Jump to content

redjack99

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. one more question I just attempted to run the OTL cleanup, and it didn't really seem to remove any of the files or programs that you had me download. It did remove the OTL program, though. But I still have aswMBR, RSITx65...etc on my desktop Should I just now go in and uninstall all of those programs individually?
  2. Thanks for all of your help. Here is the results of OTL: ========== FILES ========== C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully. C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe moved successfully. C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta moved successfully. C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta moved successfully. C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta moved successfully. File\Folder C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe not found. OTL by OldTimer - Version 3.2.39.1 log created on 03182012_130156 It couldn't find the last file, but did not ask me to reboot. Not sure if that is an issue or something lingering to be concerned about? I'll begin the cleanup process you reference and the steps to protect myself in the future. Thanks again for all of your efforts and time.
  3. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=333d0e57897ef54d8bd2a3956fc25ecd # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-18 06:44:01 # local_time=2012-03-18 11:44:01 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776574 100 56 15847621 168689131 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=312582 # found=7 # cleaned=0 # scan_time=5816 C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\extensions\{7a1c9476-a882-49b9-a94c-1cb91100b1d7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.18.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 H :: H-PC [administrator] 3/18/2012 11:48:23 AM mbam-log-2012-03-18 (11-48-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191485 Time elapsed: 4 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.31 Windows Vista x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 31 Adobe Reader X (10.1.2) Mozilla Firefox (11.0.) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log````````````
  4. Well, the full MSE scan only 5 the 5 trojans from the ComboFix quarantined file...They are Win64/Alureon.gen!F Win32/Alureon.gen!AD Win64/Alureon.gen!J Win32/Orsam!rts Win32/Alureon.FK And, I'm sorry, but I don't see an option to attach a file. I found the ComboFix file, but can you tell me how to attach it?
  5. + 2012-02-15 10:34 . 2012-02-15 10:34 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\33d0757ae05cf2701e0e0a650be1fd6f\Microsoft.Transactions.Bridge.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f602483681a340d774a3fb19e3f5faaf\Microsoft.PowerShell.Commands.Utility.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a8ca266acdc1120f6cbaf16bf1f5be12\Microsoft.PowerShell.GPowerShell.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\93a00009479393fb3dc23107fbd06613\Microsoft.PowerShell.Commands.Management.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\70876695a10b89775f51fd2033220260\Microsoft.PowerShell.Commands.Management.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\51e93fa5d3d932b5446137a795ca9c20\Microsoft.PowerShell.GPowerShell.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\4ee8d9de2acfeb69ef137dc0683adfab\Microsoft.PowerShell.Editor.ni.dll + 2012-01-12 10:09 . 2012-01-12 10:09 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23408f67b7fddc32d03fa6d8deeafcd7\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0c4f40ac6da2baed13644ab6360fd76c\Microsoft.PowerShell.Editor.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9df3f852b8583da755e4cb9a2f6a1842\Microsoft.MediaCenter.UI.ni.dll + 2012-01-12 10:09 . 2012-01-12 10:09 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3894a5164ae656639bed7f6270f97182\Microsoft.MediaCenter.UI.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\a42e9c2f3579a23f3fe9e6763e53ace3\Microsoft.JScript.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\0d63b26057e00a40a7cfdfb58d7593cd\Microsoft.JScript.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a10c7341ff111e139130e620d26d3a0a\Microsoft.Ink.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3045878874146498c9da9a6eed4be62b\Microsoft.Ink.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a122edc697aa66875d7ff60eb40d8227\Microsoft.Build.Tasks.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\82f74fab143033cd45fcd41b17ad022c\Microsoft.Build.Tasks.v3.5.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\72488f2c9eb8bf1a2dde5c3496d8522a\Microsoft.Build.Tasks.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\36b5545313b5fe7626a8f19a777fe4be\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\e01249a28f97e19d607b4d3695561775\Microsoft.Build.Engine.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ce277fc44040a06e7b22f2715d7a05bf\Microsoft.Build.Engine.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ac7f321c96e23b280451869622c3de29\Microsoft.Build.Engine.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\9fa4fecb821f6b383105ca9c998822ff\Microsoft.Build.Engine.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\cff7496ab1f3cc4bd4c5917a295052b3\ehRecObj.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\0430891c4fd63c2c2c57e8818837b8e9\ehRecObj.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 1984000 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\738c623aea8c89726fa53d742c8307ad\ehiVidCtl.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\98e0dc72b212c67832a3ab534793f196\ehiProxy.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\a0e13fcedfd3edbc2b31061df9e7103c\ehiPlay.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\d1517599f8ef900469465ef058a6e376\ehepg.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\51f89ed8312bfbd2e4b432063c6b94a5\ehepg.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\5764bf0f628c3005df47256066e1546e\UIAutomationClientsideProviders.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\42aab7622ac540a7f723746eb504b8bf\System.WorkflowServices.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\90830f08864867269d0d67ddc69e0c91\System.Workflow.Runtime.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ef2ac8fea39fff26760ecaa2b6a8a1e4\System.Workflow.ComponentModel.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a9e0a2d0092048b7cbdf047ac67a0a70\System.Workflow.Activities.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9e9b877233af4f943e1bba780b767edb\System.Web.Mobile.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\429a4d04621db0948decbf5ba1179099\System.Web.Extensions.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8c79bebe646434c3e598ccc2f81dfded\System.Speech.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\55fa3e9bbc83c786ece774b817e5aea9\System.ServiceModel.Web.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\bf625b2c81489c9f180244f24c905c6b\System.Printing.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\327db12a0bf01375d7984a1ebaae1e94\System.Management.Automation.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bca583078ddeedc872dd636e2ef62fc9\System.DirectoryServices.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4b20b4caec77caa9c2ecec32801d1f94\System.Data.SqlXml.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\acb2030c6bb75a2bd3bb93006a3a9850\System.Data.Services.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3e80c188333aed0aec65becc922c64cf\System.Data.OracleClient.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\41070ea901fdce7f37b6bc967aa64510\System.Data.Linq.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19b6aa7e9b2c27c7f73af48e0a02b20b\System.Data.Entity.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\30fe25ea2dd3b99aafe164fb198eed2e\System.Core.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb002fac5d128e82d1b8c77243ec017f\ReachFramework.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0efbdcfbf8a59e108caa1b96d07df18c\PresentationUI.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\54a4b03bb83da6e95ba6644c62a0d249\PresentationBuildTasks.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\771ae0bc781975352dca1e1930152a06\Narrator.ni.exe + 2012-02-15 10:39 . 2012-02-15 10:39 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\d3f65df6ca5307d1d9635503e26952c8\MMCEx.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\721eab22dc9448c3a84463ead0641e70\MIGUIControls.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6a5a1bc9e5ba685875280d484d8aeeba\Microsoft.Transactions.Bridge.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bfea2eb1264108a486d86a923bd62713\Microsoft.PowerShell.Editor.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7d430a20a2015ada714a72f098748fbc\Microsoft.PowerShell.GPowerShell.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4af36bc8b46bc6ae86b30c70e19779ce\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7650918339cfbde0e437441b28cb58d1\Microsoft.MediaCenter.UI.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\d7fff1d75940f513826f747729a3d10d\Microsoft.JScript.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\552f955312b006ea0c597e554b0768bc\Microsoft.Ink.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e17974befe435fb95ff9c9eba9e48a2b\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\07dafaf97513402d4bb1e9ed741025fb\Microsoft.Build.Tasks.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f7e039f4c9127e3fcb8cd4a7c1fd6bc6\Microsoft.Build.Engine.ni.dll + 2012-02-15 06:16 . 2011-11-01 11:23 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2010-10-08 10:01 . 2010-10-08 10:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2012-01-12 10:06 . 2012-01-12 10:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2012-01-11 14:02 . 2011-12-27 02:51 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2011-10-11 19:10 . 2011-07-08 11:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-06-15 14:13 . 2011-03-29 10:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-01-11 14:02 . 2011-12-27 02:51 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2011-06-15 14:13 . 2011-03-29 10:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2011-10-11 19:10 . 2011-07-08 11:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-02-15 10:00 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll - 2006-11-02 12:33 . 2011-09-17 04:25 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat + 2006-11-02 12:33 . 2012-03-15 00:02 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat + 2012-02-15 10:00 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll + 2006-11-02 12:35 . 2012-03-14 10:00 56297240 c:\windows\system32\mrt.exe + 2012-02-29 23:18 . 2012-02-29 23:18 11350688 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll + 2012-02-15 10:00 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll + 2010-10-25 04:24 . 2012-03-16 20:02 14586588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-809377086-3892647188-450367023-1000-12288.dat + 2011-10-11 19:10 . 2011-07-08 11:52 10020688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll + 2011-09-16 01:37 . 2011-09-16 01:37 38176256 c:\windows\Installer\d3356fb.msp + 2011-09-16 01:37 . 2011-09-16 01:37 37148160 c:\windows\Installer\d3356de.msp + 2011-07-12 00:33 . 2011-07-12 00:33 23254016 c:\windows\Installer\5110b81.msp + 2012-02-16 10:00 . 2012-02-16 10:00 20333056 c:\windows\Installer\50f768b.msp + 2011-10-12 10:07 . 2011-10-12 10:07 20333568 c:\windows\Installer\2adb252b.msp + 2011-11-22 07:42 . 2011-11-22 07:42 33189888 c:\windows\Installer\18c3fe9.msp + 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\11a8de5d.msp + 2011-08-04 02:53 . 2011-08-04 02:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL + 2012-03-13 10:05 . 2012-03-13 10:05 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll + 2012-03-13 10:09 . 2012-03-13 10:09 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll + 2012-03-13 10:05 . 2012-03-13 10:05 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll + 2012-03-13 10:05 . 2012-03-13 10:05 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll + 2011-10-12 10:27 . 2011-10-12 10:27 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\f12d03e6dad70f35e012254871553713\System.ni.dll + 2012-02-15 10:27 . 2012-02-15 10:27 10603008 c:\windows\assembly\NativeImages_v2.0.50727_64\System\9c5a20ad9bca08482932ce1b66e020b7\System.ni.dll + 2012-02-15 10:30 . 2012-02-15 10:30 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ccc446f5c5936c2704b3ab8a815a8735\System.Windows.Forms.ni.dll + 2011-10-12 10:29 . 2011-10-12 10:29 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\5cb03828bc75159bc60c7ba3b192f63d\System.Windows.Forms.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\6a969719f2356dcb2ad153c50580f017\System.Web.ni.dll + 2012-01-12 10:08 . 2012-01-12 10:08 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\0a2ea7a9a9d9fd9ae47468adbdee2e05\System.Web.ni.dll + 2012-01-12 10:09 . 2012-01-12 10:09 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\efc60b11b649ed506c64172b3373f936\System.ServiceModel.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\dee3b7b085bb4d8d12fbc10e0c1e7d77\System.ServiceModel.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\f20cd853902d31f596cb77e1fb0a5011\System.Management.Automation.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\903f8ff578c0a5f39df8f827c60b6534\System.Management.Automation.ni.dll + 2012-01-12 10:05 . 2012-01-12 10:05 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\c41b930b44ddfaef2faf314f690bb35e\System.Design.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\9624fa95cbda77d9a5a9ff6f48f31ca9\System.Design.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\b07702051c0a4be42cb0458ba4cc9869\System.Data.Entity.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\0359dddfa810980ea79ff603f8977974\System.Data.Entity.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9571673404921b0e6a53a4d1d00891a2\PresentationFramework.ni.dll + 2012-02-15 10:28 . 2012-02-15 10:28 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7c3a6bfde371b3a5933286f61482ba39\PresentationFramework.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\6cc39b5515d14c1670b7a1a47b947420\PresentationCore.ni.dll + 2012-02-15 10:28 . 2012-02-15 10:28 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0f625fbf49e2b82e827e7fbf514a3473\PresentationCore.ni.dll + 2011-10-12 10:27 . 2011-10-12 10:27 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\897e1f6e4749dcdf03064150aa556c8c\mscorlib.ni.dll + 2012-01-12 10:09 . 2012-01-12 10:09 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\b8a06c151452395f513aaa5d730fb5a4\ehshell.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\685df08aebcc133240f869b141c08c33\ehshell.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\77f15f1c4c6266eaac33f0396a04e28e\System.Design.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll + 2011-10-12 10:26 . 2011-10-12 10:26 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-4 113664] Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 22:40] . 2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 22:40] . 2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264] "SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mLocal Page = c:\windows\system32\blank.htm TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2012-03-16 13:16:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-16 20:16 ComboFix2.txt 2011-09-20 00:54 . Pre-Run: 284,586,586,112 bytes free Post-Run: 287,803,613,184 bytes free . - - End Of File - - 242CDCF42F77150E75C4B91CCD5DE84C
