111_en-us_a8520075d7dc461f.manifest ------- 583 bytes [05:42 18/03/2012] [23:41 27/07/2008] ED5AD75219AAB98B82C482932811C65B
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_6.0.6001.22230_en-us_91867111f181bf32.manifest ------- 583 bytes [05:42 18/03/2012] [23:26 27/07/2008] EEB1A13090A82060939B7171ACEEEE01
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16386_none_9d8c9b288cd78739.manifest --a---- 6427 bytes [10:21 02/11/2006] [10:07 02/11/2006] 579AB8CDEF759D2F163C2FABCFF5BE44
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16720_none_9d87218c8cdc56ad.manifest ------- 6427 bytes [05:42 18/03/2012] [23:19 27/07/2008] D1692E11997D137D0B025C1C842F2878
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.20883_none_86bf3830a67e9ba0.manifest ------- 6427 bytes [05:42 18/03/2012] [23:22 27/07/2008] 136E85699992F3574575C8B2EFCF5575
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18000_none_9d611ce48d2f3005.manifest --a---- 6427 bytes [02:20 21/01/2008] [02:20 21/01/2008] 8BB4998BE68C04FF5FAAFA380FE2E84E
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18111_none_9d6206428d2e634e.manifest ------- 6427 bytes [05:42 18/03/2012] [23:45 27/07/2008] 4563387EA18AF4A14EE2D9EE67FF1240
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.22230_none_869676dea6d3dc61.manifest ------- 6427 bytes [05:42 18/03/2012] [23:31 27/07/2008] 520B3F2136FFABE5C313BA84755D1B82
C:\Windows\winsxs\Manifests\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419.manifest ------- 6427 bytes [18:39 21/03/2012] [13:19 10/04/2009] 971AC02738972CE188B3A882967E7912
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6000.16386_en-us_45f6b37155f61f33.manifest --a---- 703 bytes [12:39 02/11/2006] [12:39 02/11/2006] 199A8DE02E4091A14F5D538C126D501D
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6000.16708_en-us_464f3afd55b366f5.manifest ------- 703 bytes [05:48 18/03/2012] [02:30 23/06/2008] 10DA1F9F4F506DC50D325E7BA5FBDCA9
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6000.20864_en-us_4693f7186f054909.manifest ------- 703 bytes [05:48 18/03/2012] [02:23 23/06/2008] ADBBC6D21DB2B41543B61AFE65906D39
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6001.18096_en-us_47d227dd5324c38a.manifest ------- 703 bytes [05:48 18/03/2012] [02:32 23/06/2008] 8948F57B9510D40E2DE5CBADFD43BA82
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6001.22208_en-us_48bf166e6bf797b0.manifest ------- 703 bytes [05:48 18/03/2012] [02:09 23/06/2008] 08D9606C48BB828A81FC36EB2BEF1D76
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks.resources_31bf3856ad364e35_6.0.6002.18005_en-us_4a18ee795002fb53.manifest ------- 703 bytes [18:39 21/03/2012] [12:43 10/04/2009] F1C552E0A02435445B4A4AEF4EDED5F5
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.16386_none_99e9ba843bad4c5c.manifest --a---- 3861 bytes [12:34 02/11/2006] [12:34 02/11/2006] 71DB49C1A28F2087B6BD4D809E20D02D
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_9a4242103b6a941e.manifest ------- 3176 bytes [05:48 18/03/2012] [02:06 23/06/2008] 423823E33E178F1CC5627E6E3FD9D26F
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_9a86fe2b54bc7632.manifest ------- 3176 bytes [05:48 18/03/2012] [02:03 23/06/2008] D1F5A79AF8C04060D2DD5E70F1736844
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_9c207c8038985d30.manifest --a---- 3861 bytes [02:21 21/01/2008] [02:21 21/01/2008] 9339811DF6F637B616A2080B734B0A4C
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_9bc52ef038dbf0b3.manifest ------- 3176 bytes [05:48 18/03/2012] [02:41 23/06/2008] 4FE706037FEB51224B92B2CAD5265244
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_9cb21d8151aec4d9.manifest ------- 3176 bytes [05:48 18/03/2012] [02:00 23/06/2008] EF9F64C39743A323F3356542AA8986C7
C:\Windows\winsxs\Manifests\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c.manifest ------- 3176 bytes [18:39 21/03/2012] [13:17 10/04/2009] 1CDBE97BB64A74B23A6414FF953EDA6B
C:\Windows\winsxs\Manifests\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1fd265e19db434c5.manifest --a---- 3148 bytes [12:39 02/11/2006] [12:39 02/11/2006] B1C8DC281E44B4FD02E152D0481ABB06
C:\Windows\winsxs\Manifests\msil_taskscheduler_31bf3856ad364e35_6.0.6000.16386_none_12c65bdc426bc2aa.manifest --a---- 3764 bytes [10:21 02/11/2006] [10:06 02/11/2006] EC6EF3B472740C02C810B616E13038F5
C:\Windows\winsxs\Manifests\msil_taskscheduler_31bf3856ad364e35_6.0.6001.18000_none_14fd1dd83f56d37e.manifest --a---- 3764 bytes [02:19 21/01/2008] [02:19 21/01/2008] 9D150B9C4CB2B8CD11F51E7D29460D1F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..bilityanalysistasks_31bf3856ad364e35_6.0.6000.16386_none_8226a8c2dcf605c6.manifest --a---- 2639 bytes [10:21 02/11/2006] [10:02 02/11/2006] 052C8A58923A07F06F964DFC70E55303
C:\Windows\winsxs\Manifests\x86_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.0.6000.16386_en-us_20e164d84bf82dc3.manifest --a---- 2491 bytes [12:39 02/11/2006] [12:39 02/11/2006] 2A2EC54532AD7ADAC0E13955EE56454E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.0.6001.18000_en-us_231826d448e33e97.manifest --a---- 2491 bytes [02:21 21/01/2008] [02:21 21/01/2008] F3999579BE07E6CE4BBF785138E1F6B6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.0.6000.16386_none_8808b597b86b49ac.manifest --a---- 7687 bytes [10:21 02/11/2006] [10:14 02/11/2006] 62D6ACEE9093642C9EB0261B6FD3CB99