  6. + 2011-10-12 10:33 . 2011-10-12 10:33 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\eb2563ff14d1cea338648ac1feeafc1f\MSBuild.ni.exe + 2012-02-15 10:32 . 2012-02-15 10:32 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\be5f5567910588933ade41773ce4b42e\MSBuild.ni.exe + 2011-10-12 10:35 . 2011-10-12 10:35 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\f5e34def2ddaf9fbab2225e5a302d33f\MMCFxCommon.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\3e266abc08cced266b819ff005fcbd4c\MMCFxCommon.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\c531aae4cac7e3f1f3064a475e35789d\Microsoft.WSMan.Management.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\94f66b0665ea9b4b709b570e7c814fed\Microsoft.WSMan.Management.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\eb2adb1762038f5a21d84fb5b88296be\Microsoft.Vsa.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0e11d1b7322a3ccdcf4f62122608d657\Microsoft.Vsa.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\d7f54f624ab86ec9e05192cbe28a8532\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\39be58c468f0bf887a7548a6388cf419\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec5a27a580cc2bf11095f4734768280c\Microsoft.PowerShell.Commands.Diagnostics.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\dbe26a57513f494efe75b3188cf366b4\Microsoft.PowerShell.Security.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d1d9afd53ef03252bb4407613ab11a1d\Microsoft.PowerShell.Security.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\bf181ea99e6aa101d6d6fcb21fb851ed\Microsoft.PowerShell.GraphicalHost.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b6894931958aa9710883b74c252ed514\Microsoft.PowerShell.Commands.Diagnostics.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a097fc0285187f39c11115f78eef26af\Microsoft.PowerShell.ConsoleHost.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6fe53936c7ac3038d715852058cf0f56\Microsoft.PowerShell.ConsoleHost.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5b8c3d452ccb8e38475c4d5ae06d3479\Microsoft.PowerShell.GraphicalHost.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e4b446852f196438818c0ce9e68605e8\Microsoft.MediaCenter.Shell.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c981dc80ad13bec94aa54b8fb28b9b86\Microsoft.MediaCenter.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9cd63300be3a34c0f37e141403dd4d02\Microsoft.MediaCenter.Sports.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f759c116baecccd3042cbbd68f3aa2f\Microsoft.MediaCenter.Shell.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\513e938deeda74a2e1a9a54e22bb8979\Microsoft.MediaCenter.Sports.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\0cb9b0e9f02f16b01a2a0ee80b9abd0b\Microsoft.MediaCenter.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\f7e21685d37f5c19150bf300eda5f3d0\Microsoft.ManagementConsole.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\3de8add426da03a3b88c5a35d9d60855\Microsoft.ManagementConsole.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\ca8b9b67ac083de32eaea45d219c2a67\Microsoft.Build.Utilities.v3.5.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\b23eceb3a5e8db89f107bdc02ab6cda9\Microsoft.Build.Utilities.v3.5.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\7bd112d24e684e5602907515d47f3c01\Microsoft.Build.Utilities.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\1a43bbc417d8f56c5fd3d828bdca0c75\Microsoft.Build.Utilities.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\96c6b81949f7e09457d21c1591996471\Microsoft.Build.Framework.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\592acc376f9c89d56f0c781289b42805\Microsoft.Build.Framework.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\d4aed105d188ae1bfd6ed294f7c0eef6\Microsoft.Build.Conversion.v3.5.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\3810a73c2a98b2e6979105d927d2edb8\Microsoft.Build.Conversion.v3.5.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\b4408b2b679ab322d62671236b10b1fb\Mcx2Dvcs.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\8724bb8184276f3d4fe41218ebf5f91a\Mcx2Dvcs.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\a5b8d0055fe7295ae8dc4b9f2d184de0\mcupdate.ni.exe + 2011-10-12 10:35 . 2011-10-12 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\1c4decc241e2a8c8ee713733948d8086\mcupdate.ni.exe + 2012-02-15 10:34 . 2012-02-15 10:34 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\dfce0fb190090fc1f2dd19b400851311\mcstoredb.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\29eb48280c132b50756e460f2d5b9811\mcstoredb.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\ec19ffc4d09fd44d51e071378f5e7a9b\mcstore.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\2a18d543282212deac79ff3c4f47ec43\mcstore.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\2d6522135d6e690fa2615eb9aecfe540\loadmxf.ni.exe + 2011-10-12 10:35 . 2011-10-12 10:35 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\23bb4c93c638296182a538f3461c455b\loadmxf.ni.exe + 2012-02-15 10:34 . 2012-02-15 10:34 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\aa6adee5f25cd729135acb77410372cd\EventViewer.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\1fbfd420e2a2d97c24c80ac7cc8392c6\EventViewer.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\eacfe9b74df294dc175cb2c85aece537\ehiWUapi.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\29283480f471139af1c4a6fd3b59b205\ehiwmp.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\16440d92821e195feb65203904210d75\ehiUserXp.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\2e9bb1ae3de00a2678978386f6f73de9\ehiReplay.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\638557ed53ca8211c123007bdc3dc548\ehiExtens.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2097683a9fd71551cf96f98efaab805f\ehExtHost.ni.exe + 2011-10-12 10:35 . 2011-10-12 10:35 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\0bc1a19c1cb03723ef685b5917e74903\ehExtHost.ni.exe + 2012-02-15 10:34 . 2012-02-15 10:34 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\e0bec615bbe96a8a509ab0d536201ce3\ehepgdat.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\9fba8fc4c06bfe3d9a87d2035fa7b156\ehepgdat.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\f110989d6ed5a5dcf4ae4ea4e5020335\ehCIR.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\5d69d006137ed7704b7b7aa2d54f296e\ehCIR.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\3af5fbffd80931f39a49cb1dc5737e5e\CustomMarshalers.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\3f5faea5c8517449702312f28aa6a7bb\ComSvcConfig.ni.exe + 2012-02-15 10:32 . 2012-02-15 10:32 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\07306d61405dd95a1fee01c57eaa9a00\ComSvcConfig.ni.exe + 2012-02-15 10:32 . 2012-02-15 10:32 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\801dc71b80a1f1f78688f946fa40ef06\BDATunePIA.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\1049e555d490785eeb1e572a8c2c2637\BDATunePIA.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e8563c8160af362e96d497e6435f9b3d\WsatConfig.ni.exe + 2012-02-15 10:40 . 2012-02-15 10:40 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9a22784f4af63232128cbaa639e1852b\WindowsFormsIntegration.ni.dll + 2011-10-12 10:32 . 2011-10-12 10:32 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9e99520a2393f70ac01988896581bf7f\UIAutomationClient.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\999ef784434ec236757b4a7398763785\TaskScheduler.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\874aa7b98c4ebc7847d0e48b3849fc93\System.Xml.Linq.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\f61de6d2f8709d6cc93e714e9d10aa3c\System.Web.Routing.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\8a832795b4141222aeb6c82bbed830a5\System.Web.RegularExpressions.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\803283970c45b6ddf39a28cf7ae5d595\System.Web.Extensions.Design.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\87ea3e377880b16200b776a528d93f63\System.Web.Entity.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\6236d05437120962b9bd9e362998a718\System.Web.Entity.Design.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\5f5b0496a401de814417dc9eacb0dd6e\System.Web.DynamicData.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2cf07c7e75857217010fcb222e671191\System.Web.Abstractions.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0ac84704dce924c06b1913f7c75e6fde\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\978343c0c1e0010f3d1fb4608e27fd78\System.Net.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\fc2d7f986338caadb47cd725b4bc8d62\System.Messaging.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b1280401bb5f397382763b772fc62e3d\System.Management.Instrumentation.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0a1e63771844d9cd84d2bba17868fee3\System.IO.Log.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\0c0985a86f0aa0d6aafe90ccdb1ca856\System.IdentityModel.Selectors.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll + 2012-02-15 10:38 . 2012-02-15 10:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\c1348dd6bf6f9d037120ac438290ad1c\System.Drawing.Design.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c7907c63508c5cf4e47ed493f2b2bf3a\System.DirectoryServices.Protocols.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6ab1e2e9fd59b7381b15b9bd058a4706\System.DirectoryServices.AccountManagement.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\8687931c636c0d284abbce9911db81b7\System.Data.Services.Design.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\652b3235e6495973ff4c9c17fed8e529\System.Data.Services.Client.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\0692b2c63f2dcab3aa8c594b726c0210\System.Data.Entity.Design.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\78666e17c270fcfa9b36598400963577\System.Data.DataSetExtensions.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4eac2f7cb1c834955099131df846e157\System.Configuration.Install.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b96dcd3c7ee7b507dc89801b55edaf9e\System.AddIn.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\289d4e6d05fe5ca5f43330483fb0e549\sysglobl.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\446d3bde682c75d360b9741c2ed30f51\SMSvcHost.ni.exe + 2012-02-15 10:39 . 2012-02-15 10:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\fdbe1d8b1bb279e042cdcc1f8a7b6d2c\ServiceModelReg.ni.exe + 2012-02-15 10:31 . 2012-02-15 10:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dcd90ef8aff61786a94c097f30d9947d\PresentationFramework.Luna.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b864ec9d102833ef1fa33daa1e16466e\PresentationFramework.Classic.ni.dll + 2012-02-15 10:31 . 2012-02-15 10:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\69f6cb0fc6bc6ab87a9f1508c20f211d\PresentationFramework.Royale.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\302a17a6b2ce87bad45bef24ea4181fe\napsnap.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1413e5b9bf9341cc2d3ab7f5c877e782\napinit.ni.dll + 2011-10-12 10:32 . 2011-10-12 10:32 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\86024627ce245ddb4d6df1acad88b4c6\naphlpr.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\05f4ab404d811899c2e1755e01dc3eb0\MSBuild.ni.exe + 2012-02-15 10:39 . 2012-02-15 10:39 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\198ebc0688376cf34789828a00ccc4cc\MMCFxCommon.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\93989e793f3a083f7895ab1d59540126\Microsoft.WSMan.Management.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fa4b24a0327625473ca63733c4208eff\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f2cc66a5386dd5098a938b5a00970a23\Microsoft.PowerShell.ConsoleHost.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f1b69c37894f84ef4a070a00688615f3\Microsoft.PowerShell.Security.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bc25994e8258b77ffe86fb278efb66c8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a6e1a86b775abb8dd57a784ef7e73c4f\Microsoft.PowerShell.Commands.Management.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\336c27b9f4ef2dc2bf9068897501faff\Microsoft.PowerShell.GraphicalHost.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\07e3cc9e89d7d02ce64d1f7af425a73f\Microsoft.MediaCenter.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ffc57525fe80f9b7cda217700adaa8f5\Microsoft.ManagementConsole.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b0b6eb3598ea055202d7e8da4e7716e7\Microsoft.Build.Utilities.v3.5.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\01413d9fe40693f0c02615092e4338c9\Microsoft.Build.Utilities.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f065aeb58e21ff26f8f2d3be4d5f933\Microsoft.Build.Engine.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\4f7c9b0b6c66d7dd85f7c873cc77c8f7\Microsoft.Build.Conversion.v3.5.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\8dfba9717d7d59584769123e286c2ba9\EventViewer.ni.dll + 2011-10-12 10:31 . 2011-10-12 10:31 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\6c0adc1b359993851c9af87074f237d5\ehiExtens.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c35db08840537350fc9e65b9cefcff86\ehExtHost32.ni.exe + 2011-10-12 10:31 . 2011-10-12 10:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll + 2012-02-15 10:38 . 2012-02-15 10:38 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\95fcdaa68b7915044d8409e2a6f50547\ComSvcConfig.ni.exe + 2012-02-15 10:00 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll + 2012-02-15 10:00 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll + 2012-01-11 14:02 . 2011-10-25 15:58 1314816 c:\windows\SysWOW64\quartz.dll - 2010-02-09 21:17 . 2009-12-04 18:29 1314816 c:\windows\SysWOW64\quartz.dll + 2012-01-11 14:02 . 2011-11-18 20:55 1167984 c:\windows\SysWOW64\ntdll.dll + 2009-07-18 03:21 . 2012-02-29 23:18 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll + 2012-02-15 10:00 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll + 2012-02-15 10:00 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll + 2012-02-15 10:00 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll - 2011-03-23 10:53 . 2011-02-22 13:33 1068544 c:\windows\SysWOW64\DWrite.dll + 2012-03-14 05:22 . 2012-02-13 13:44 1068544 c:\windows\SysWOW64\DWrite.dll - 2011-02-10 04:17 . 2011-01-20 14:12 1172480 c:\windows\SysWOW64\d3d10warp.dll + 2012-03-14 05:22 . 2012-02-13 14:12 1172480 c:\windows\SysWOW64\d3d10warp.dll + 2012-02-15 10:00 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll + 2012-03-14 05:22 . 2012-02-02 15:34 2765824 c:\windows\system32\win32k.sys + 2012-02-15 10:00 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll + 2012-01-11 14:02 . 2011-10-25 16:13 1570816 c:\windows\system32\quartz.dll - 2010-02-09 21:17 . 2009-12-04 18:51 1570816 c:\windows\system32\quartz.dll + 2012-01-11 14:02 . 2011-11-18 20:55 1585152 c:\windows\system32\ntdll.dll - 2009-10-08 12:40 . 2009-06-15 15:11 1689600 c:\windows\system32\lsasrv.dll + 2012-01-11 14:02 . 2011-11-16 16:41 1689600 c:\windows\system32\lsasrv.dll + 2012-02-15 10:00 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll + 2012-02-15 10:00 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll + 2012-03-14 05:22 . 2012-02-13 14:03 1555968 c:\windows\system32\DWrite.dll - 2011-03-23 10:53 . 2011-02-22 13:53 1555968 c:\windows\system32\DWrite.dll + 2011-07-22 23:47 . 2011-07-22 23:47 1093632 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneDriver.dll + 2011-06-06 20:49 . 2011-06-06 20:49 2152176 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WUDFUpdate_01009.dll + 2011-06-06 20:49 . 2011-06-06 20:49 1721576 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WdfCoInstaller01009.dll + 2011-06-06 20:49 . 2011-06-06 20:49 1721576 c:\windows\system32\DriverStore\FileRepository\wmzuneserusb.inf_a8c8911e\WdfCoInstaller01009.dll - 2010-09-24 17:50 . 2010-09-24 17:50 1093632 c:\windows\system32\drivers\UMDF\ZuneDriver.dll + 2011-07-22 23:47 . 2011-07-22 23:47 1093632 c:\windows\system32\drivers\UMDF\ZuneDriver.dll + 2011-11-09 04:41 . 2011-09-20 21:06 1423744 c:\windows\system32\drivers\tcpip.sys - 2011-02-10 04:17 . 2011-01-20 14:37 2002944 c:\windows\system32\d3d10warp.dll + 2012-03-14 05:22 . 2012-02-13 14:38 2002944 c:\windows\system32\d3d10warp.dll + 2009-05-07 08:13 . 2012-03-16 20:02 1838096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-05-07 08:13 . 2011-09-20 00:46 1838096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll + 2011-11-22 06:57 . 2011-11-22 06:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll + 2011-11-22 06:57 . 2011-11-22 06:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll + 2011-11-22 06:57 . 2011-11-22 06:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll + 2011-11-22 06:57 . 2011-11-22 06:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll + 2012-01-11 14:02 . 2011-12-27 02:51 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll + 2012-02-15 06:16 . 2011-11-01 11:24 3186688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll + 2011-10-11 19:10 . 2011-07-08 11:52 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll - 2011-06-15 14:13 . 2011-03-29 10:52 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll + 2011-10-11 19:10 . 2011-07-08 11:52 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll - 2011-06-15 14:13 . 2011-03-29 10:52 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll + 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll + 2011-11-22 05:31 . 2011-11-22 05:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll + 2011-11-22 05:31 . 2011-11-22 05:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll + 2011-11-22 05:31 . 2011-11-22 05:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll + 2012-01-11 14:02 . 2011-12-27 02:51 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2012-02-15 06:16 . 2011-11-01 11:23 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2011-10-11 19:10 . 2011-07-08 11:53 5911888 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2011-06-15 14:13 . 2011-03-29 10:52 5911888 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2011-10-11 19:10 . 2011-07-08 11:53 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2011-06-15 14:13 . 2011-03-29 10:52 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2012-03-13 10:04 . 2012-03-13 10:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2011-09-18 10:10 . 2011-09-18 10:10 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2012-03-13 10:04 . 2012-03-13 10:04 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2011-09-18 10:10 . 2011-09-18 10:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-03-13 10:04 . 2012-03-13 10:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-03-13 10:04 . 2012-03-13 10:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2011-09-18 10:10 . 2011-09-18 10:10 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-03-13 10:04 . 2012-03-13 10:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2011-09-18 10:10 . 2011-09-18 10:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2011-09-18 10:10 . 2011-09-18 10:10 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2012-03-13 10:04 . 2012-03-13 10:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2012-03-13 10:04 . 2012-03-13 10:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2011-09-18 10:10 . 2011-09-18 10:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2012-03-13 10:04 . 2012-03-13 10:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2011-09-18 10:10 . 2011-09-18 10:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll + 2012-03-13 10:04 . 2012-03-13 10:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2011-09-18 10:10 . 2011-09-18 10:10 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll + 2012-03-13 10:04 . 2012-03-13 10:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll - 2011-09-18 10:10 . 2011-09-18 10:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll - 2011-09-18 10:10 . 2011-09-18 10:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll + 2012-03-13 10:04 . 2012-03-13 10:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll + 2012-03-13 10:04 . 2012-03-13 10:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll - 2011-09-18 10:10 . 2011-09-18 10:10 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-03-13 10:04 . 2012-03-13 10:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2011-09-18 10:10 . 2011-09-18 10:10 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2011-09-18 10:10 . 2011-09-18 10:10 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-03-13 10:04 . 2012-03-13 10:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-03-13 10:04 . 2012-03-13 10:04 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-09-18 10:10 . 2011-09-18 10:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-03-13 10:04 . 2012-03-13 10:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-03-13 10:03 . 