C:\Windows\winsxs\Manifests\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.0.6001.18000_none_8a3f7793b5565a80.manifest --a---- 7687 bytes [02:20 21/01/2008] [02:20 21/01/2008] B643011A315714C4BF6D89EB434EF149
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe1202d2215002e2.manifest --a---- 2440 bytes [12:39 02/11/2006] [12:39 02/11/2006] 3826FAA1C18262B339B85DF94B06E6B1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.0.6000.16386_none_23473d095f257b2b.manifest --a---- 7646 bytes [10:21 02/11/2006] [10:18 02/11/2006] D46D94EE3903220437BC97533F06AACC
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.0.6001.18000_none_257dff055c108bff.manifest --a---- 7646 bytes [02:19 21/01/2008] [02:19 21/01/2008] A1F6A45CCC7F18C316E5AC562BBC6706
C:\Windows\winsxs\Manifests\x86_microsoft-windows-tasklist.resources_31bf3856ad364e35_6.0.6000.16386_en-us_be562c3236d32330.manifest --a---- 2440 bytes [12:39 02/11/2006] [12:39 02/11/2006] 530418B62F2F5C18C2BF3F6F99B45FE7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.0.6000.16386_none_260c70355d6693bb.manifest --a---- 7598 bytes [10:21 02/11/2006] [10:08 02/11/2006] 2A7207928949BF1A5CC99A5D1F57657F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.0.6001.18000_none_284332315a51a48f.manifest --a---- 7598 bytes [02:19 21/01/2008] [02:19 21/01/2008] E7F480FB635A93356A8D1CFFB5B72B39
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d4a55056622813a6.manifest --a---- 2476 bytes [12:39 02/11/2006] [12:39 02/11/2006] D9D820C1F88A0A20603EAF74ECD96AC3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6000.16386_none_122b6d31ac48dff3.manifest --a---- 9021 bytes [10:21 02/11/2006] [10:09 02/11/2006] CFE8EE138301DB55186BF2242A12500D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6001.18000_none_14622f2da933f0c7.manifest --a---- 9021 bytes [02:20 21/01/2008] [02:20 21/01/2008] B27D45A2B417091647D9468055897862
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-adm_31bf3856ad364e35_6.0.6000.16386_none_a91b661cc339ff63.manifest --a---- 2936 bytes [12:34 02/11/2006] [12:34 02/11/2006] 94CF7122196989C297DD36D2157C8101
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6000.16386_none_41c38618a164d0bc.manifest --a---- 58998 bytes [10:20 02/11/2006] [10:08 02/11/2006] BB73F5F3096F8360A7CBA5B155DEF416
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.18000_none_43fa48149e4fe190.manifest --a---- 59005 bytes [02:20 21/01/2008] [02:20 21/01/2008] CEEA0D1A5D45532F710676631E5CB40A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.18551_none_43c542409e77785f.manifest ------- 58695 bytes [02:21 18/03/2012] [11:22 06/11/2010] E290020514FAA47C3E4E8E4837FE6F43
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.22791_none_4423a141b7b58514.manifest ------- 58695 bytes [02:21 18/03/2012] [00:15 06/11/2010] 68D23F188B929F0996B78F72FE7B1106
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6002.18342_none_45b786449b94c810.manifest ------- 58695 bytes [02:21 18/03/2012] [19:14 04/11/2010] 7F5702EF9B39F567FDBEBFC8F7496949
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6002.22519_none_466896bfb493c28f.manifest ------- 58695 bytes [02:21 18/03/2012] [01:01 05/11/2010] 09DE48A82EB8FDB0379E4CCC552700D6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6000.16386_none_e3758b32c1ef5c83.manifest --a---- 8318 bytes [10:21 02/11/2006] [10:13 02/11/2006] F803B589132C9332BA1EA32249F0C913
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57.manifest --a---- 8325 bytes [02:20 21/01/2008] [02:20 21/01/2008] 498ED7DA2FA5C81B9B9F5B1E0490A310
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426.manifest ------- 8325 bytes [02:21 18/03/2012] [11:23 06/11/2010] 480602A85FEEC3CA50A2B36A54A6F7B9
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db.manifest ------- 8325 bytes [02:21 18/03/2012] [00:17 06/11/2010] AA6E6A1BD568B9EABDB84AFB5723EB1A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3.manifest ------- 8325 bytes [18:39 21/03/2012] [13:18 10/04/2009] 58D6F092CAC8E552751E7C463BE953C1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7.manifest ------- 8325 bytes [02:21 18/03/2012] [19:17 04/11/2010] 113F26876EA1BE2DD2D8D3FADFB60A49
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56.manifest ------- 8325 bytes [02:21 18/03/2012] [01:03 05/11/2010] 9D3404188B15CC466A11A376AF6B6AFC
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-proxy_31bf3856ad364e35_6.0.6000.16386_none_7b87175bbe5d3c57.manifest --a---- 6956 bytes [10:21 02/11/2006] [10:18 02/11/2006] D5C379344816D67D912DCA6226EE79D5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16386_none_2cca5c959a1767e4.manifest --a---- 116196 bytes [10:20 02/11/2006] [10:09 02/11/2006] 11A6DFA40E76B6A688DECAECAC081E92
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6.manifest --a---- 121714 bytes [02:09 21/01/2008] [02:09 21/01/2008] 4EE30FFC97904A6B199665362DB2BE9D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0.manifest --a---- 121714 bytes [02:09 21/01/2008] [02:09 21/01/2008] A7A7284FB944BAF06D810A127E3D8A2E
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8.manifest --a---- 116561 bytes [02:20 21/01/2008] [02:20 21/01/2008] 77339984AF1B6762DC1811FE15CBD750
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87.manifest ------- 116813 bytes [02:21 18/03/2012] [11:23 06/11/2010] 96839BE56EE36E41EC58F193B8A1E097
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c.manifest ------- 116813 bytes [02:21 18/03/2012] [00:17 06/11/2010] 7CB0EFBD623785A089098663FB2C6FFD
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404.manifest ------- 116561 bytes [18:39 21/03/2012] [13:17 10/04/2009] 2C078ED01C1A32D821BD429DBDBA05AC
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38.manifest ------- 116813 bytes [02:21 18/03/2012] [19:16 04/11/2010] CD54D0A42CA116F3CB3E6B7C9C2D042D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7.manifest ------- 116813 bytes [02:21 18/03/2012] [01:02 05/11/2010] 634EB513E698ED46408DA29F1053ECCD
C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskschedulerv2_31bf3856ad364e35_6.0.6000.16386_none_2061e4a30f8d9a80.manifest --a---- 3803 bytes [10:21 02/11/2006] [10:03 02/11/2006] 9AB705314DCD8E9DDE98EFF0AF9A39CF
C:\Windows\winsxs\Manifests\x86_networking-mpssvc-rules-remotetask_31bf3856ad364e35_6.0.6000.16386_none_0a721fe459c8135c.manifest --a---- 2555 bytes [12:34 02/11/2006] [12:34 02/11/2006] E62DA7CA7C112F91D164D4199D9B2080
C:\Windows\winsxs\Manifests\x86_server-help-chm.taskscheduler_lh_31bf3856ad364e35_6.0.6000.16386_none_e6506d12dfb7f672.manifest --a---- 1338 bytes [12:34 02/11/2006] [12:34 02/11/2006] 77A98A22DFDF6A3FCEB2CC6045627D10
C:\Windows\winsxs\Manifests\x86_taskschedulersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f136490a30ccb23d.manifest --a---- 3469 bytes [12:39 02/11/2006] [12:39 02/11/2006] 508C86428CAC30606B007C7C65A1B127
C:\Windows\winsxs\Manifests\x86_taskschedulersettings_31bf3856ad364e35_6.0.6000.16386_none_48b441ce0771d3b2.manifest --a---- 20188 bytes [10:21 02/11/2006] [10:04 02/11/2006] 0110EE69A4D5879AA34CE12A9570B24A
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.16386_none_4dd67ce25090776d.manifest --a---- 3429 bytes [12:34 02/11/2006] [12:34 02/11/2006] 4E2D0A6D81F073E181217B69D1337143
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_4e2f046e504dbf2f.manifest ------- 3567 bytes [05:48 18/03/2012] [02:08 23/06/2008] 485DBC73D36FCCDC5A1C652FC98D3B07
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_4e73c089699fa143.manifest ------- 3567 bytes [05:48 18/03/2012] [02:05 23/06/2008] B36A2E60E9CA328A28EE217405239EB9
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_500d3ede4d7b8841.manifest --a---- 3429 bytes [02:21 21/01/2008] [02:21 21/01/2008] 558AF0F44491817FC106458523BEA085
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_4fb1f14e4dbf1bc4.manifest ------- 3567 bytes [05:48 18/03/2012] [02:43 23/06/2008] BEFCBF60B9EADD11EBD7C3EB3F23ED97
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_509edfdf6691efea.manifest ------- 3567 bytes [05:48 18/03/2012] [02:01 23/06/2008] 7BE10380831CC41B85914CC34C4912CB
C:\Windows\winsxs\Manifests\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_51f8b7ea4a9d538d.manifest ------- 3567 bytes [18:39 21/03/2012] [13:18 10/04/2009] ACD4690E184D9D29E930AD4354C4D144
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16386_none_9d8c9b288cd78739\Microsoft.Build.Tasks.dll --a---- 647168 bytes [06:34 02/11/2006] [01:14 20/10/2006] 91A4B9F8328F1A3F8606C5609D466D97
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16720_none_9d87218c8cdc56ad\Microsoft.Build.Tasks.dll --a---- 655360 bytes [05:42 18/03/2012] [18:00 27/07/2008] 8A3F5B72C3F402C8D33027A4C77F55AC
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.20883_none_86bf3830a67e9ba0\Microsoft.Build.Tasks.dll --a---- 655360 bytes [05:42 18/03/2012] [17:55 27/07/2008] 8A3F5B72C3F402C8D33027A4C77F55AC
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18000_none_9d611ce48d2f3005\Microsoft.Build.Tasks.dll --a---- 655360 bytes [02:24 21/01/2008] [02:24 21/01/2008] 373AF9D2CF27EBD3E2DE0358B1767A37
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18111_none_9d6206428d2e634e\Microsoft.Build.Tasks.dll --a---- 655360 bytes [05:42 18/03/2012] [18:03 27/07/2008] 8A3F5B72C3F402C8D33027A4C77F55AC
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.22230_none_869676dea6d3dc61\Microsoft.Build.Tasks.dll --a---- 655360 bytes [05:42 18/03/2012] [17:58 27/07/2008] 8A3F5B72C3F402C8D33027A4C77F55AC
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419\Microsoft.Build.Tasks.dll --a---- 655360 bytes [03:01 23/03/2012] [10:42 29/03/2009] CD044E0BA510BE6BF4227DBD0FADB284
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_9a4242103b6a941e\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:18 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_9a86fe2b54bc7632\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:12 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_9c207c8038985d30\PresentationBuildTasks.dll --a---- 602112 bytes [02:25 21/01/2008] [02:25 21/01/2008] 9BE99355DB9109B435B4AED740C19ECE
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_9bc52ef038dbf0b3\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:14 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_9cb21d8151aec4d9\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:13 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c\PresentationBuildTasks.dll --a---- 598016 bytes [03:02 23/03/2012] [00:39 18/02/2009] D8EC761B23A596323DA009E0EF0B582F
C:\Windows\winsxs\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1fd265e19db434c5\TaskScheduler.resources.dll --a---- 6656 bytes [12:41 02/11/2006] [12:41 02/11/2006] 9AA315F0EB92E005FEDB833766E8C8F9
C:\Windows\winsxs\msil_taskscheduler_31bf3856ad364e35_6.0.6001.18000_none_14fd1dd83f56d37e\TaskScheduler.dll --a---- 163840 bytes [02:24 21/01/2008] [02:24 21/01/2008] A3412B8CAE691416C7393E542F6C65E3