2012-03-13 10:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2011-09-18 10:09 . 2011-09-18 10:09 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-03-13 10:04 . 2012-03-13 10:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2011-09-18 10:10 . 2011-09-18 10:10 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-03-13 10:03 . 2012-03-13 10:03 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2011-09-18 10:09 . 2011-09-18 10:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-03-13 10:03 . 2012-03-13 10:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-03-15 04:58 . 2012-03-15 14:20 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-205834-00000003-ffffffff.bin + 2012-03-15 02:09 . 2012-03-15 04:47 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-180900-00000003-ffffffff.bin + 2012-03-15 02:15 . 2012-03-01 22:21 8643640 c:\windows\Microsoft Antimalware\Definition Updates\{A3497196-6933-4B3F-8872-32B645E1FD33}\mpengine.dll + 2012-03-15 05:00 . 2012-03-01 22:21 8643640 c:\windows\Microsoft Antimalware\Definition Updates\{43D4610E-6251-4ABD-B764-AA7302EB7D88}\mpengine.dll + 2011-10-26 23:36 . 2011-10-26 23:36 2829312 c:\windows\Installer\75add71.msp + 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\3c150a28.msp + 2011-11-01 20:34 . 2011-11-01 20:34 2247168 c:\windows\Installer\3c150a1e.msp + 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\3c150a0c.msp + 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\3c150a02.msp + 2011-12-25 12:48 . 2011-12-25 12:48 1505792 c:\windows\Installer\132bb4d3.msp + 2011-12-26 13:24 . 2011-12-26 13:24 8835072 c:\windows\Installer\132bb4ca.msp + 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\11a8de5c.msp + 2011-12-13 07:10 . 2011-12-13 07:10 4703232 c:\windows\Installer\11a8de5b.msp + 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL + 2011-08-03 07:14 . 2011-08-03 07:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL + 2012-03-16 01:35 . 2012-03-16 01:35 5718016 c:\windows\ERDNT\3-15-2012\Users\00000002\UsrClass.dat + 2012-03-16 01:35 . 2012-03-16 01:35 2404352 c:\windows\ERDNT\3-15-2012\Users\00000001\ntuser.dat + 2012-03-13 10:09 . 2012-03-13 10:09 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll + 2012-03-13 10:05 . 2012-03-13 10:05 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b60e888b3b9e41d46dcbd34d9fae80d6\System.Web.Services.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ae0350a4319938f36788f102a46ae925\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll + 2011-11-18 19:44 . 2011-11-18 19:44 5658624 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\c6107471b8f6d6f2eb782cc788fe3a24\ZuneShell.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 5658624 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\38ec4a36a4ffdee31b203b7796954403\ZuneShell.ni.dll + 2011-11-18 19:44 . 2011-11-18 19:44 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\7e73466953b9f6f1ec36b16294bfeba3\ZuneDBApi.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\12d4412023b3deb586d10c5b8d1424a6\ZuneDBApi.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\38422ddfb88ccd3c565063035ebf3244\WindowsBase.ni.dll + 2012-02-15 10:28 . 2012-02-15 10:28 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\25872726936ed8841436a524593d63a1\WindowsBase.ni.dll + 2011-11-18 19:44 . 2011-11-18 19:44 6219776 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\9ad61b7eb1735a972e6136d17a42fd93\UIX.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 6219776 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\27438776ffb34d834b239f1197e0485a\UIX.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 2632192 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\88df8e0913ac5d1bc302d132010bc589\UIX.RenderApi.ni.dll + 2011-11-18 19:44 . 2011-11-18 19:44 2632192 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\15ef8e1c7b7d83e3764d58334c302cef\UIX.RenderApi.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\d1f22fe58e8a36168016110cca333f35\UIAutomationClientsideProviders.ni.dll + 2011-10-12 10:38 . 2011-10-12 10:38 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\7fa48da22e345b49d1f50bbaa5ffc39c\UIAutomationClientsideProviders.ni.dll + 2012-02-15 10:30 . 2012-02-15 10:30 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d83de90759ccad6d8dce7cdd16df798d\System.Xml.ni.dll + 2011-10-12 10:30 . 2011-10-12 10:30 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d444289d3cf8f139ec57cee71c59a4f9\System.Xml.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\feaffadaa3f97b0c4fb95523f7cae466\System.WorkflowServices.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\4223600dc6133441b1898abaf12031ca\System.WorkflowServices.ni.dll + 2012-01-12 10:06 . 2012-01-12 10:06 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\afbeeaf9c41f39886704cbf181b1feb2\System.Workflow.Runtime.ni.dll + 2012-02-15 10:30 . 2012-02-15 10:30 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\1388f6ea2b0480b586280f1c3398c20c\System.Workflow.Runtime.ni.dll + 2012-02-15 10:30 . 2012-02-15 10:30 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\c90eeca87d0cfad619845cb3f35a2606\System.Workflow.ComponentModel.ni.dll + 2012-01-12 10:06 . 2012-01-12 10:06 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ac5a3688b743358aa5b24b9efd971d9d\System.Workflow.ComponentModel.ni.dll + 2012-02-15 10:30 . 2012-02-15 10:30 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\566e7ad1d6e98704b926996e959957f0\System.Workflow.Activities.ni.dll + 2012-01-12 10:05 . 2012-01-12 10:05 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\007c8c2f4141fd472da7d3558efba598\System.Workflow.Activities.ni.dll + 2012-01-12 10:08 . 2012-01-12 10:08 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f3222dbcdeebd53ee1c3f88c9ebf6c94\System.Web.Services.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\202e1c4478bb2a6d6bda717039909f98\System.Web.Services.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\788637c2fe1980943722fdc30e14e54a\System.Web.Mobile.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\525e8846136415d472c2e7ba482ccd54\System.Web.Mobile.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cedfd9b90274b017d11ed50abe8634e8\System.Web.Extensions.Design.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c0d2bc2e2357ed023b85d18b96e21d60\System.Web.Extensions.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\0560ed537c7f0f8e894371a4e07d14a9\System.Web.Extensions.Design.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\03cd3539739848c8ab17c469cbd383d8\System.Web.Extensions.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\e0ad1fc372b77c63962d0ac7435c8ea7\System.Speech.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\170d1b4e12a2f95dafa23eaa6d688ae9\System.Speech.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\cb5200c2d67ebf37333bdd57a06e7a11\System.ServiceModel.Web.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\161e0c575e47b866c74fc9f67a218704\System.ServiceModel.Web.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0a2450bff855e1635f902a1dcead8aa4\System.Runtime.Serialization.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0923cf543f311891eeae4e5ce30ca46c\System.Runtime.Serialization.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\ff44b057a3140f227295d685d9a4875e\System.Runtime.Remoting.ni.dll + 2012-01-12 10:08 . 2012-01-12 10:08 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a0a442c47ac0b846bb886aa405a10138\System.Runtime.Remoting.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\c9a260f49f8d68c27828e886deed8c2a\System.Printing.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\65f0a2b25abe0096d6518638049783b5\System.Printing.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\bad8bf7c0cfe20ebaaec03f38dc02536\System.Management.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2ecec1b5620795b9330bb6fadbe5e319\System.Management.ni.dll + 2012-01-12 10:09 . 2012-01-12 10:09 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\74f5ddf803f50c428293fe6115d6eea7\System.IdentityModel.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\50b67e51c77e7563dc9c4c5d241621f8\System.IdentityModel.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1a90a8d222464221458d0ebef4ac8216\System.EnterpriseServices.ni.dll + 2011-10-12 10:29 . 2011-10-12 10:29 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\bb534aa272960f375bef0d75162b5249\System.Drawing.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1afaf284590c36dab0dd04900e831003\System.Drawing.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ed7fb15bcbe8f5feffe378ead395e7a5\System.DirectoryServices.AccountManagement.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d33cb141beadd31bbfacdaaa2a8c9eb0\System.DirectoryServices.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d331e73478ddb35b0cdf57fb5d20f36b\System.DirectoryServices.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\8e50c51664409fd0827cad6f3bd6620f\System.DirectoryServices.AccountManagement.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7c69e3dc27ebcbcfb593441dde062f9f\System.Deployment.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\1022c06835e5efb9182a51a9cc8bed0a\System.Deployment.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\9b667f51f9e74c247d316347e877bcb8\System.Data.ni.dll + 2011-10-12 10:29 . 2011-10-12 10:29 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\54a302a693fe200dca13ae027dd1483e\System.Data.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\ca490db992ca01cd0738cc925ff19667\System.Data.SqlXml.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\890ddce9d0da20701310973b426ad9bc\System.Data.SqlXml.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\623fe421e955fea3584af075f5791b25\System.Data.Services.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3a35cfdccde13bc82cad2d185cbf499b\System.Data.Services.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\ba62bcf7cadca469b4dca5c359a25d5c\System.Data.Services.Client.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\482a5772033d3697d48cd56fabaa8f47\System.Data.Services.Client.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\f94166a266be79a233e9adaef6dab1b7\System.Data.OracleClient.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\44b712cef2634344f6937bc262ef4694\System.Data.OracleClient.ni.dll + 2011-10-12 10:29 . 2011-10-12 10:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\a9b091af2bfa6b42d6d4ba21bbab2654\System.Data.Linq.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\526525bada7c41807b7c7f5163cd6b9b\System.Data.Linq.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\e0fae46f26c65a886991bb79b7b9226e\System.Data.Entity.Design.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\31ea0ae493a84f5f9fdb53ac2ea0ef5e\System.Data.Entity.Design.ni.dll + 2011-10-12 10:29 . 2011-10-12 10:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\d29cd9af48c9f04e62f28a358ce7a5ef\System.Core.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\8a86a03df8c034f9fe94a90a8b33db3e\System.Core.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ed12ba2bc40f63f4df4a88d0dc63d944\System.Configuration.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\50f97a989230bfb46ad7522a8b5b2512\System.Configuration.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\cea11bf24c34ec3c60e3c625a5352bf8\ReachFramework.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\84498b1de82bbca231c0f2c752f006a0\ReachFramework.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fbbc64b5a3c02693e17b46185eb9c694\PresentationUI.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\2f6ef4c26e7407afd96c67a356654b49\PresentationUI.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\f279cbbbf242e95f1585e0ed3cce3a8c\PresentationBuildTasks.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0bad6e741e9b73cc6cc2c935f0e42785\PresentationBuildTasks.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\fae816622f2bd77ac9cb69ab8caf1439\Narrator.ni.exe + 2011-10-12 10:37 . 2011-10-12 10:37 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\5668e146fdbccc3f9f4b21d5a70b7eb4\Narrator.ni.exe + 2011-10-12 10:36 . 2011-10-12 10:36 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\acd4d9299552d5e1680f939da1001675\MMCEx.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\813233f023d8a37741bf10a899a40d86\MMCEx.ni.dll + 2012-01-12 10:09 . 2012-01-12 10:09 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\6029a4ca1be3d971d470eb2c1ff627e0\MIGUIControls.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\27671a1907d4daac68d35b72cb945526\MIGUIControls.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\7fe40682a4f2f30ddb25da3a8796d282\Microsoft.VisualBasic.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\0dd8910bfe51905a020755c33972874b\Microsoft.VisualBasic.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\f0e3b091c929659d66eb6d38806c9918\Microsoft.Transactions.Bridge.ni.dll
  7. ComboFix 12-03-16.03 - H 03/16/2012 12:54:09.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3747 [GMT -7:00] Running from: c:\users\H\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 ))))))))))))))))))))))))))))))) . . 2012-03-16 20:04 . 2012-03-16 20:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05EBA8D6-43AE-49CF-B9D1-E8577BCC0F41}\offreg.dll 2012-03-16 20:01 . 2012-03-16 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-03-16 20:01 . 2012-03-16 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-16 02:05 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05EBA8D6-43AE-49CF-B9D1-E8577BCC0F41}\mpengine.dll 2012-03-16 02:03 . 2012-03-16 02:03 -------- d-----w- c:\users\H\AppData\Roaming\QuickScan 2012-03-16 01:53 . 2012-03-16 01:53 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-16 01:38 . 2012-03-16 01:38 -------- d-----w- C:\rsit 2012-03-16 01:38 . 2012-03-16 01:38 -------- d-----w- c:\program files\trend micro 2012-03-16 01:33 . 2012-03-16 01:33 -------- d-----w- c:\program files (x86)\ERUNT 2012-03-15 02:08 . 2012-03-15 04:58 -------- d-----w- c:\windows\Microsoft Antimalware 2012-02-29 23:18 . 2012-02-29 23:18 -------- d-----w- c:\windows\system32\Macromed . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-29 23:18 . 2011-06-12 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-10 20:36 . 2012-02-10 20:37 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32CCB676-1E14-43D6-A713-808693944315}\gapaengine.dll 2012-02-08 07:13 . 2011-09-07 15:17 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2011-09-06 14:59 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-03 14:25 . 2012-02-15 06:16 404992 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-09-20_00.48.19 ))))))))))))))))))))))))))))))))))))))))) . - 2009-10-08 12:40 . 2009-06-15 14:54 77312 c:\windows\SysWOW64\secur32.dll + 2012-01-11 14:02 . 2011-11-16 16:24 77312 c:\windows\SysWOW64\secur32.dll + 2012-01-11 14:02 . 2011-11-18 17:47 66560 c:\windows\SysWOW64\packager.dll + 2012-02-15 10:00 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll - 2011-08-11 10:11 . 2011-07-22 02:44 72704 c:\windows\SysWOW64\mshtmled.dll - 2011-08-11 10:11 . 2011-07-22 02:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-02-15 10:00 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2006-11-02 12:13 . 2006-11-02 09:46 23552 c:\windows\SysWOW64\mciseq.dll + 2012-01-11 14:02 . 2011-10-14 16:00 23552 c:\windows\SysWOW64\mciseq.dll - 2011-08-11 10:11 . 2011-07-22 02:46 65024 c:\windows\SysWOW64\jsproxy.dll + 2012-02-15 10:00 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll - 2008-01-21 03:20 . 2011-09-06 14:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-21 03:20 . 2012-03-05 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-01-21 03:20 . 2011-09-06 14:55 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-21 03:20 . 2012-03-05 23:23 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-21 03:20 . 2012-03-05 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-01-21 03:20 . 2011-09-06 14:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-24 17:50 . 2010-09-24 17:50 67072 c:\windows\system32\ZuneTcp2Udp.dll + 2011-07-22 23:47 . 2011-07-22 23:47 67072 c:\windows\system32\ZuneTcp2Udp.dll - 2010-09-24 17:50 . 2010-09-24 17:50 60928 c:\windows\system32\ZuneRegUtil.dll + 2011-07-22 23:47 . 2011-07-22 23:47 60928 c:\windows\system32\ZuneRegUtil.dll + 2011-07-22 23:47 . 2011-07-22 23:47 45568 c:\windows\system32\ZunePTDNS.dll - 2010-09-24 17:50 . 2010-09-24 17:50 45568 c:\windows\system32\ZunePTDNS.dll + 2008-01-21 02:23 . 2012-03-16 20:05 61538 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-03-16 20:06 82994 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-06-28 20:21 . 2012-03-16 20:06 17734 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-809377086-3892647188-450367023-1000_UserData.bin - 2009-10-08 12:40 . 2009-06-15 15:12 94720 c:\windows\system32\secur32.dll + 2012-01-11 14:02 . 2011-11-16 16:42 94720 c:\windows\system32\secur32.dll + 2012-01-11 14:02 . 2011-11-18 18:07 76800 c:\windows\system32\packager.dll - 2011-08-11 10:11 . 2011-07-22 05:32 96256 c:\windows\system32\mshtmled.dll + 2012-02-15 10:00 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll + 2012-02-15 10:00 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll - 2011-08-11 10:11 . 2011-07-22 05:34 86528 c:\windows\system32\migration\WininetPlugin.dll - 2006-11-02 09:53 . 2006-11-02 11:17 28672 c:\windows\system32\mciwave.dll + 2012-01-11 14:02 . 2011-10-14 17:27 28672 c:\windows\system32\mciwave.dll - 2006-11-02 09:53 . 2006-11-02 11:17 28160 c:\windows\system32\mciseq.dll + 2012-01-11 14:02 . 2011-10-14 17:27 28160 c:\windows\system32\mciseq.dll - 2006-11-02 09:53 . 2006-11-02 11:17 48128 c:\windows\system32\mcicda.dll + 2012-01-11 14:02 . 2011-10-14 17:27 48128 c:\windows\system32\mcicda.dll + 2012-01-11 14:02 . 2011-11-16 14:34 11264 c:\windows\system32\lsass.exe - 2009-10-08 12:40 . 2009-06-15 13:15 11264 c:\windows\system32\lsass.exe + 2012-02-15 10:00 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll - 2011-08-11 10:11 . 2011-07-22 05:34 85504 c:\windows\system32\jsproxy.dll + 2011-07-22 23:47 . 2011-07-22 23:47 67072 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneTcp2Udp.dll + 2011-07-22 23:47 . 2011-07-22 23:47 60928 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneRegUtil.dll + 2011-07-22 23:47 . 