C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\bthudtask.exe --a---- 34304 bytes [08:55 02/11/2006] [09:44 02/11/2006] F8F7246DE32A1F0303B6DB31C6F2561A
C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.1.6002.18005_none_2f33863c711b37e7\bthudtask.exe --a---- 34304 bytes [03:02 23/03/2012] [12:27 10/04/2009] 7F5936A3FF5E83272EA1DC8985B2A228
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mmtask.tsk --a---- 1152 bytes [07:10 02/11/2006] [07:10 02/11/2006] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\mmtask.tsk --a---- 1152 bytes [07:10 02/11/2006] [07:10 02/11/2006] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mmtask.tsk --a---- 1152 bytes [07:10 02/11/2006] [07:10 02/11/2006] AAB73D4BF9CFED0DCDD00A11133751C6
C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.0.6000.16386_en-us_20c9bd966d6a6189\Taskbar.adml --a---- 4870 bytes [12:41 02/11/2006] [12:41 02/11/2006] 073D21F5C885E9B47E0FEF98D5F8E475
C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.0.6001.18000_en-us_23007f926a55725d\Taskbar.adml --a---- 4870 bytes [12:41 02/11/2006] [12:41 02/11/2006] 073D21F5C885E9B47E0FEF98D5F8E475
C:\Windows\winsxs\x86_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.0.6000.16386_en-us_20e164d84bf82dc3\schtasks.exe.mui --a---- 81920 bytes [12:41 02/11/2006] [12:41 02/11/2006] AF2562177C3D209C6CDEC439084033C0
C:\Windows\winsxs\x86_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.0.6001.18000_en-us_231826d448e33e97\schtasks.exe.mui --a---- 81920 bytes [02:26 21/01/2008] [02:26 21/01/2008] 8D69998CA701223902C85197A626ADF6
C:\Windows\winsxs\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.0.6001.18000_none_8a3f7793b5565a80\schtasks.exe --a---- 151552 bytes [02:25 21/01/2008] [02:25 21/01/2008] 1F171553F1138DC0062A71A7D275055A
C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.0.6001.18000_none_15baa9b3f0d5e010\Taskbar.admx --a---- 5755 bytes [12:36 02/11/2006] [12:36 02/11/2006] DCBADE1D94CE89C1C026335F2AAA4282
C:\Windows\winsxs\x86_microsoft-windows-t..atibility.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f7d298a04f21b9c2\taskcomp.dll.mui --a---- 13824 bytes [12:41 02/11/2006] [12:41 02/11/2006] 61182695EF0ADEEC44FCBB52078218BF
C:\Windows\winsxs\x86_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.0.6000.16386_none_d37d336e1eaadcc3\TaskSchdPS.dll --a---- 73216 bytes [08:40 02/11/2006] [09:46 02/11/2006] CDE36A70A5280FC0696E6E4363C4C71D
C:\Windows\winsxs\x86_microsoft-windows-t..duler-adm.resources_31bf3856ad364e35_6.0.6000.16386_en-us_dc08b79304fa1668\TaskScheduler.adml --a---- 7038 bytes [12:41 02/11/2006] [12:41 02/11/2006] 09BB6BBD535E6B16043D7DE703670523
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6001.18000_none_6894fbcadc3bb34f\taskcomp.dll --a---- 270336 bytes [02:25 21/01/2008] [02:25 21/01/2008] B7B37DE1C104E34053323CD8DD835E31
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6001.18551_none_685ff5f6dc634a1e\taskcomp.dll --a---- 270336 bytes [02:30 18/03/2012] [11:10 06/11/2010] E3923280E0D6E8A98925BA36E835CC73
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6001.22791_none_68be54f7f5a156d3\taskcomp.dll --a---- 270336 bytes [02:30 18/03/2012] [23:55 05/11/2010] 3D3E8F1A2316F8F99BAFAB9927DD3B09
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6002.18005_none_6a8074d6d95d7e9b\taskcomp.dll --a---- 270336 bytes [03:01 23/03/2012] [12:28 10/04/2009] 67ECC768ADB04591CBCF15783CB2A817
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6002.18342_none_6a5239fad98099cf\taskcomp.dll --a---- 270336 bytes [02:30 18/03/2012] [18:55 04/11/2010] 2A6A2C09ECC2CB495628E45F1379ECE8
C:\Windows\winsxs\x86_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.0.6002.22519_none_6b034a75f27f944e\taskcomp.dll --a---- 270336 bytes [02:30 18/03/2012] [00:43 05/11/2010] FAA876CE74D84BF6D04F13C3D2D8E40A
C:\Windows\winsxs\x86_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.0.6000.16386_en-us_bdc56e47d1ef819d\taskschd.dll.mui --a---- 3072 bytes [12:41 02/11/2006] [12:41 02/11/2006] D6C9DCD09590843D7E6C1B834940B786
C:\Windows\winsxs\x86_microsoft-windows-t..er-engine.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b505853863afa4aa\TaskEng.exe.mui --a---- 3072 bytes [12:41 02/11/2006] [12:41 02/11/2006] B292CE197E3FB36269F8873EAF5B3EA7
C:\Windows\winsxs\x86_microsoft-windows-t..ompatibility-client_31bf3856ad364e35_6.0.6001.18000_none_5e0827ff6444d767\mstask.dll --a---- 206336 bytes [02:24 21/01/2008] [02:24 21/01/2008] 73FD66B14D3C4252F7A524B8836A4359
C:\Windows\winsxs\x86_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3e1efc23abb9b456\mstask.dll.mui --a---- 53248 bytes [12:41 02/11/2006] [12:41 02/11/2006] 73F4BDA086EA8D974BA0793533E5ADA0
C:\Windows\winsxs\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe1202d2215002e2\taskkill.exe.mui --a---- 16384 bytes [12:40 02/11/2006] [12:40 02/11/2006] 92BBC74D1482C44F8CA4D443409F3578
C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.0.6001.18000_none_257dff055c108bff\taskkill.exe --a---- 78848 bytes [02:24 21/01/2008] [02:24 21/01/2008] A643C0DED02A2B3F7D195C115B953648
C:\Windows\winsxs\x86_microsoft-windows-tasklist.resources_31bf3856ad364e35_6.0.6000.16386_en-us_be562c3236d32330\tasklist.exe.mui --a---- 15360 bytes [12:40 02/11/2006] [12:40 02/11/2006] CF89B7621E62939BD1C4D2F100CF8080
C:\Windows\winsxs\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.0.6001.18000_none_284332315a51a48f\tasklist.exe --a---- 80896 bytes [02:24 21/01/2008] [02:24 21/01/2008] 11941F4F7FA19BE171C765E2571EF8F4
C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d4a55056622813a6\taskmgr.exe.mui --a---- 40960 bytes [12:41 02/11/2006] [12:41 02/11/2006] 5C682D66A0883A83A1A7EF7A674B7DF9
C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6001.18000_none_14622f2da933f0c7\taskmgr.exe --a---- 163840 bytes [02:25 21/01/2008] [02:25 21/01/2008] EF8AE178FAE3C5F97E383753EB1DF3BA
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-adm_31bf3856ad364e35_6.0.6000.16386_none_a91b661cc339ff63\TaskScheduler.admx --a---- 5520 bytes [12:36 02/11/2006] [12:36 02/11/2006] 81F5D01FCC855EAA4E2195A41354CF43
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.18000_none_43fa48149e4fe190\taskschd.dll --a---- 357376 bytes [02:24 21/01/2008] [02:24 21/01/2008] 91AE45DB00566801659F44AE5CE5E510
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.18551_none_43c542409e77785f\taskschd.dll --a---- 357376 bytes [02:30 18/03/2012] [11:10 06/11/2010] F315E8A8517EBFA13ECD16011FB0A03B
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.22791_none_4423a141b7b58514\taskschd.dll --a---- 357376 bytes [02:30 18/03/2012] [23:55 05/11/2010] 7ABE34C04FB1BEF106AD946BB9EA5418
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6002.18342_none_45b786449b94c810\taskschd.dll --a---- 352768 bytes [02:30 18/03/2012] [18:55 04/11/2010] 52E129522C1775DBB8CC252E7A0655C7
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6002.22519_none_466896bfb493c28f\taskschd.dll --a---- 352768 bytes [02:30 18/03/2012] [00:43 05/11/2010] DA9E8124CF3DE98BFF37C16B43FB80A7
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57\taskeng.exe --a---- 169472 bytes [02:25 21/01/2008] [02:25 21/01/2008] 5F109032CE46B7184ED9E50F9FE8489E
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426\taskeng.exe --a---- 171520 bytes [02:30 18/03/2012] [00:53 05/11/2010] EAFB5897AC9CD84890171AC38862320F
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db\taskeng.exe --a---- 171520 bytes [02:30 18/03/2012] [13:43 05/11/2010] 110B5E5AFA79DD8A45A2F6ED738469B9
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3\taskeng.exe --a---- 169984 bytes [03:01 23/03/2012] [12:28 10/04/2009] E5BBFC283D6F5D69B41E464676361020
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7\taskeng.exe --a---- 171520 bytes [02:30 18/03/2012] [16:34 04/11/2010] 3D50C4B10352367D5CB20ED1F50F8DA2
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56\taskeng.exe --a---- 171520 bytes [02:30 18/03/2012] [22:15 04/11/2010] 9AF3E523E39FD8C10EDFA3ABA702DC9B
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56\TaskEng.mof --a---- 2254 bytes [08:41 02/11/2006] [21:37 18/09/2006] DDCE230AA3FF9F84D0BAC2A10C243B7E
C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16386_none_7cb5f1a54218d4bd\Microsoft.Common.Tasks --a---- 6676 bytes [06:34 02/11/2006] [21:32 18/09/2006] 63BDA7CED20F054BB3B431B75C3D9D2B
C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\Microsoft.Common.Tasks --a---- 6838 bytes [02:24 21/01/2008] [02:24 21/01/2008] 54A4EA347F2C2D5C3E10F7CC6D689600
C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\Microsoft.Common.Tasks --a---- 6838 bytes [02:24 21/01/2008] [02:24 21/01/2008] 54A4EA347F2C2D5C3E10F7CC6D689600
C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18000_none_7c8a736142707d89\Microsoft.Common.Tasks --a---- 6838 bytes [02:24 21/01/2008] [02:24 21/01/2008] 54A4EA347F2C2D5C3E10F7CC6D689600
C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\Microsoft.Common.Tasks --a---- 6838 bytes [02:24 21/01/2008] [02:24 21/01/2008] 54A4EA347F2C2D5C3E10F7CC6D689600
C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\Microsoft.Common.Tasks --a---- 6838 bytes [02:24 21/01/2008] [02:24 21/01/2008] 54A4EA347F2C2D5C3E10F7CC6D689600
C:\Windows\winsxs\x86_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67b5f315375cb0d5\taskscheduler.CHM --a---- 64319 bytes [12:41 02/11/2006] [12:41 02/11/2006] BDB5A47533CDA7FE7AA021130E8CC407
C:\Windows\winsxs\x86_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.0.6001.18000_en-us_69ecb5113447c1a9\taskscheduler.CHM --a---- 64981 bytes [08:31 21/01/2008] [08:31 21/01/2008] FD8EE8EEFFEE46E4323307058B62430F
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f136490a30ccb23d\taskschd.msc --a---- 145059 bytes [12:40 02/11/2006] [12:40 02/11/2006] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\winsxs\x86_taskschedulersettings_31bf3856ad364e35_6.0.6000.16386_none_48b441ce0771d3b2\taskschd.msc --a---- 145059 bytes [07:15 02/11/2006] [21:37 18/09/2006] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_4e2f046e504dbf2f\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:18 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_4e73c089699fa143\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:12 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_500d3ede4d7b8841\PresentationBuildTasks.dll --a---- 602112 bytes [02:25 21/01/2008] [02:25 21/01/2008] 9BE99355DB9109B435B4AED740C19ECE
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_4fb1f14e4dbf1bc4\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:14 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_509edfdf6691efea\PresentationBuildTasks.dll --a---- 598016 bytes [05:48 18/03/2012] [01:13 20/06/2008] C34FD20C39AA42A92CBF416078F1D5FD
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_51f8b7ea4a9d538d\PresentationBuildTasks.dll --a---- 598016 bytes [03:02 23/03/2012] [00:39 18/02/2009] D8EC761B23A596323DA009E0EF0B582F