2011-07-22 23:47 45568 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZunePTDNS.dll + 2011-11-09 04:41 . 2011-09-20 14:04 40448 c:\windows\system32\drivers\tcpipreg.sys - 2011-08-10 20:28 . 2011-06-17 13:56 40448 c:\windows\system32\drivers\tcpipreg.sys + 2011-09-11 02:05 . 2011-12-10 22:24 23152 c:\windows\system32\drivers\mbam.sys + 2011-12-15 03:24 . 2011-10-25 16:09 85504 c:\windows\system32\csrsrv.dll - 2011-07-13 00:22 . 2011-04-20 15:58 85504 c:\windows\system32\csrsrv.dll - 2009-06-28 20:19 . 2011-09-20 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-06-28 20:19 . 2012-01-31 23:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-06-28 20:19 . 2011-09-20 00:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-06-28 20:19 . 2012-01-31 23:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-06-28 20:19 . 2011-09-20 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-06-28 20:19 . 2012-01-31 23:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-19 03:41 . 2011-06-24 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-19 03:41 . 2012-03-13 02:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-19 03:41 . 2012-03-13 02:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-19 03:41 . 2011-06-24 07:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-19 03:41 . 2011-06-24 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-19 03:41 . 2012-03-13 02:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-22 06:57 . 2011-11-22 06:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll + 2012-01-11 14:02 . 2011-12-27 02:51 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe + 2011-11-22 05:31 . 2011-11-22 05:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll + 2012-01-11 14:02 . 2011-12-27 02:51 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe - 2011-09-18 10:10 . 2011-09-18 10:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2012-03-13 10:04 . 2012-03-13 10:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2011-09-18 10:10 . 2011-09-18 10:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2012-03-13 10:04 . 2012-03-13 10:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2012-03-13 10:04 . 2012-03-13 10:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll - 2011-09-18 10:10 . 2011-09-18 10:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2012-03-13 10:04 . 2012-03-13 10:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll - 2011-09-18 10:10 . 2011-09-18 10:10 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll + 2012-03-13 10:04 . 2012-03-13 10:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll - 2011-09-18 10:10 . 2011-09-18 10:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll - 2011-09-18 10:10 . 2011-09-18 10:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2012-03-13 10:04 . 2012-03-13 10:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2012-03-13 10:04 . 2012-03-13 10:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2011-09-18 10:10 . 2011-09-18 10:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2011-09-18 10:10 . 2011-09-18 10:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2012-03-13 10:04 . 2012-03-13 10:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2012-03-13 10:04 . 2012-03-13 10:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2011-09-18 10:10 . 2011-09-18 10:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll + 2012-03-13 10:04 . 2012-03-13 10:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2011-09-18 10:10 . 2011-09-18 10:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2011-09-18 10:10 . 2011-09-18 10:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2012-03-13 10:04 . 2012-03-13 10:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2011-09-18 10:10 . 2011-09-18 10:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-03-13 10:04 . 2012-03-13 10:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2011-09-18 10:10 . 2011-09-18 10:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2012-03-13 10:04 . 2012-03-13 10:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2011-09-18 10:10 . 2011-09-18 10:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2012-03-13 10:04 . 2012-03-13 10:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2012-03-13 10:04 . 2012-03-13 10:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2011-09-18 10:10 . 2011-09-18 10:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2011-09-18 10:10 . 2011-09-18 10:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll + 2012-03-13 10:04 . 2012-03-13 10:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll - 2011-09-18 10:10 . 2011-09-18 10:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-03-13 10:04 . 2012-03-13 10:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-03-13 10:04 . 2012-03-13 10:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-09-18 10:10 . 2011-09-18 10:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2011-09-18 10:10 . 2011-09-18 10:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2012-03-13 10:04 . 2012-03-13 10:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2011-09-18 10:10 . 2011-09-18 10:10 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-03-13 10:04 . 2012-03-13 10:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2011-09-18 10:10 . 2011-09-18 10:10 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-03-13 10:04 . 2012-03-13 10:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2011-09-18 10:09 . 2011-09-18 10:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-03-13 10:03 . 2012-03-13 10:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2011-09-18 10:09 . 2011-09-18 10:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-03-13 10:03 . 2012-03-13 10:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-03-15 04:52 . 2012-03-15 04:52 12288 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-205208-00000003-ffffffff.bin + 2012-02-04 20:45 . 2012-02-04 20:45 22016 c:\windows\Installer\e8c8e.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fdd.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fd6.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fcf.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fc8.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fc1.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fba.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fb3.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fac.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fa5.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f9e.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f97.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f90.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f89.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f82.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f7b.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f74.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f56.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f38.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f1a.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7efc.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7ede.msi + 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7ec0.msi + 2011-11-18 19:45 . 2011-11-18 19:45 77312 c:\windows\Installer\aa7ea8.msi - 2011-09-16 10:03 . 2011-09-16 10:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2012-02-07 10:00 . 2012-02-07 10:00 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2012-02-07 10:01 . 2012-02-07 10:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2011-09-16 10:03 . 2011-09-16 10:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2010-06-04 10:01 . 2011-06-16 10:19 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2010-06-04 10:01 . 2012-02-16 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2012-01-24 22:41 . 2012-01-24 22:41 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2012-01-24 22:41 . 2012-01-24 22:41 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe + 2005-12-02 21:18 . 2005-12-02 21:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe + 2009-10-14 20:24 . 2009-10-14 20:24 99976 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe + 2008-11-12 06:15 . 2008-11-12 06:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf + 2010-09-21 06:07 . 2010-09-21 06:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll + 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL + 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE + 2009-02-27 01:43 . 2009-02-27 01:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL + 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE + 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL + 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE - 2006-11-02 12:40 . 2011-09-06 14:52 51200 c:\windows\inf\infpub.dat + 2006-11-02 12:40 . 2011-11-18 19:44 51200 c:\windows\inf\infpub.dat + 2012-03-13 10:13 . 2012-03-13 10:13 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll + 2012-03-13 10:09 . 2012-03-13 10:09 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe + 2012-03-13 10:08 . 2012-03-13 10:08 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\9f6d11340d0b68bb30dbad5092e56a92\UIXControls.ni.dll + 2011-11-18 19:44 . 2011-11-18 19:44 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\3aa0ddd6d91850ce0b5644f73b62e4a7\UIXControls.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\067175115d10c3d264ab318e820765e5\System.Windows.Presentation.ni.dll + 2011-10-12 10:38 . 2011-10-12 10:38 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\00db78298fe5452c0f0841e3688193df\System.Windows.Presentation.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\fbd4e0199e5933302cc414871408c2a3\System.Web.DynamicData.Design.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\32988c989fec0b0a6ea7420b687847f0\System.Web.DynamicData.Design.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\df5c4750465a0c3ad3a84aba30e8940b\PresentationFontCache.ni.exe + 2011-10-12 10:37 . 2011-10-12 10:37 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\175efd925a4d4e7deccc7855d6dcb3c9\PresentationFontCache.ni.exe + 2011-10-12 10:36 . 2011-10-12 10:36 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\fa0c632bdf12e9d70405212bbcb255ee\PresentationCFFRasterizer.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\0efd3bfda60c6df58207598eeb48f25a\PresentationCFFRasterizer.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\be2487a805f44453b91fbfcc612ddb68\Microsoft.WSMan.Runtime.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\a4a66a531fcba4ae3db28c68033787a4\Microsoft.WSMan.Runtime.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\28baaf9cc7640ebf81cc317dbd5119d6\Microsoft.VisualC.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\d44223fe604b9811a3a57cbf71c3f1f9\ehiExtCOM.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\95ac9a9bdd91cac933680ebd43d98e0a\ehExtCOM.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\2c497fedb47981d3f9cd789d3966ccf4\ehExtCOM.ni.dll + 2011-10-12 10:35 . 2011-10-12 10:35 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\42bec19a6f2ecc6f45c4d07b4e2d6083\dfsvc.ni.exe + 2011-10-12 10:33 . 2011-10-12 10:33 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\006ccb4b89e6670929d149ff641369ef\Accessibility.ni.dll + 2011-10-12 10:32 . 2011-10-12 10:32 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\4b4da1f58f246ac63a6486910ce4feca\System.Windows.Presentation.ni.dll + 2012-02-15 10:40 . 2012-02-15 10:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d64bb27d9b0901fbaf26a363f664476b\System.Web.DynamicData.Design.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\249d58bfb0fad2bfc6539cc4af8ae7dd\System.ComponentModel.DataAnnotations.ni.dll + 2011-10-12 10:32 . 2011-10-12 10:32 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\fa4e1998745ba5cfd3751d17172a50c1\System.AddIn.Contract.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bed862dc1b6ba4eb085a645d0df2873b\PresentationFontCache.ni.exe + 2012-02-15 10:39 . 2012-02-15 10:39 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0949167ed4166f458ba9f3b705b8bc21\PresentationCFFRasterizer.ni.dll + 2011-10-12 10:32 . 2011-10-12 10:32 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\67e74beedea6b1c61609c3199a41c112\napcrypt.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\099420b6b2b532b8156e510ae78da504\Microsoft.WSMan.Runtime.ni.dll + 2012-02-15 10:39 . 2012-02-15 10:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\90b93ddbe3aded4d91ed37540d3b62cd\Microsoft.Vsa.ni.dll + 2011-10-12 10:31 . 2011-10-12 10:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\0be0eb42238f115408fd2fab2b9a387f\Microsoft.VisualC.ni.dll + 2011-10-12 10:30 . 2011-10-12 10:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e51e9b0e132d5639a9d24d2fc93d84e2\Microsoft.Build.Framework.ni.dll + 2011-10-12 10:31 . 2011-10-12 10:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4bcbda8a78ed8746b758f2c961df98f9\Microsoft.Build.Framework.ni.dll + 2011-10-12 10:31 . 2011-10-12 10:31 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\188cef9a56634d7e4b9239c388576d94\ehiUserXp.ni.dll + 2011-10-12 10:31 . 2011-10-12 10:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\e4c8338d98d38340bd2e9eb91eb4ad78\dfsvc.ni.exe + 2011-10-12 10:30 . 2011-10-12 10:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll - 2011-08-24 15:44 . 2011-07-11 13:25 2048 c:\windows\SysWOW64\tzres.dll + 2011-12-15 03:24 . 2011-11-08 14:42 2048 c:\windows\SysWOW64\tzres.dll + 2011-10-11 19:10 . 2011-08-25 13:31 4096 c:\windows\SysWOW64\oleaccrc.dll - 2009-12-11 13:46 . 2009-10-08 21:07 4096 c:\windows\SysWOW64\oleaccrc.dll + 2011-12-15 03:24 . 2011-11-08 14:58 2048 c:\windows\system32\tzres.dll - 2011-08-24 15:44 . 2011-07-11 13:45 2048 c:\windows\system32\tzres.dll - 2009-12-11 13:46 . 2009-10-08 21:07 4096 c:\windows\system32\oleaccrc.dll + 2011-10-11 19:10 . 2011-08-25 13:54 4096 c:\windows\system32\oleaccrc.dll + 2012-03-16 20:04 . 2012-03-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-20 00:47 . 2011-09-20 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-16 20:04 . 2012-03-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-09-20 00:47 . 2011-09-20 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-13 10:17 . 2012-03-13 10:17 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe + 2012-01-11 14:02 . 2011-10-14 16:03 189952 c:\windows\SysWOW64\winmm.dll - 2009-12-03 13:53 . 2009-04-11 06:28 189952 c:\windows\SysWOW64\winmm.dll + 2012-01-11 14:02 . 2011-11-16 16:23 377344 c:\windows\SysWOW64\winhttp.dll - 2009-12-09 14:57 . 2009-08-24 11:36 377344 c:\windows\SysWOW64\winhttp.dll - 2011-08-11 10:11 . 2011-07-22 02:47 231936 c:\windows\SysWOW64\url.dll + 2012-02-15 10:00 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll + 2011-10-11 19:10 . 2011-08-25 16:15 555520 c:\windows\SysWOW64\UIAutomationCore.dll - 2009-12-11 13:45 . 2009-10-08 21:08 555520 c:\windows\SysWOW64\UIAutomationCore.dll + 2012-01-11 14:02 . 2011-11-16 16:23 278528 c:\windows\SysWOW64\schannel.dll + 2012-03-14 05:22 . 2012-01-09 15:54 613376 c:\windows\SysWOW64\rdpencom.dll + 2012-01-11 14:02 . 2011-10-25 15:58 497152 c:\windows\SysWOW64\qdvd.dll - 2009-12-03 13:52 . 2009-04-11 06:28 497152 c:\windows\SysWOW64\qdvd.dll - 2009-12-03 13:52 . 2009-04-11 06:28 293376 c:\windows\SysWOW64\psisdecd.dll + 2011-10-11 19:10 . 2011-07-29 16:01 293376 c:\windows\SysWOW64\psisdecd.dll - 2011-06-15 14:15 . 2010-12-20 16:35 563712 c:\windows\SysWOW64\oleaut32.dll + 2011-10-11 19:10 . 2011-08-25 16:14 563712 c:\windows\SysWOW64\oleaut32.dll + 2011-10-11 19:10 . 2011-08-25 16:14 238080 c:\windows\SysWOW64\oleacc.dll + 2012-02-15 06:16 . 2011-12-14 16:17 680448 c:\windows\SysWOW64\msvcrt.dll + 2012-02-29 23:18 . 2012-02-29 23:18 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe + 2012-01-12 14:26 . 2012-01-12 14:26 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe + 2012-02-15 10:00 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll - 2011-08-11 10:11 . 2011-07-22 02:45 716800 c:\windows\SysWOW64\jscript.dll - 2011-08-11 10:11 . 2011-07-22 02:43 176640 c:\windows\SysWOW64\ieui.dll + 2012-02-15 10:00 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll - 2011-03-09 05:41 . 2010-12-29 18:28 429056 c:\windows\SysWOW64\EncDec.dll + 2011-12-15 03:24 . 2011-10-14 16:02 429056 c:\windows\SysWOW64\EncDec.dll - 2011-02-10 04:17 . 2011-01-20 16:08 219648 c:\windows\SysWOW64\d3d10_1core.dll + 2012-03-14 05:22 . 2012-02-14 15:45 219648 c:\windows\SysWOW64\d3d10_1core.dll + 2012-03-14 05:22 . 2012-02-14 15:45 160768 c:\windows\SysWOW64\d3d10_1.dll - 2011-02-10 04:17 . 2011-01-20 16:08 160768 c:\windows\SysWOW64\d3d10_1.dll - 2011-02-10 04:17 . 2011-01-20 13:47 683008 c:\windows\SysWOW64\d2d1.dll + 2012-03-14 05:22 . 2012-02-13 13:47 683008 c:\windows\SysWOW64\d2d1.dll - 2010-09-24 17:50 . 2010-09-24 17:50 149504 c:\windows\system32\ZuneUsbTransport.dll + 2011-07-22 23:47 . 2011-07-22 23:47 149504 c:\windows\system32\ZuneUsbTransport.dll + 2011-07-22 23:47 . 2011-07-22 23:47 405504 c:\windows\system32\ZuneNetProxy.dll - 2010-09-24 17:50 . 2010-09-24 17:50 405504 c:\windows\system32\ZuneNetProxy.dll + 2011-07-22 23:47 . 2011-07-22 23:47 249344 c:\windows\system32\ZuneMTPZ.dll - 2010-09-24 17:50 . 2010-09-24 17:50 249344 c:\windows\system32\ZuneMTPZ.dll + 2011-07-22 23:47 . 2011-07-22 23:47 354304 c:\windows\system32\ZuneCoInst.dll + 2012-01-11 14:02 . 2011-11-25 16:25 451072 c:\windows\system32\winsrv.dll - 2011-08-10 20:28 . 2011-06-17 16:16 451072 c:\windows\system32\winsrv.dll + 2012-01-11 14:02 . 2011-10-14 17:31 211968 c:\windows\system32\winmm.dll - 2009-12-03 13:53 . 2009-04-11 07:11 211968 c:\windows\system32\winmm.dll - 2009-12-09 14:57 . 2009-08-24 11:47 442368 c:\windows\system32\winhttp.dll + 2012-01-11 14:02 . 2011-11-16 16:43 442368 c:\windows\system32\winhttp.dll + 2009-06-29 01:15 . 2011-10-15 19:24 352574 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2011-08-11 10:11 . 2011-07-22 05:35 237056 c:\windows\system32\url.dll + 2012-02-15 10:00 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll + 2011-10-11 19:10 . 2011-08-25 16:20 735744 c:\windows\system32\UIAutomationCore.dll + 2012-01-11 14:02 . 2011-11-16 16:42 347136 c:\windows\system32\schannel.dll + 2012-03-14 05:22 . 