mjd59

2012-07-08, 12:16

Searching for "*alot* "
C:\Users\adm\AppData\Roaming\Microsoft\Windows\Recent\alotserviceruntime.lnk --a---- 507 bytes [08:39 11/06/2012] [08:39 11/06/2012] 63A4D1C5F7EC423AF3815F530AF77FC5
C:\Users\suzi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.alotimg.com_0.localstorage --a---- 7168 bytes [09:44 09/06/2012] [18:56 09/06/2012] 3AA2D1B908719969EFE03C9863EE81D2
C:\Users\suzi\AppData\Roaming\Microsoft\Windows\Recent\alotserviceruntime.lnk --a---- 507 bytes [09:32 07/06/2012] [08:32 09/06/2012] 63A4D1C5F7EC423AF3815F530AF77FC5

========== folderfind ==========

Searching for "*Ask* "
C:\Program Files\Spiceworks\pkg\gems\mail-2.2.15\lib\tasks d------ [05:43 23/06/2012]
C:\Program Files\Spiceworks\pkg\gems\rails-2.3.8\lib\tasks d------ [05:43 23/06/2012]
C:\Program Files\Spiceworks\pkg\gems\spiceworks_lib-5.3.75941\scheduler_tasks d------ [05:43 23/06/2012]
C:\Program Files\Spiceworks\pkg\gems\spiceworks_plugins-5.3.75941\recommendations\lib\tasks d------ [05:43 23/06/2012]
C:\Users\adm\AppData\Local\Microsoft\TaskSchedulerConfig d------ [06:05 26/05/2012]
C:\Users\adm\AppData\Local\VirtualStore\Program Files\Ask.com d------ [07:41 03/06/2012]
C:\Users\admin\AppData\LocalLow\AskToolbar d------ [11:37 06/06/2012]
C:\Users\admin\Pictures\admin\AppData\LocalLow\AskToolbar d------ [10:39 11/06/2012]
C:\Users\mic\AppData\LocalLow\AskToolbar d------ [12:18 18/06/2012]
C:\Users\mick\AppData\LocalLow\AskToolbar d------ [04:40 07/06/2012]
C:\Users\suzi\AppData\LocalLow\AskToolbar d------ [02:21 05/06/2012]
C:\Windows\Tasks d------ [11:18 02/11/2006]
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks dr----- [11:18 02/11/2006]
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5 d------ [05:53 18/03/2012]
C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks dr----- [12:37 02/11/2006]
C:\Windows\assembly\GAC_MSIL\TaskScheduler dr----- [11:18 02/11/2006]
C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources dr----- [12:42 02/11/2006]
C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler d------ [17:30 24/03/2012]
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419 d------ [19:07 21/03/2012]
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c d------ [19:07 21/03/2012]
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3 d------ [19:07 21/03/2012]
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404 d------ [19:07 21/03/2012]
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_51f8b7ea4a9d538d d------ [19:07 21/03/2012]
C:\Windows\System32\Tasks d------ [11:18 02/11/2006]
C:\Windows\System32\Tasks\Event Viewer Tasks d------ [07:38 07/06/2012]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16386_none_9d8c9b288cd78739 d------ [11:18 02/11/2006]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16720_none_9d87218c8cdc56ad d------ [05:47 18/03/2012]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.20883_none_86bf3830a67e9ba0 d------ [05:47 18/03/2012]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18000_none_9d611ce48d2f3005 d------ [02:24 21/01/2008]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18111_none_9d6206428d2e634e d------ [05:47 18/03/2012]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.22230_none_869676dea6d3dc61 d------ [05:47 18/03/2012]
C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419 d------ [03:07 23/03/2012]
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_9a4242103b6a941e d------ [05:51 18/03/2012]
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_9a86fe2b54bc7632 d------ [05:51 18/03/2012]
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_9c207c8038985d30 d------ [02:25 21/01/2008]
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_9bc52ef038dbf0b3 d------ [05:50 18/03/2012]
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_9cb21d8151aec4d9 d------ [05:50 18/03/2012]
C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c d------ [03:07 23/03/2012]
C:\Windows\winsxs\msil_taskscheduler.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1fd265e19db434c5 d------ [12:41 02/11/2006]
C:\Windows\winsxs\msil_taskscheduler_31bf3856ad364e35_6.0.6001.18000_none_14fd1dd83f56d37e d------ [02:24 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.0.6000.16386_en-us_20e164d84bf82dc3 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.0.6001.18000_en-us_231826d448e33e97 d------ [02:26 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.0.6001.18000_none_8a3f7793b5565a80 d------ [02:25 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe1202d2215002e2 d------ [12:40 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.0.6001.18000_none_257dff055c108bff d------ [02:24 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-tasklist.resources_31bf3856ad364e35_6.0.6000.16386_en-us_be562c3236d32330 d------ [12:40 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.0.6001.18000_none_284332315a51a48f d------ [02:24 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d4a55056622813a6 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6001.18000_none_14622f2da933f0c7 d------ [02:25 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-adm_31bf3856ad364e35_6.0.6000.16386_none_a91b661cc339ff63 d------ [12:36 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.18000_none_43fa48149e4fe190 d------ [02:24 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.18551_none_43c542409e77785f d------ [06:00 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6001.22791_none_4423a141b7b58514 d------ [06:00 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6002.18342_none_45b786449b94c810 d------ [06:00 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.0.6002.22519_none_466896bfb493c28f d------ [06:00 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57 d------ [02:20 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426 d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3 d------ [18:43 21/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7 d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56 d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-proxy_31bf3856ad364e35_6.0.6000.16386_none_7b87175bbe5d3c57 d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6 d------ [02:09 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0 d------ [02:09 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8 d------ [02:20 21/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87 d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404 d------ [18:43 21/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38 d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7 d------ [02:21 18/03/2012]
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f136490a30ccb23d d------ [12:40 02/11/2006]
C:\Windows\winsxs\x86_taskschedulersettings_31bf3856ad364e35_6.0.6000.16386_none_48b441ce0771d3b2 d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_4e2f046e504dbf2f d------ [05:50 18/03/2012]
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_4e73c089699fa143 d------ [05:50 18/03/2012]
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_500d3ede4d7b8841 d------ [02:25 21/01/2008]
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_4fb1f14e4dbf1bc4 d------ [05:50 18/03/2012]
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_509edfdf6691efea d------ [05:50 18/03/2012]
C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_51f8b7ea4a9d538d d------ [03:07 23/03/2012]

Searching for "*alot* "
No folders found.

========== Regfind ==========

Searching for "Ask "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-43252"="This feature allows remote management of the local task scheduling service. (Uses RPC)"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-44251"="This feature allows remote management of Windows by exposing a set of manageable components in a set of classes defined by the Common Information Model (CIM) of the distributed management task force. (Uses DCOM)"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-33256"="Inbound rule for the Task Scheduler service to be remotely managed via RPC/TCP."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-33260"="Inbound rule for the RPCSS service to allow RPC/TCP traffic for the Task Scheduler service."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}]
@="MsCtfMonitor task handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E2E7C0-2343-407f-B947-7E132E791D3E}]
@="Task pane tree item callback object for sysdm.cpl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@="IE Background Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cbb5030-f2b2-4b38-8cbc-895cec57db03}]
@="Create 802.11 Ad hoc Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{148BD520-A2AB-11CE-B11F-00AA00530503}]
@="Scheduling Agent Task Object Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@="IE Shared Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34c219bd-85c1-4338-95e8-788a36901dc2}]
@="Configure Windows Portable Device Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D112E22-62B2-11D1-9FEF-00600832DB4A}]
@="MMCTask class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51653423-E62D-4FF7-894A-DABB2B8E21E2}]
@="CrawlStartPages Task Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55b70dec-4b3b-4e26-ae9c-9e8d131843a1}]
@="Microsoft Feeds Background Task Scheduling"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58fb76b9-ac85-4e55-ac04-427593b1d060}]
@="Certificate Services Client Task Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3800-BD81-11d0-A3A5-00C04FD706EC}]
@="Background Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}]
@="Shared Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071EC71-663B-4bc1-A1FA-B97F3B917C55}]
@="Create Dial-up Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071EC75-663B-4bc1-A1FA-B97F3B917C55}]
@="Create VPN Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071ECA0-663B-4bc1-A1FA-B97F3B917C55}]
@="Connect To Internet Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071ECB0-663B-4bc1-A1FA-B97F3B917C55}]
@="Connect To Work Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071ECD0-663B-4bc1-A1FA-B97F3B917C55}]
@="Connect To Bluetooth Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071ECE0-663B-4bc1-A1FA-B97F3B917C55}]
@="Connect To Network Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071ECF7-663B-4bc1-A1FA-B97F3B917C55}]
@="Task Launch Page Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{777BA815-2498-4875-933A-3067DE883070}]
@="XWizard LUA Task Stub Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{777BA81A-2498-4875-933A-3067DE883070}\VirtualServerObjects]
"{777BA815-2498-4875-933A-3067DE883070}"="XWizard LUA Task Stub"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{777BA8BD-2498-4875-933A-3067DE883070}]
@="Private XWizard Task Manager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{777BA8E5-2498-4875-933A-3067DE883070}]
@="Private XWizard Task Enumeration Manager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B5A12E8-0C60-4939-A046-11CF879B19FB}]
@="WlanDlg Get Key Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF27441E-CDCD-4659-AEBE-06F6E069714E}]
@="Screen Capture Filter Task Page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}]
@="AD RMS Rights Policy Template Management (Manual) Task Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03E8586-781E-49a1-8190-CE902D0B2CE7}]
@="Incoming Connections Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF2CF428-325B-48d3-8CA8-7633E36E5A32}]
@="AD RMS Rights Policy Template Management (Automated) Task Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db4f3fa7-5a08-4100-95de-b46df509b902}]
@="View Available Networks Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f09878a1-4652-4292-aa63-8c7d4fd7648f}]
@="Nap ITask Handler Implementation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{cb94e592-2e0e-4a6c-a336-b89a6dc1e388}]
@="IAzTask interface"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JobObject]
@="Task Scheduler Task Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MMCTask.MMCTask]
@="MMCTask class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MMCTask.MMCTask.1]
@="MMCTask class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WPD.WindowsPortableDeviceTask]
@="Configure Windows Portable Device Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WPD.WindowsPortableDeviceTask.1]
@="Configure Windows Portable Device Task Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\SessionManager\Apps\{56b994a7-380f-410b-9985-c809d78c1bdc}]
"Name"="Ask for RemoteAssistance"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{476e6448-aaff-11d0-b944-00c04fd8d5b0}\Extensions\NameSpace]
"FX:{c7b8fb07-bfe1-4c2e-9217-7a69a95bbac4}"="Task Scheduler Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{BD1C2544-CF5B-4640-B83E-A5B71AAE2E4A}\Extensions\NameSpace]
"FX:{c7b8fb07-bfe1-4c2e-9217-7a69a95bbac4}"="Task Scheduler Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}]
"NameString"="Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}]
"Description"="Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb07-bfe1-4c2e-9217-7a69a95bbac4}]
"NameString"="Task Scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb07-bfe1-4c2e-9217-7a69a95bbac4}]
"Description"="Task Scheduler Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RendezvousApps\{56b994a7-380f-410b-9985-c809d78c1bdc}]
"Name"="Ask for RemoteAssistance"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{7071EC77-663B-4BC1-A1FA-B97F3B917C55}]
@="Connect to the Internet Task Launch Page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{7071ECA8-663B-4BC1-A1FA-B97F3B917C55}\Parents\{7071EC77-663B-4BC1-A1FA-B97F3B917C55}]
@="Connect to the Internet Task Launch Page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{7071ECAF-663B-4BC1-A1FA-B97F3B917C55}\Parents\{7071EC77-663B-4BC1-A1FA-B97F3B917C55}]
@="Connect to the Internet Task Launch Page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{7071ECF7-663B-4BC1-A1FA-B97F3B917C55}]
@="Task Launch Control Page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Factory\{7071EC77-663B-4BC1-A1FA-B97F3B917C55}]
@="Connect to the Internet Task Launch Page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Mail\Advanced Settings\Contact Conversion\Ask]
"Text"="Ask me each time"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-43252"="This feature allows remote management of the local task scheduling service. (Uses RPC)"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-44251"="This feature allows remote management of Windows by exposing a set of manageable components in a set of classes defined by the Common Information Model (CIM) of the distributed management task force. (Uses DCOM)"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-33256"="Inbound rule for the Task Scheduler service to be remotely managed via RPC/TCP."
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-33260"="Inbound rule for the RPCSS service to allow RPC/TCP traffic for the Task Scheduler service."
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-43252"="This feature allows remote management of the local task scheduling service. (Uses RPC)"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-44251"="This feature allows remote management of Windows by exposing a set of manageable components in a set of classes defined by the Common Information Model (CIM) of the distributed management task force. (Uses DCOM)"
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-33256"="Inbound rule for the Task Scheduler service to be remotely managed via RPC/TCP."
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@FirewallAPI.dll,-33260"="Inbound rule for the RPCSS service to allow RPC/TCP traffic for the Task Scheduler service."
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"