2012-01-09 16:16 708096 c:\windows\system32\rdpencom.dll - 2009-12-03 13:52 . 2009-04-11 07:11 352256 c:\windows\system32\qdvd.dll + 2012-01-11 14:02 . 2011-10-25 16:13 352256 c:\windows\system32\qdvd.dll - 2009-12-03 13:53 . 2009-04-11 07:11 375808 c:\windows\system32\psisdecd.dll + 2011-10-11 19:10 . 2011-07-29 16:08 375808 c:\windows\system32\psisdecd.dll + 2006-11-02 12:46 . 2012-03-16 01:07 606602 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-03-16 01:07 105202 c:\windows\system32\perfc009.dat + 2011-10-11 19:10 . 2011-08-25 16:19 847360 c:\windows\system32\oleaut32.dll - 2011-06-15 14:15 . 2010-12-20 16:59 847360 c:\windows\system32\oleaut32.dll + 2011-10-11 19:10 . 2011-08-25 16:19 332288 c:\windows\system32\oleacc.dll + 2012-02-15 06:16 . 2011-12-14 16:38 621056 c:\windows\system32\msvcrt.dll - 2009-12-03 13:53 . 2009-04-11 07:11 621056 c:\windows\system32\msvcrt.dll + 2012-02-29 23:18 . 2012-02-29 23:18 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe + 2012-02-15 10:00 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll - 2011-08-11 10:11 . 2011-07-22 05:30 248320 c:\windows\system32\ieui.dll + 2012-02-15 10:00 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll - 2006-11-02 15:21 . 2011-08-14 17:26 309760 c:\windows\system32\FNTCACHE.DAT + 2006-11-02 15:21 . 2012-03-14 10:20 309760 c:\windows\system32\FNTCACHE.DAT + 2011-12-15 03:24 . 2011-10-14 17:30 559616 c:\windows\system32\EncDec.dll - 2011-03-09 05:41 . 2010-12-29 19:01 559616 c:\windows\system32\EncDec.dll + 2011-07-22 23:47 . 2011-07-22 23:47 149504 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneUsbTransport.dll + 2011-07-22 23:47 . 2011-07-22 23:47 405504 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneNetProxy.dll + 2011-07-22 23:47 . 2011-07-22 23:47 249344 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneMTPZ.dll + 2011-07-22 23:47 . 2011-07-22 23:47 128000 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneIPTransport.dll + 2011-07-22 23:47 . 2011-07-22 23:47 354304 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneCoInst.dll + 2011-06-06 20:49 . 2011-06-06 20:49 708168 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WinUSBCoInstaller.dll + 2011-06-06 20:49 . 2011-06-06 20:49 708168 c:\windows\system32\DriverStore\FileRepository\wmzuneserusb.inf_a8c8911e\WinUSBCoInstaller.dll - 2009-12-03 13:52 . 2009-04-11 05:48 209920 c:\windows\system32\drivers\rdpwd.sys + 2012-03-14 05:22 . 2012-01-09 14:27 209920 c:\windows\system32\drivers\rdpwd.sys + 2012-01-11 14:02 . 2011-11-17 06:53 515968 c:\windows\system32\drivers\ksecdd.sys - 2011-02-10 04:17 . 2011-01-20 16:16 327680 c:\windows\system32\d3d10_1core.dll + 2012-03-14 05:22 . 2012-02-14 16:49 327680 c:\windows\system32\d3d10_1core.dll + 2012-03-14 05:22 . 2012-02-14 16:49 196096 c:\windows\system32\d3d10_1.dll - 2011-02-10 04:17 . 2011-01-20 16:16 196096 c:\windows\system32\d3d10_1.dll + 2012-03-14 05:22 . 2012-02-13 14:06 834048 c:\windows\system32\d2d1.dll - 2011-02-10 04:17 . 2011-01-20 14:06 834048 c:\windows\system32\d2d1.dll + 2010-06-15 11:57 . 2012-03-15 08:33 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2010-06-15 11:57 . 2010-06-15 11:57 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2010-06-15 11:57 . 2012-03-15 08:33 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2010-06-15 11:57 . 2010-06-15 11:57 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2010-10-25 04:24 . 2011-09-20 00:46 286784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-10-25 04:24 . 2012-03-16 20:02 286784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-22 06:57 . 2011-11-22 06:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll + 2011-12-26 12:47 . 2011-12-26 12:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe + 2012-01-11 14:02 . 2011-12-27 02:51 744720 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll - 2011-06-15 14:13 . 2011-03-29 10:52 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll + 2011-10-11 19:10 . 2011-07-08 11:52 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll + 2011-11-22 05:31 . 2011-11-22 05:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll + 2011-12-26 11:39 . 2011-12-26 11:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe + 2011-11-22 05:31 . 2011-11-22 05:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll + 2012-01-11 14:02 . 2011-12-27 02:51 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2011-10-11 19:10 . 2011-07-08 11:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll - 2011-06-15 14:13 . 2011-03-29 10:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll - 2011-06-15 14:13 . 2011-03-29 10:52 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2011-10-11 19:10 . 2011-07-08 11:53 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2011-09-18 10:10 . 2011-09-18 10:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2012-03-13 10:04 . 2012-03-13 10:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2012-03-13 10:04 . 2012-03-13 10:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll - 2011-09-18 10:10 . 2011-09-18 10:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2012-03-13 10:04 . 2012-03-13 10:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2011-09-18 10:10 . 2011-09-18 10:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2012-03-13 10:04 . 2012-03-13 10:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2011-09-18 10:10 . 2011-09-18 10:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2011-09-18 10:10 . 2011-09-18 10:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-03-13 10:04 . 2012-03-13 10:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-03-13 10:04 . 2012-03-13 10:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2011-09-18 10:10 . 2011-09-18 10:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2011-09-18 10:10 . 2011-09-18 10:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2012-03-13 10:04 . 2012-03-13 10:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2012-03-13 10:04 . 2012-03-13 10:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll + 2012-03-13 10:04 . 2012-03-13 10:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2011-09-18 10:10 . 2011-09-18 10:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2012-03-13 10:04 . 2012-03-13 10:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2011-09-18 10:10 . 2011-09-18 10:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2011-09-18 10:10 . 2011-09-18 10:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-03-13 10:04 . 2012-03-13 10:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-03-13 10:04 . 2012-03-13 10:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2011-09-18 10:10 . 2011-09-18 10:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2012-03-13 10:04 . 2012-03-13 10:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2011-09-18 10:10 . 2011-09-18 10:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-03-13 10:04 . 2012-03-13 10:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2012-03-13 10:04 . 2012-03-13 10:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2012-03-13 10:04 . 2012-03-13 10:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2011-09-18 10:10 . 2011-09-18 10:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-03-13 10:04 . 2012-03-13 10:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2011-09-18 10:10 . 2011-09-18 10:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2011-09-18 10:10 . 2011-09-18 10:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2012-03-13 10:04 . 2012-03-13 10:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2011-09-18 10:10 . 2011-09-18 10:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2012-03-13 10:04 . 2012-03-13 10:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2012-03-13 10:04 . 2012-03-13 10:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2011-09-18 10:10 . 2011-09-18 10:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2011-09-18 10:10 . 2011-09-18 10:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2012-03-13 10:04 . 2012-03-13 10:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2012-03-13 10:04 . 2012-03-13 10:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll - 2011-09-18 10:10 . 2011-09-18 10:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2012-03-13 10:04 . 2012-03-13 10:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2012-03-13 10:04 . 2012-03-13 10:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2011-09-18 10:10 . 2011-09-18 10:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-03-13 10:04 . 2012-03-13 10:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-03-13 10:04 . 2012-03-13 10:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2011-09-18 10:10 . 2011-09-18 10:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2011-09-18 10:10 . 2011-09-18 10:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-03-13 10:04 . 2012-03-13 10:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-03-13 10:04 . 2012-03-13 10:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2011-09-18 10:10 . 2011-09-18 10:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-03-13 10:04 . 2012-03-13 10:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2011-09-18 10:10 . 2011-09-18 10:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2011-09-18 10:10 . 2011-09-18 10:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2012-03-13 10:04 . 2012-03-13 10:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2012-03-13 10:04 . 2012-03-13 10:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2011-09-18 10:10 . 2011-09-18 10:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2011-09-18 10:10 . 2011-09-18 10:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2012-03-13 10:04 . 2012-03-13 10:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2012-03-13 10:04 . 2012-03-13 10:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll - 2011-09-18 10:10 . 2011-09-18 10:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2012-03-13 10:04 . 2012-03-13 10:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2012-03-13 10:04 . 2012-03-13 10:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2012-03-13 10:04 . 2012-03-13 10:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2011-09-18 10:10 . 2011-09-18 10:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-03-13 10:04 . 2012-03-13 10:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2011-09-18 10:10 . 2011-09-18 10:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2012-03-13 10:04 . 2012-03-13 10:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2011-09-18 10:10 . 2011-09-18 10:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2011-09-18 10:10 . 2011-09-18 10:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2012-03-13 10:04 . 2012-03-13 10:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll - 2011-09-18 10:10 . 2011-09-18 10:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2012-03-13 10:04 . 2012-03-13 10:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2011-09-18 10:10 . 2011-09-18 10:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2012-03-13 10:04 . 2012-03-13 10:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2012-03-13 10:04 . 2012-03-13 10:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2011-09-18 10:10 . 2011-09-18 10:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2012-03-13 10:04 . 2012-03-13 10:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2011-09-18 10:10 . 2011-09-18 10:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-03-13 10:04 . 2012-03-13 10:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-09-18 10:10 . 2011-09-18 10:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2011-09-18 10:10 . 2011-09-18 10:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2012-03-13 10:04 . 2012-03-13 10:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2011-09-18 10:10 . 2011-09-18 10:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-03-13 10:04 . 2012-03-13 10:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-03-13 10:04 . 2012-03-13 10:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2011-09-18 10:10 . 2011-09-18 10:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2011-09-18 10:10 . 2011-09-18 10:10 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-03-13 10:04 . 2012-03-13 10:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-03-13 10:04 . 2012-03-13 10:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2011-09-18 10:10 . 2011-09-18 10:10 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-03-13 10:04 . 2012-03-13 10:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2011-09-18 10:10 . 2011-09-18 10:10 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-03-13 10:04 . 2012-03-13 10:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-09-18 10:10 . 2011-09-18 10:10 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-09-18 10:10 . 2011-09-18 10:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-03-13 10:04 . 2012-03-13 10:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-03-13 10:04 . 2012-03-13 10:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2011-09-18 10:09 . 2011-09-18 10:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2011-09-18 10:10 . 2011-09-18 10:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-03-13 10:04 . 2012-03-13 10:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2011-09-18 10:09 . 2011-09-18 10:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-03-13 10:03 . 2012-03-13 10:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-03-13 10:03 . 2012-03-13 10:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-09-18 10:09 . 2011-09-18 10:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2011-09-18 10:09 . 2011-09-18 10:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-03-13 10:03 . 2012-03-13 10:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-03-15 02:09 . 2012-03-15 04:58 311296 c:\windows\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin + 2011-11-18 19:44 . 2011-11-18 19:44 788992 c:\windows\Installer\aa7e9a.msi + 2012-01-24 22:41 . 2012-01-24 22:41 922624 c:\windows\Installer\a7335d3.msi + 2011-11-07 23:43 . 2011-11-07 23:43 323072 c:\windows\Installer\19d3e9.msi + 2011-12-07 15:11 . 2011-12-07 15:11 188416 c:\windows\Installer\13fe5cfb.msi + 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe + 2010-09-21 06:07 . 2010-09-21 06:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe + 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe - 2006-11-02 12:40 . 2011-09-06 14:52 143360 c:\windows\inf\infstrng.dat + 2006-11-02 12:40 . 2011-11-18 19:44 143360 c:\windows\inf\infstrng.dat + 2006-11-02 12:40 . 2011-11-18 19:44 143360 c:\windows\inf\infstor.dat - 2006-11-02 12:40 . 2011-09-06 14:52 143360 c:\windows\inf\infstor.dat + 2012-03-16 01:35 . 2005-10-20 19:02 163328 c:\windows\ERDNT\3-15-2012\ERDNT.EXE + 2012-01-11 14:02 . 2011-11-01 16:35 196096 c:\windows\ehome\mstvcapn.dll + 2012-03-14 22:47 . 2012-03-14 22:47 710304 c:\windows\Downloaded Program Files\qsax.dll + 2012-03-13 10:13 . 2012-03-13 10:13 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll + 2012-03-13 10:13 . 2012-03-13 10:13 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll + 2012-03-13 10:08 . 2012-03-13 10:08 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll + 2012-03-13 10:12 . 2012-03-13 10:12 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll + 2012-03-13 10:11 . 2012-03-13 10:11 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe + 2012-03-13 10:10 . 2012-03-13 10:10 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll + 2012-03-13 10:10 . 2012-03-13 10:10 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-03-13 10:08 . 2012-03-13 10:08 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll + 2012-03-13 10:17 . 2012-03-13 10:17 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll + 2012-03-13 10:15 . 2012-03-13 10:15 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll + 2012-03-13 10:16 . 2012-03-13 10:16 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll + 2012-03-13 10:15 . 2012-03-13 10:15 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe + 2012-03-13 10:15 . 2012-03-13 10:15 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 755200 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8857db4eb5c9797068ff55872e8cff64\PresentationFramework.Luna.ni.dll + 2012-03-13 10:06 . 2012-03-13 10:06 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0a5b8a58dc91116727bfc775a1c19b8c\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2012-03-13 10:14 . 2012-03-13 10:14 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\e75d718c701de8465600c9a291850bd5\WsatConfig.ni.exe + 2011-10-12 10:38 . 2011-10-12 10:38 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\d3b8ba89ad6b7e3dd72e903eba259c9a\WsatConfig.ni.exe + 2011-10-12 10:38 . 2011-10-12 10:38 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ea6d8df86fc35898ec0ed1931286079d\WindowsFormsIntegration.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\24435f85f70be4cf3bc1837141e1f3f8\WindowsFormsIntegration.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\fcc1bb8b7816577d8ace229d8b10efc1\UIAutomationTypes.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\caf208f16abe2d305effc78e1f81e9b5\UIAutomationProvider.ni.dll + 2011-10-12 10:36 . 2011-10-12 10:36 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\ff7ff4d1cef4eb69de7a031b48398987\UIAutomationClient.ni.dll + 2012-02-15 10:35 . 2012-02-15 10:35 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\a0aca4bf0a203bb37a754232270cccfa\UIAutomationClient.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da762595ee5b4709e0ee72feeb95cf33\TaskScheduler.ni.dll + 2011-10-12 10:38 . 2011-10-12 10:38 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\a386c1261e6fa238c30d1ac51f56ef5b\TaskScheduler.ni.dll + 2011-10-12 10:38 . 2011-10-12 10:38 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\e961e5d1c86bf0c2b52249c3eb1d476c\System.Xml.Linq.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\64f3bb54c4e1236d27f817d7fa68172c\System.Xml.Linq.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\65d2ba6625880c2338b91670c438a107\System.Web.Routing.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\305bff6f5396544a7bfc56e84bfa1e87\System.Web.Routing.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\b7e323c4caccb48a6c7cd45c5c8b16f7\System.Web.RegularExpressions.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\270d74a31831149b21b5bea91c0aea5a\System.Web.RegularExpressions.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a3c3617414cec7911b49ffd306b291f4\System.Web.Entity.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0e0a0efe9ab9642700a8f57a4edbe976\System.Web.Entity.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d5d13f24e51a4fa41be09b8d2241f600\System.Web.Entity.Design.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\c530a47802b240b087da20b94c97cad4\System.Web.Entity.Design.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\86f7d8a68c51823d89921f55ff7e2603\System.Web.DynamicData.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\003e371c8df2a55501c5f738a7c5bec8\System.Web.DynamicData.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\9c64eb12d481157ee49e63fa21d75376\System.Web.Abstractions.ni.dll + 2012-01-12 10:10 . 2012-01-12 10:10 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\40994da02056e19475c5958f64195807\System.Web.Abstractions.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\acc28599cfdd7905c0f1dc28dd69c62c\System.Transactions.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\26713be7f0119f1ccd5cb301b4088616\System.Transactions.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\fd5a2f4321cd339b0d7dfcd46aac578c\System.ServiceProcess.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\39c01dd3934350653a7e47d85688a56e\System.ServiceProcess.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\6ec0affc7f8a6ef94bb7457353bed773\System.Security.ni.dll + 2012-02-15 10:32 . 2012-02-15 10:32 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\02c9a0da64efb6d60958a061835cb425\System.Security.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\d526d3a3a6657c8cd4508ebe888d50ad\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\9b37cb88d4fe41952c0ff8ec36df639c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\f8f6ea38bbdd49db6a1a029492909d14\System.Net.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\691b5229cb26bbb7fdb9ae20c289ad7f\System.Net.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\513a99c7b2bc651a72ee1c96f2ca9372\System.Messaging.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\43950691e68fa889d8276281c843c90a\System.Messaging.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\bb552a747610ce1e38ca20f767a905b3\System.Management.Instrumentation.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\4667706242b4b409f374dfcd2289dfad\System.Management.Instrumentation.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\ae581129b25b5f40ab1f9ddf55412c60\System.IO.Log.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\1b7cfed2b4bac8be0d75b2e5840e1648\System.IO.Log.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\b936404b70f3d96230370185221d2988\System.IdentityModel.Selectors.ni.dll + 2012-02-15 10:34 . 2012-02-15 10:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\a66bdd2dddd9808eae7e037ed299971b\System.IdentityModel.Selectors.ni.dll + 2011-10-12 10:33 . 2011-10-12 10:33 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.Wrapper.dll + 2012-02-15 10:32 . 2012-02-15 10:32 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1a90a8d222464221458d0ebef4ac8216\System.EnterpriseServices.Wrapper.dll + 2012-02-15 10:29 . 2012-02-15 10:29 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a29ca53b0da167fff25e474202b5aa24\System.Drawing.Design.ni.dll + 2011-10-12 10:29 . 2011-10-12 10:29 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\23ae39416a886e06e99e5f1a362a0ca2\System.Drawing.Design.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e3f2322ddd355493f592702d27f9edf0\System.DirectoryServices.Protocols.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d3b45c9a426e4247060210a4442e57c1\System.DirectoryServices.Protocols.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\8ae8c8c594d7ad7f6430b65d72d0cb58\System.Data.Services.Design.ni.dll + 2012-02-15 10:37 . 2012-02-15 10:37 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\6501cb8efc619b96b3b6b754f6fcf5aa\System.Data.Services.Design.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\5e7784d0562f54ba2bac4fab3f3c7da6\System.Data.DataSetExtensions.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\2123c2ac019fe39a10ac3b10ab4086ca\System.Data.DataSetExtensions.ni.dll + 2011-10-12 10:34 . 2011-10-12 10:34 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a00d13945ba2ae72e0f81a330405ef94\System.Configuration.Install.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\1bb009ad266e51586d48ce4dc1e15336\System.Configuration.Install.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\e0828964993d832dabb31b17c6d82a02\System.ComponentModel.DataAnnotations.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\a84b1a7e829536918cbee735c98cf7a4\System.ComponentModel.DataAnnotations.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\892fa605806b4152e60a5b80d01d646a\System.AddIn.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\4b49b44dcb277e6cba02bec7bdd5f53a\System.AddIn.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fab800c985d2637100bb4a74ee70c5c1\System.AddIn.Contract.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\091348740bb38b85dece99d1deb33d06\sysglobl.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\e50076b441b0a3744dfb857e8c10c7a3\SMSvcHost.ni.exe + 2012-02-15 10:36 . 2012-02-15 10:36 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6bcd8ba05cb1434cc5a15e50f67ff1fb\SMSvcHost.ni.exe + 2011-10-12 10:34 . 2011-10-12 10:34 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\fa7982dd82101344f9a0ec5a7df12d13\SMDiagnostics.ni.dll + 2012-02-15 10:33 . 2012-02-15 10:33 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\57f792edd3d4b372dd74906b9519cb83\SMDiagnostics.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\8f0a08eaa171d56cbb2e4187ab8746b4\ServiceModelReg.ni.exe + 2012-01-12 10:10 . 2012-01-12 10:10 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\6ba06b090714e51e8a92499ade057045\ServiceModelReg.ni.exe + 2012-02-15 10:29 . 2012-02-15 10:29 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c44df85a8829301af9fe97c6cb3c8124\PresentationFramework.Classic.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b1a7be598a0c377152ef1f42e7c1eac3\PresentationFramework.Royale.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\af19f6e696a20ae3a64a683bb34b6cf0\PresentationFramework.Royale.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\939a859ef807fb6511db2a22ede35d29\PresentationFramework.Luna.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\59a734aadd2294941fd7bbb62e76ab1f\PresentationFramework.Luna.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\574c8f267bed7da9a80d9f3a428099bd\PresentationFramework.Aero.ni.dll + 2011-10-12 10:28 . 2011-10-12 10:28 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\3f65d45a3ff81a26fc82e5c6fcc10370\PresentationFramework.Classic.ni.dll + 2012-02-15 10:29 . 2012-02-15 10:29 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2617b044b288975dd6ebda2ef9417852\PresentationFramework.Aero.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\900ae2d2a1e97c15ecf1f38a613fb4a9\napsnap.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\155c6b2c094e804bc48f3c697c8b5875\napsnap.ni.dll + 2012-02-15 10:36 . 2012-02-15 10:36 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d9abdc76a774e8c77189b025ccb3a052\napinit.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\8ba28cd475eddd59aa72048078b9d38d\napinit.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\c1aca362549bc87db4cd9b39e915fc34\naphlpr.ni.dll + 2011-10-12 10:37 . 2011-10-12 10:37 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\db12e1be90224e573376cc86b197d869\napcrypt.ni.dll
  8. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.16.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 H :: H-PC [administrator] 3/16/2012 1:21:38 PM mbam-log-2012-03-16 (13-21-38).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 487940 Time elapsed: 1 hour(s), 1 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Wow. My system seems to be much better now. It no longer appears to be hijacked! Thank you very much... RogueKiller V7.3.1 [03/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User: H [Admin rights] Mode: Scan -- Date: 03/16/2012 12:43:20 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++ --- User --- [MBR] d6afffae687fce73d04871ac6cc1198a [bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST31000528AS +++++ --- User --- [MBR] 0a95b3e60a0c0703a17e29a8bd2459ef [bSP] 2589d35b9b4bf3f2ef56561a925b0bbc : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  10. After running aswMBR, the Fix button was not enabled. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-03-15 20:33:21 ----------------------------- 20:33:21.457 OS Version: Windows x64 6.0.6002 Service Pack 2 20:33:21.458 Number of processors: 2 586 0x170A 20:33:21.458 ComputerName: H-PC UserName: H 20:33:22.971 Initialize success 20:34:26.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:34:26.685 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8 20:34:26.688 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 20:34:26.691 Disk 1 Vendor: ST310005 CC36 Size: 953869MB BusType: 8 20:34:26.695 Disk 0 MBR read successfully 20:34:26.700 Disk 0 MBR scan 20:34:26.705 Disk 0 unknown MBR code 20:34:26.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596475 MB offset 63 20:34:26.735 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 1221582600 20:34:26.774 Disk 0 scanning C:\Windows\system32\drivers 20:34:32.521 Service scanning 20:34:37.171 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 20:34:43.031 Modules scanning 20:34:43.041 Scan finished successfully 20:35:35.516 Disk 0 MBR has been saved successfully to "C:\Users\H\Desktop\MBR.dat" 20:35:35.530 The log file has been saved successfully to "C:\Users\H\Desktop\aswMBR.txt" ListParts by Farbar Version: 12-03-2012 03 Ran by H (administrator) on 15-03-2012 at 20:36:44 Windows Vista (X64) Running From: C:\Users\H\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 33% Total physical RAM: 6133.33 MB Available physical RAM: 4077.29 MB Total Pagefile: 12379.7 MB Available Pagefile: 10340.15 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:242.64 GB) NTFS ==>[Drive with boot components (obtanied from BCD)] 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.37 GB) NTFS ==>[system with boot components (obtained from reading drive)] 8 Drive j: (Backup HP) (Fixed) (Total:931.51 GB) (Free:412.8 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 932 GB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 582 GB 32 KB Partition 2 Primary 14 GB 582 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C HP NTFS Partition 582 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D FACTORY_IMA NTFS Partition 14 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 932 GB 1024 KB ====================================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 J Backup HP NTFS Partition 932 GB Healthy ====================================================================================================== ****** End Of Log ******
  11. Results of screen317's Security Check version 0.99.31 Windows Vista x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! FixRedirectVirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 21 Java version out of date! Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (10.0.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log```````````` 18:52:46.0914 4460 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 18:52:47.0284 4460 ============================================================ 18:52:47.0284 4460 Current date / time: 2012/03/15 18:52:47.0284 18:52:47.0284 4460 SystemInfo: 18:52:47.0284 4460 18:52:47.0284 4460 OS Version: 6.0.6002 ServicePack: 2.0 18:52:47.0284 4460 Product type: Workstation 18:52:47.0284 4460 ComputerName: H-PC 18:52:47.0284 4460 UserName: H 18:52:47.0284 4460 Windows directory: C:\Windows 18:52:47.0284 4460 System windows directory: C:\Windows 18:52:47.0284 4460 Running under WOW64 18:52:47.0284 4460 Processor architecture: Intel x64 18:52:47.0284 4460 Number of processors: 2 18:52:47.0284 4460 Page size: 0x1000 18:52:47.0284 4460 Boot type: Normal boot 18:52:47.0284 4460 ============================================================ 18:52:53.0745 4460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:52:53.0752 4460 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:52:53.0788 4460 \Device\Harddisk0\DR0: 18:52:53.0788 4460 MBR used 18:52:53.0788 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CFDEC9 18:52:53.0788 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48CFDF08, BlocksNum 0x1B58FB9 18:52:53.0788 4460 \Device\Harddisk1\DR1: 18:52:53.0788 4460 MBR used 18:52:53.0788 4460 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 18:52:54.0092 4460 Initialize success 18:52:54.0092 4460 ============================================================ 18:52:56.0022 4568 ============================================================ 18:52:56.0022 4568 Scan started 18:52:56.0022 4568 Mode: Manual; 18:52:56.0022 4568 ============================================================ 18:52:56.0753 4568 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys 18:52:56.0755 4568 61883 - ok 18:52:56.0806 4568 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 18:52:56.0811 4568 ACPI - ok 18:52:56.0942 4568 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 18:52:56.0986 4568 adp94xx - ok 18:52:57.0083 4568 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 18:52:57.0090 4568 adpahci - ok 18:52:57.0170 4568 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 18:52:57.0173 4568 adpu160m - ok 18:52:57.0196 4568 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 18:52:57.0200 4568 adpu320 - ok 18:52:57.0265 4568 Aeleadr - ok 18:52:57.0281 4568 Afc - ok 18:52:57.0369 4568 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 18:52:57.0375 4568 AFD - ok 18:52:57.0505 4568 AgereSoftModem (1cd4b03012d62962274e1c9eb8670a10) C:\Windows\system32\DRIVERS\agrsm64.sys 18:52:57.0525 4568 AgereSoftModem - ok 18:52:57.0617 4568 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 18:52:57.0619 4568 agp440 - ok 18:52:57.0677 4568 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 18:52:57.0680 4568 aic78xx - ok 18:52:57.0732 4568 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 18:52:57.0734 4568 aliide - ok 18:52:57.0781 4568 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 18:52:57.0783 4568 amdide - ok 18:52:57.0847 4568 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 18:52:57.0849 4568 AmdK8 - ok 18:52:57.0913 4568 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 18:52:57.0915 4568 arc - ok 18:52:57.0933 4568 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 18:52:57.0935 4568 arcsas - ok 18:52:57.0994 4568 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 18:52:57.0995 4568 AsyncMac - ok 18:52:58.0038 4568 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys 18:52:58.0040 4568 atapi - ok 18:52:58.0112 4568 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys 18:52:58.0114 4568 Avc - ok 18:52:58.0126 4568 Beep - ok 18:52:58.0209 4568 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 18:52:58.0210 4568 blbdrive - ok 18:52:58.0257 4568 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 18:52:58.0259 4568 bowser - ok 18:52:58.0306 4568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 18:52:58.0327 4568 BrFiltLo - ok 18:52:58.0351 4568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 18:52:58.0352 4568 BrFiltUp - ok 18:52:58.0379 4568 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 18:52:58.0382 4568 Brserid - ok 18:52:58.0416 4568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 18:52:58.0418 4568 BrSerWdm - ok 18:52:58.0456 4568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 18:52:58.0458 4568 BrUsbMdm - ok 18:52:58.0471 4568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 18:52:58.0473 4568 BrUsbSer - ok 18:52:58.0502 4568 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 18:52:58.0504 4568 BTHMODEM - ok 18:52:58.0512 4568 catchme - ok 18:52:58.0526 4568 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 18:52:58.0528 4568 cdfs - ok 18:52:58.0564 4568 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 18:52:58.0566 4568 cdrom - ok 18:52:58.0592 4568 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 18:52:58.0594 4568 circlass - ok 18:52:58.0635 4568 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 18:52:58.0641 4568 CLFS - ok 18:52:58.0685 4568 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 18:52:58.0687 4568 cmdide - ok 18:52:58.0707 4568 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 18:52:58.0708 4568 Compbatt - ok 18:52:58.0722 4568 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 18:52:58.0724 4568 crcdisk - ok 18:52:58.0769 4568 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 18:52:58.0772 4568 DfsC - ok 18:52:58.0793 4568 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 18:52:58.0796 4568 disk - ok 18:52:58.0839 4568 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 18:52:58.0840 4568 drmkaud - ok 18:52:58.0885 4568 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 18:52:58.0899 4568 DXGKrnl - ok 18:52:58.0920 4568 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 18:52:58.0924 4568 E1G60 - ok 18:52:58.0966 4568 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 18:52:58.0969 4568 Ecache - ok 18:52:59.0007 4568 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 18:52:59.0015 4568 elxstor - ok 18:52:59.0053 4568 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 18:52:59.0055 4568 ErrDev - ok 18:52:59.0106 4568 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 18:52:59.0111 4568 exfat - ok 18:52:59.0161 4568 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 18:52:59.0165 4568 fastfat - ok 18:52:59.0204 4568 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 18:52:59.0206 4568 fdc - ok 18:52:59.0223 4568 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 18:52:59.0226 4568 FileInfo - ok 