Searching for "alot"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\balotierra.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\balotierra.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\balotierra.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
"DllName"="alotBHO.dll;alotBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
"DllName"="alot.dll;alot.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\balotierra.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\balotierra.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\balotierra.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\balotierra.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\balotierra.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\balotierra.com]
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\balotierra.com]
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\balotierra.com]
[HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\balotierra.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\balotierra.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\balotierra.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\balotierra.com]

-= EOF =-

they seems to be a lot of it on here . my lap top started to run right but over 24 hours has returned to be unable to connect to internet , just thought i would let you know . also i have had to put a space after the network key for wireless , dont know if that means anythi ng
or if i misstakenly hit space when configering it

thanks
had to post in two parts

ken545

2012-07-08, 13:16

Not sure whats going on with your internet connection, do you access the internet though a router ?

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]

:Files
ipconfig /flushdns /c
C:\Users\adm\AppData\Local\VirtualStore\Program Files\Ask.com
C:\Users\adm\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RJKUV6D\au.ask[1].xml
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\1D2MMNF5\au.ask[1].xml
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
C:\Users\admin\AppData\LocalLow\AskToolbar
C:\Users\mic\AppData\LocalLow\AskToolbar
C:\Users\mick\AppData\LocalLow\AskToolbar
C:\Users\suzi\AppData\LocalLow\AskToolbar
c:\program files\Ask.com

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

mjd59

2012-07-09, 11:46

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-486152668-397904260-1212551728-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
C:\Users\adm\AppData\Local\VirtualStore\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Users\adm\AppData\Local\VirtualStore\Program Files\Ask.com\assets folder moved successfully.
C:\Users\adm\AppData\Local\VirtualStore\Program Files\Ask.com folder moved successfully.
C:\Users\adm\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RJKUV6D\au.ask[1].xml moved successfully.
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\1D2MMNF5\au.ask[1].xml moved successfully.
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico moved successfully.
C:\Users\adm\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml moved successfully.
C:\Users\admin\AppData\LocalLow\AskToolbar\APNU folder moved successfully.
C:\Users\admin\AppData\LocalLow\AskToolbar folder moved successfully.
C:\Users\mic\AppData\LocalLow\AskToolbar folder moved successfully.
C:\Users\mick\AppData\LocalLow\AskToolbar\APNU folder moved successfully.
C:\Users\mick\AppData\LocalLow\AskToolbar folder moved successfully.
C:\Users\suzi\AppData\LocalLow\AskToolbar\APNU folder moved successfully.
C:\Users\suzi\AppData\LocalLow\AskToolbar folder moved successfully.
File\Folder c:\program files\Ask.com not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: adm
->Temp folder emptied: 196339 bytes
->Temporary Internet Files folder emptied: 33329 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 70083 bytes
->Temporary Internet Files folder emptied: 187625910 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 882 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mic
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mick
->Temp folder emptied: 33717 bytes
->Temporary Internet Files folder emptied: 33329 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: suzi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18982 bytes
RecycleBin emptied: 18143078 bytes

Total Files Cleaned = 197.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07092012_193415

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\REG87E.tmp moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XHITI31\showthread[1].htm moved successfully.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Administrator\AppData\Local\Temp\REG87E.tmp not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XHITI31\showthread[1].htm not found!
[2012/07/03 17:46:16 | 000,000,000 | ---- | M] () C:\Windows\temp\atchksrv.log : Unable to obtain MD5

Registry entries deleted on Reboot...

yes i am using a netgear router which seam to change settings at will !!!!!

mjd59

2012-07-09, 13:14

i have just ran a root analizer from s&d 2 and thought you may like to see the results

/ copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Users\suzi\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\adm\Documents\Scanned Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\adm\Documents\Scanned Documents\invoice acl.JPG:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\adm\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20120412-0001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"

ken545

2012-07-09, 13:22

There fine, still having problems accessing the internet ?

You may want to reset your router, you can do that by pressing and holding the little button on the back of the router for 10 seconds or so and this will bring your router back to defaults, then you will have to use your disk that came with it and reconfigure your connection