18:52:59.0258 4568 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 18:52:59.0259 4568 Filetrace - ok 18:52:59.0307 4568 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 18:52:59.0308 4568 flpydisk - ok 18:52:59.0355 4568 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 18:52:59.0361 4568 FltMgr - ok 18:52:59.0393 4568 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 18:52:59.0395 4568 Fs_Rec - ok 18:52:59.0424 4568 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 18:52:59.0426 4568 gagp30kx - ok 18:52:59.0473 4568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:52:59.0475 4568 GEARAspiWDM - ok 18:52:59.0543 4568 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:52:59.0559 4568 HDAudBus - ok 18:52:59.0588 4568 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 18:52:59.0589 4568 HidBth - ok 18:52:59.0608 4568 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 18:52:59.0610 4568 HidIr - ok 18:52:59.0654 4568 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys 18:52:59.0655 4568 HidUsb - ok 18:52:59.0706 4568 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 18:52:59.0708 4568 HpCISSs - ok 18:52:59.0755 4568 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 18:52:59.0765 4568 HTTP - ok 18:52:59.0775 4568 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 18:52:59.0776 4568 i2omp - ok 18:52:59.0793 4568 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 18:52:59.0795 4568 i8042prt - ok 18:52:59.0847 4568 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys 18:52:59.0851 4568 iaStor - ok 18:52:59.0880 4568 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 18:52:59.0886 4568 iaStorV - ok 18:53:00.0125 4568 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys 18:53:00.0219 4568 igfx - ok 18:53:00.0252 4568 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 18:53:00.0253 4568 iirsp - ok 18:53:00.0364 4568 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys 18:53:00.0389 4568 IntcAzAudAddService - ok 18:53:00.0416 4568 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 18:53:00.0417 4568 intelide - ok 18:53:00.0459 4568 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 18:53:00.0459 4568 intelppm - ok 18:53:00.0495 4568 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:53:00.0497 4568 IpFilterDriver - ok 18:53:00.0518 4568 IpInIp - ok 18:53:00.0554 4568 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 18:53:00.0556 4568 IPMIDRV - ok 18:53:00.0579 4568 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 18:53:00.0582 4568 IPNAT - ok 18:53:00.0634 4568 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 18:53:00.0636 4568 IRENUM - ok 18:53:00.0665 4568 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 18:53:00.0666 4568 isapnp - ok 18:53:00.0701 4568 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 18:53:00.0705 4568 iScsiPrt - ok 18:53:00.0731 4568 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 18:53:00.0733 4568 iteatapi - ok 18:53:00.0768 4568 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 18:53:00.0769 4568 iteraid - ok 18:53:00.0779 4568 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 18:53:00.0781 4568 kbdclass - ok 18:53:00.0796 4568 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys 18:53:00.0797 4568 kbdhid - ok 18:53:00.0844 4568 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys 18:53:00.0853 4568 KSecDD - ok 18:53:00.0867 4568 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 18:53:00.0868 4568 ksthunk - ok 18:53:00.0906 4568 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 18:53:00.0908 4568 lltdio - ok 18:53:00.0954 4568 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 18:53:00.0957 4568 LSI_FC - ok 18:53:00.0999 4568 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 18:53:01.0001 4568 LSI_SAS - ok 18:53:01.0039 4568 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 18:53:01.0042 4568 LSI_SCSI - ok 18:53:01.0068 4568 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 18:53:01.0070 4568 luafv - ok 18:53:01.0096 4568 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 18:53:01.0098 4568 megasas - ok 18:53:01.0137 4568 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 18:53:01.0145 4568 MegaSR - ok 18:53:01.0165 4568 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 18:53:01.0166 4568 Modem - ok 18:53:01.0198 4568 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 18:53:01.0199 4568 monitor - ok 18:53:01.0231 4568 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 18:53:01.0233 4568 mouclass - ok 18:53:01.0252 4568 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 18:53:01.0254 4568 mouhid - ok 18:53:01.0272 4568 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 18:53:01.0275 4568 MountMgr - ok 18:53:01.0299 4568 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 18:53:01.0303 4568 MpFilter - ok 18:53:01.0333 4568 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 18:53:01.0336 4568 mpio - ok 18:53:01.0430 4568 MpKslf8e589f0 (0ebb390b7aeec45ec061d9870a34fd42) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys 18:53:01.0431 4568 MpKslf8e589f0 - ok 18:53:01.0482 4568 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 18:53:01.0483 4568 MpNWMon - ok 18:53:01.0497 4568 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 18:53:01.0499 4568 mpsdrv - ok 18:53:01.0517 4568 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 18:53:01.0519 4568 Mraid35x - ok 18:53:01.0559 4568 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 18:53:01.0562 4568 MRxDAV - ok 18:53:01.0596 4568 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:53:01.0599 4568 mrxsmb - ok 18:53:01.0632 4568 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:53:01.0637 4568 mrxsmb10 - ok 18:53:01.0654 4568 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:53:01.0657 4568 mrxsmb20 - ok 18:53:01.0675 4568 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 18:53:01.0677 4568 msahci - ok 18:53:01.0695 4568 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 18:53:01.0698 4568 msdsm - ok 18:53:01.0741 4568 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys 18:53:01.0743 4568 MSDV - ok 18:53:01.0760 4568 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 18:53:01.0761 4568 Msfs - ok 18:53:01.0793 4568 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 18:53:01.0794 4568 msisadrv - ok 18:53:01.0828 4568 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 18:53:01.0830 4568 MSKSSRV - ok 18:53:01.0851 4568 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 18:53:01.0853 4568 MSPCLOCK - ok 18:53:01.0867 4568 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 18:53:01.0868 4568 MSPQM - ok 18:53:01.0902 4568 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 18:53:01.0909 4568 MsRPC - ok 18:53:01.0927 4568 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 18:53:01.0928 4568 mssmbios - ok 18:53:01.0936 4568 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 18:53:01.0938 4568 MSTEE - ok 18:53:01.0950 4568 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 18:53:01.0952 4568 Mup - ok 18:53:02.0003 4568 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 18:53:02.0007 4568 NativeWifiP - ok 18:53:02.0069 4568 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 18:53:02.0080 4568 NDIS - ok 18:53:02.0118 4568 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 18:53:02.0119 4568 NdisTapi - ok 18:53:02.0133 4568 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 18:53:02.0135 4568 Ndisuio - ok 18:53:02.0154 4568 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 18:53:02.0158 4568 NdisWan - ok 18:53:02.0175 4568 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 18:53:02.0177 4568 NDProxy - ok 18:53:02.0194 4568 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 18:53:02.0203 4568 NetBIOS - ok 18:53:02.0263 4568 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 18:53:02.0268 4568 netbt - ok 18:53:02.0362 4568 netr7364 (118e9136b5b48dd5b2cc81f78431a69e) C:\Windows\system32\DRIVERS\netr7364.sys 18:53:02.0375 4568 netr7364 - ok 18:53:02.0401 4568 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 18:53:02.0403 4568 nfrd960 - ok 18:53:02.0437 4568 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 18:53:02.0440 4568 NisDrv - ok 18:53:02.0511 4568 nmwcdcx64 (216bdf8b1017bb52692c9ee3c1e50597) C:\Windows\system32\drivers\ccdcmbox64.sys 18:53:02.0512 4568 nmwcdcx64 - ok 18:53:02.0532 4568 nmwcdx64 (c9773ef9cbf2877725a45f07396d5da6) C:\Windows\system32\drivers\ccdcmbx64.sys 18:53:02.0534 4568 nmwcdx64 - ok 18:53:02.0560 4568 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 18:53:02.0561 4568 Npfs - ok 18:53:02.0584 4568 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 18:53:02.0585 4568 nsiproxy - ok 18:53:02.0650 4568 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 18:53:02.0674 4568 Ntfs - ok 18:53:02.0689 4568 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 18:53:02.0690 4568 Null - ok 18:53:02.0711 4568 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 18:53:02.0714 4568 nvraid - ok 18:53:02.0737 4568 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 18:53:02.0740 4568 nvstor - ok 18:53:02.0761 4568 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 18:53:02.0764 4568 nv_agp - ok 18:53:02.0772 4568 NwlnkFlt - ok 18:53:02.0783 4568 NwlnkFwd - ok 18:53:02.0825 4568 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 18:53:02.0827 4568 ohci1394 - ok 18:53:02.0861 4568 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 18:53:02.0863 4568 Parport - ok 18:53:02.0896 4568 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 18:53:02.0899 4568 partmgr - ok 18:53:02.0917 4568 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 18:53:02.0922 4568 pci - ok 18:53:02.0940 4568 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys 18:53:02.0942 4568 pciide - ok 18:53:02.0964 4568 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 18:53:02.0968 4568 pcmcia - ok 18:53:03.0009 4568 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys 18:53:03.0011 4568 pcouffin - ok 18:53:03.0043 4568 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 18:53:03.0055 4568 PEAUTH - ok 18:53:03.0124 4568 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 18:53:03.0126 4568 PptpMiniport - ok 18:53:03.0150 4568 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 18:53:03.0152 4568 Processor - ok 18:53:03.0201 4568 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 18:53:03.0203 4568 PSched - ok 18:53:03.0260 4568 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 18:53:03.0280 4568 ql2300 - ok 18:53:03.0306 4568 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 18:53:03.0310 4568 ql40xx - ok 18:53:03.0330 4568 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 18:53:03.0331 4568 QWAVEdrv - ok 18:53:03.0350 4568 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 18:53:03.0351 4568 RasAcd - ok 18:53:03.0366 4568 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:53:03.0371 4568 Rasl2tp - ok 18:53:03.0404 4568 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 18:53:03.0405 4568 RasPppoe - ok 18:53:03.0441 4568 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 18:53:03.0443 4568 RasSstp - ok 18:53:03.0503 4568 rcmirror (1254bd851e51e0e771b0fa2cf926e75e) C:\Windows\system32\DRIVERS\rcmirror.sys 18:53:03.0505 4568 rcmirror - ok 18:53:03.0540 4568 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 18:53:03.0545 4568 rdbss - ok 18:53:03.0568 4568 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:53:03.0569 4568 RDPCDD - ok 18:53:03.0593 4568 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 18:53:03.0600 4568 rdpdr - ok 18:53:03.0608 4568 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 18:53:03.0609 4568 RDPENCDD - ok 18:53:03.0655 4568 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys 18:53:03.0658 4568 RDPWD - ok 18:53:03.0697 4568 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 18:53:03.0699 4568 rspndr - ok 18:53:03.0749 4568 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys 18:53:03.0753 4568 RTL8169 - ok 18:53:03.0780 4568 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 18:53:03.0783 4568 sbp2port - ok 18:53:03.0816 4568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:53:03.0817 4568 secdrv - ok 18:53:03.0844 4568 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 18:53:03.0845 4568 Serenum - ok 18:53:03.0870 4568 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 18:53:03.0873 4568 Serial - ok 18:53:03.0892 4568 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 18:53:03.0894 4568 sermouse - ok 18:53:03.0933 4568 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 18:53:03.0935 4568 sffdisk - ok 18:53:03.0958 4568 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 18:53:03.0959 4568 sffp_mmc - ok 18:53:03.0980 4568 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 18:53:03.0982 4568 sffp_sd - ok 18:53:03.0993 4568 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 18:53:03.0994 4568 sfloppy - ok 18:53:04.0020 4568 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 18:53:04.0022 4568 SiSRaid2 - ok 18:53:04.0041 4568 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 18:53:04.0043 4568 SiSRaid4 - ok 18:53:04.0079 4568 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 18:53:04.0081 4568 Smb - ok 18:53:04.0123 4568 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 18:53:04.0125 4568 spldr - ok 18:53:04.0174 4568 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 18:53:04.0184 4568 srv - ok 18:53:04.0224 4568 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 18:53:04.0228 4568 srv2 - ok 18:53:04.0261 4568 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 18:53:04.0264 4568 srvnet - ok 18:53:04.0299 4568 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 18:53:04.0300 4568 swenum - ok 18:53:04.0321 4568 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 18:53:04.0323 4568 Symc8xx - ok 18:53:04.0339 4568 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 18:53:04.0341 4568 Sym_hi - ok 18:53:04.0356 4568 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 18:53:04.0358 4568 Sym_u3 - ok 18:53:04.0441 4568 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys 18:53:04.0463 4568 Tcpip - ok 18:53:04.0492 4568 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys 18:53:04.0506 4568 Tcpip6 - ok 18:53:04.0521 4568 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys 18:53:04.0523 4568 tcpipreg - ok 18:53:04.0544 4568 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 18:53:04.0546 4568 TDPIPE - ok 18:53:04.0577 4568 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 18:53:04.0579 4568 TDTCP - ok 18:53:04.0623 4568 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 18:53:04.0625 4568 tdx - ok 18:53:04.0663 4568 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 18:53:04.0664 4568 TermDD - ok 18:53:04.0738 4568 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:53:04.0739 4568 tssecsrv - ok 18:53:04.0747 4568 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 18:53:04.0749 4568 tunmp - ok 18:53:04.0776 4568 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 18:53:04.0777 4568 tunnel - ok 18:53:04.0806 4568 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 18:53:04.0808 4568 uagp35 - ok 18:53:04.0839 4568 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 18:53:04.0844 4568 udfs - ok 18:53:04.0878 4568 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 18:53:04.0880 4568 uliagpkx - ok 18:53:04.0918 4568 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 18:53:04.0923 4568 uliahci - ok 18:53:04.0965 4568 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 18:53:04.0968 4568 UlSata - ok 18:53:04.0996 4568 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 18:53:04.0999 4568 ulsata2 - ok 18:53:05.0020 4568 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 18:53:05.0021 4568 umbus - ok 18:53:05.0075 4568 upperdev (f49988fbf59413b974b1380d6f743ebc) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 18:53:05.0076 4568 upperdev - ok 18:53:05.0125 4568 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys 18:53:05.0127 4568 USBAAPL64 - ok 18:53:05.0171 4568 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 18:53:05.0173 4568 usbccgp - ok 18:53:05.0204 4568 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 18:53:05.0206 4568 usbcir - ok 18:53:05.0254 4568 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 18:53:05.0255 4568 usbehci - ok 18:53:05.0288 4568 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 18:53:05.0293 4568 usbhub - ok 18:53:05.0311 4568 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 18:53:05.0313 4568 usbohci - ok 18:53:05.0345 4568 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 18:53:05.0347 4568 usbprint - ok 18:53:05.0365 4568 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 18:53:05.0367 4568 usbscan - ok 18:53:05.0383 4568 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys 18:53:05.0393 4568 usbser - ok 18:53:05.0410 4568 UsbserFilt (0fe9e048fc762dcac087cb9ee1680079) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys 18:53:05.0412 4568 UsbserFilt - ok 18:53:05.0436 4568 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:53:05.0438 4568 USBSTOR - ok 18:53:05.0493 4568 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 18:53:05.0495 4568 usbuhci - ok 18:53:05.0522 4568 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 18:53:05.0524 4568 vga - ok 18:53:05.0533 4568 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 18:53:05.0536 4568 VgaSave - ok 18:53:05.0559 4568 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 18:53:05.0561 4568 viaide - ok 18:53:05.0573 4568 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 18:53:05.0576 4568 volmgr - ok 18:53:05.0608 4568 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 18:53:05.0615 4568 volmgrx - ok 18:53:05.0636 4568 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 18:53:05.0642 4568 volsnap - ok 18:53:05.0676 4568 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 18:53:05.0680 4568 vsmraid - ok 18:53:05.0722 4568 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 18:53:05.0724 4568 WacomPen - ok 18:53:05.0761 4568 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 18:53:05.0763 4568 Wanarp - ok 18:53:05.0771 4568 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 18:53:05.0773 4568 Wanarpv6 - ok 18:53:05.0802 4568 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 18:53:05.0803 4568 Wd - ok 18:53:05.0850 4568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:53:05.0861 4568 Wdf01000 - ok 18:53:05.0955 4568 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys 18:53:05.0957 4568 WinUSB - ok 18:53:06.0010 4568 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 18:53:06.0011 4568 WmiAcpi - ok 18:53:06.0080 4568 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 18:53:06.0082 4568 WpdUsb - ok 18:53:06.0106 4568 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 18:53:06.0107 4568 ws2ifsl - ok 18:53:06.0147 4568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 18:53:06.0151 4568 WudfPf - ok 18:53:06.0176 4568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:53:06.0180 4568 WUDFRd - ok 18:53:06.0255 4568 MBR (0x1B8) (d6ba8bd1e351710a091ac298ef15c30f) \Device\Harddisk0\DR0 18:53:06.0278 4568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 18:53:06.0278 4568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 18:53:06.0305 4568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 18:53:06.0311 4568 \Device\Harddisk1\DR1 - ok 18:53:06.0317 4568 Boot (0x1200) (c12cacc419cd20f87ab1f6addb039b77) \Device\Harddisk0\DR0\Partition0 18:53:06.0319 4568 \Device\Harddisk0\DR0\Partition0 - ok 18:53:06.0363 4568 Boot (0x1200) (2a7ac89c3fc17aed97b7e75cec596a5f) \Device\Harddisk0\DR0\Partition1 18:53:06.0365 4568 \Device\Harddisk0\DR0\Partition1 - ok 18:53:06.0369 4568 Boot (0x1200) (e0f734d056dccb1fc5aea2ef517d92fb) \Device\Harddisk1\DR1\Partition0 18:53:06.0371 4568 \Device\Harddisk1\DR1\Partition0 - ok 18:53:06.0373 4568 ============================================================ 18:53:06.0373 4568 Scan finished 18:53:06.0373 4568 ============================================================ 18:53:06.0392 0320 Detected object count: 1 18:53:06.0392 0320 Actual detected object count: 1 18:53:23.0461 0320 \Device\Harddisk0\DR0\# - copied to quarantine 18:53:23.0462 0320 \Device\Harddisk0\DR0 - copied to quarantine 18:53:23.0498 0320 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 18:53:23.0500 0320 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 18:53:23.0504 0320 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:53:23.0508 0320 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:53:23.0520 0320 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 18:53:23.0528 0320 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 18:53:23.0529 0320 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 18:53:23.0530 0320 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 18:53:23.0531 0320 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 18:53:23.0533 0320 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 18:53:23.0535 0320 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 18:53:23.0537 0320 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 18:53:23.0538 0320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 18:53:23.0539 0320 \Device\Harddisk0\DR0 - ok 18:53:23.0744 0320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 18:54:15.0273 4532 Deinitialize success QuickScan 32-bit v0.9.9.111 --------------------------- Scan date: Thu Mar 15 19:03:35 2012 Machine ID: 6010BCC1 No infection found. ------------------- Processes --------- hpwuSchd Application 3440 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe Adobe Reader and Acrobat Manager 3500 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Apple Mobile Device Service 832 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Audible Download Manager 3340 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe CyberLink MediaLibray Service 3424 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe CyberLink PowerCinema 3416 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FABS - file change and backup server 1160 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe HP Advisor 3296 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe HP DVDSmart 3432 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe hpsysdrv Application 3348 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe iTunes 3476 C:\Program Files (x86)\iTunes\iTunesHelper.exe Java Platform SE Auto Updater 2 0 4428 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe Java Platform SE Auto Updater 2 0 3460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe LightScribe 2304 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe RAID Event Monitor 3224 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe RAID Monitor 2988 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe TomTom HOME 3304 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe TomTom HOME 2652 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe Windows® Internet Explorer 3248 C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows® Internet Explorer 4696 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) Bonjour 1700 C:\Program Files (x86)\Bonjour\mDNSResponder.exe Network activity ---------------- Process jucheck.exe (4428) connected on port 80 (HTTP) --> 208.50.81.226 Process iexplore.exe (4696) connected on port 80 (HTTP) --> 184.24.207.139 Process iexplore.exe (4696) connected on port 80 (HTTP) --> 174.76.226.18 Process iexplore.exe (4696) connected on port 80 (HTTP) --> 74.125.224.41 Process iexplore.exe (4696) connected on port 80 (HTTP) --> 74.125.224.41 Autoruns and critical files --------------------------- hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Audible Download Manager C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe CyberLink MediaLibray Service C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe CyberLink PowerCinema C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe Default Manager c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe HP Advisor C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe HP DVDSmart C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe HP Health Check Scheduler c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Microsoft Office 2000 C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe Microsoft® Windows® Operating System c:\windows\system32\browseui.dll Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr MUI StartMenu Application c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe MUI StartMenu Application c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe MUI StartMenu Application c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe MUI StartMenu Application c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe TomTom HOME C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe Windows® Internet Explorer c:\windows\syswow64\webcheck.dll (verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe (verified) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe Browser plugins --------------- AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Bonjour C:\Program Files\Bonjour\mdnsNSP.dll Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll Hewlett-Packard Online Support Services C:\Windows\Downloaded Program Files\HPISDataManager.dll Java Deployment Toolkit 6.0.210.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll Java Platform SE 6 U21 c:\program files (x86)\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U21 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll MSN® Toolbar c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll NPCIG.dll C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Photodex Presenter Plugin C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll Veetle TV Core C:\Program Files (x86)\Veetle\plugins\npVeetle.dll Veetle TV Player C:\Program Files (x86)\Veetle\Player\npvlc.dll Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer c:\windows\syswow64\ieframe.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll Scan ---- MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll MD5: 826ddbbca98f2e6cd1dfe33cef33994c C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe MD5: 0467b9e5c7b38b3c00927d5707abbece C:\Program Files (x86)\Audible\Bin\AAXSDKWin.dll MD5: 274d7d5fea95a5c48d13b6cdc99d49d4 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe MD5: 8ba469072b5a692b659f856c7e97a230 C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe MD5: db1a23ee7dd2e5e04e7de071a6bef699 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe MD5: 0553190acc65fa705a2a4be193728295 c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll MD5: 344d0fc67eb8a7d307b6c4898537617d c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll MD5: dfeff67508d3a9aeb1a85d7b0f513b24 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe MD5: b8eac4507eb4655377b1e094fce7f12e C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe MD5: 0436535f8f37650bd4dadc3397cbee3e C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe MD5: fff1130f7c9fa01d093a1edfc5cce8fc C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe MD5: d4531b9b73b990dc53b4a765e3bd070a C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll MD5: 6efb6bf6786ae9b2698d1adb5aab8f73 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonInterfaces.dll MD5: 5fa6f89c319a0ec4a3eacfe801c6cb67 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonUtility.dll MD5: c8d679922dff3da914b55e352f959c0d C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.dll MD5: 1b29f9d1fef53a1a1c93827f494b3434 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe MD5: f8473e5ffe1a8c27bd6bfc74ea8649a8 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MD5: f1244e81e46546b0f149265d8b6d2d6a C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MD5: af2d7790af663ad368a70807f81d39db C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MD5: b7837053d4ed1e0e859eaf196f14eca6 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MD5: 20a771958db2b8ca4372eb95f59fdf3f C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Common.dll MD5: 7868ed46c34a1b36bea10560f453598f C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll MD5: eab6bf6676aca731199a35a13d1624a2 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MD5: 21d627dff9d91716bbed332ff599114d C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll MD5: d1ff91e5d243a1f9632a8d2f9b264271 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.ObjectBuilder.dll MD5: 31dea5a67ca4c264cec3bf610e7c2ead C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll MD5: aad1d1ec24aa9ccc508fec685ccfebea C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MD5: d25138109f80975e46355013a25cb0c4 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MD5: 1ed99a136fc6d36b8f6546f521bd8409 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll MD5: eb132a624f129fd86b73ab29605c89e4 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MD5: 804179071a78f65ca0b0e1c4cd3a11c2 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SystemStatus.dll MD5: 0c8a70bc3baaf7bf69dca495c1e1ab79 c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MD5: aa9ef0b395097f24d289f64445b2fd2e c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe MD5: f0e2d55bb5c7e106e92df972c1b277a6 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe MD5: afb5637f97b897c29fab2dcdfb20eb24 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\Common\CLRCEngine3.dll MD5: 42e0ac0cc0a59ac3015426ed4c268dab C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MD5: 017335c7aefa8ed76750db95a78d6bfa C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe MD5: 30c295d19dbfa6fd5085383c6bdc92f8 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Common\CLRCEngine3.dll MD5: 7d6e8a3b62d9c612d1fc6d15f0ac10c9 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\CBS.dll MD5: 632d26889ba961e71e469dd86e48db38 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\HwCtrlMgr.dll MD5: cd441bf2f5cfd46b5105891ddffdfba2 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe MD5: db3d8979064ce299927cc1da57e9a659 C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe MD5: 690a6df02625a46abee250c6151b7fba C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe MD5: 3ca446212e92933f118041ae6a30e89e C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll MD5: ff54a05cd0d8cade6afb9a40cd52e635 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll MD5: 055e69b5e4841098a4eae04ee7eeb0a2 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe MD5: f79525634b192f5a18de503568f94ef3 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe MD5: c19087a83eaf9120ab4a48c994c1db15 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe MD5: 3d811bf538d6f359735d757c94f484b6 C:\Program Files (x86)\Internet Explorer\msdbg2.dll MD5: 3ca2dfd1ee857cde7dccf4235f52d142 C:\Program Files (x86)\Internet Explorer\pdm.dll MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll MD5: 68a553bdfa855c4f1074696682fcdeb6 C:\Program Files (x86)\iTunes\iTunesHelper.exe MD5: 50083450c9ac100ad0ffcc0862120dd1 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll MD5: fdc1f94b79d3c08e5d66341e3cd6688e C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE MD5: 32c9e8f42348343d72013165ea86a3c6 C:\Program Files (x86)\Microsoft Security Client\Antimalware\MpOAv.dll MD5: ed327201724ea05d509b7939abe49e98 C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll MD5: da41104dbaae7c2508601a4b15b475e5 c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll MD5: 795289e4f6b9b9de61672ebe9e27c316 c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll MD5: f9c2d44bd6d0cf4e5615c9c4be310f9c C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll MD5: 3fe1c696e0e8425364bffab9893a9012 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts MD5: a847b258d12b6d1bb124bd5debb05162 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe MD5: efef22b9577e5051057fde1ae381b50c C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe MD5: 8e753b080e0a0cf0b4651187d414059f C:\Program Files (x86)\Veetle\Player\npvlc.dll MD5: 3152ec8d9f60c4a5ae76fe20d90e10d7 C:\Program Files (x86)\Veetle\plugins\npVeetle.dll MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files (x86)\Windows Defender\MpOav.dll MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll MD5: 20d2447795d9910bb4b89e5fb8147f0b C:\Program Files\Bonjour\mdnsNSP.dll MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE MD5: 006597773be583d1ccf6a913477937e0 C:\Program Files\iPod\bin\iPodService.exe MD5: 734088cb57aea704ca716c1c6bc5e0e6 C:\Program Files\LSI SoftModem\agr64svc.exe MD5: 157e9e498206a3366baa7e4697bdd947 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe MD5: 566ddd5d82520da01d75f81428ac4c38 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe MD5: 8b84b3ecfb9d6b50b989d6db8143f365 C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe MD5: b6a7e7f43234bfa6a8e6cc4110cb9448 C:\Program Files\Windows Media Player\WMPNSCFG.exe MD5: 9c5a0f070196b601d629f5ba9aa921f8 C:\Program Files\Windows Sidebar\sidebar.exe MD5: 83b6ca03c846fcd47f9883d77d1eb27b C:\Program Files\Zune\WMZuneComm.exe MD5: 67b787c34fb2888d01b130ae007042d8 C:\Program Files\Zune\ZuneNss.exe MD5: 4d89fc1c20cf655739efac5da81a67bc C:\Program Files\Zune\ZuneWlanCfgSvc.exe MD5: 1e345f2a2d95da3190596e691cde9342 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE MD5: cf16c9c9a95c71c4a44918b3d672b54e C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MD5: 534760d947665da0a80bb1a208fb9ede C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll MD5: 81b65fa4daa14ff78b55b1c2d7cb9eeb C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll MD5: db26005d7ec9977b323b4c21df6ef73d C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll MD5: 22ddc71d46da59543544dcdffb12419a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MD5: 80bafb07cf325f12bfec0e1a8f9c77a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll MD5: 906dea90dc88b73901a466e159b3fde1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll MD5: 9ce94dfd13ea911980377f4bff94749c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll MD5: 315e0f6f1f8b1494c37a99ba250007c9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MD5: d129c44d59d987c688a8c5b503dadb45 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll MD5: 7758995e4d52bc33520d3781eb2e6093 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll MD5: 16449b83b5e91af1e712e2049dc0b98b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MD5: e60cd8df35eb4a9c952af381fef51af3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MD5: f5ce3d5189297b3963c4ab27d3cd1e6c C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll MD5: 2ab4f7cd23069cbb6b8332ef8027360b C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll MD5: 50c0949e6219214df11d7519e5052c3b C:\Windows\Downloaded Program Files\HPISDataManager.dll MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\Windows\Downloaded Program Files\qsax.dll MD5: 14ce384d2e27b64c256bda4dc39c312d C:\Windows\ehome\ehRecvr.exe MD5: b93159c1313d66fdfbbe876f5189cd52 C:\Windows\ehome\ehsched.exe MD5: f5ee2527d74449868e3c3227a59bcd28 C:\Windows\ehome\ehstart.dll MD5: 65437dad4f238ea9549408a783002222 C:\Windows\ehome\ehTray.exe MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe MD5: 74751dda198165947fd7454d83f49825 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: 35a936c7c029a5b705d3ffd40518d660 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\BCRYPT.dll MD5: 83adc95272b048dfd1563e0ea0f269fb C:\Windows\system32\cewmdm.dll MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe MD5: 17f41229e141db1412a3b174a567d71e C:\Windows\system32\d2d1.dll MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll MD5: 1c0e15ea80a815494c0a3d471c823ccf C:\Windows\system32\d3d10_1.dll MD5: 8f14591f6dc35192e2844306a12d41ff C:\Windows\system32\d3d10_1core.dll MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll MD5: 4a2e5e1e37aa56773bfd5bc82d36d2ec C:\Windows\system32\D3D10Warp.dll MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll MD5: c790b4593c0b48bb1888880fe89bc09b C:\Windows\system32\DWrite.dll MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll MD5: 0ff4adc942a9353c4aeb1d06eb22b34f C:\Windows\system32\igdumd32.dll MD5: 67cf6b23bdade026acfbebbe24148738 C:\Windows\system32\igdumdx32.dll MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL MD5: a1793136ed32c13adb3740a6557b3d84 C:\Windows\system32\MFC71U.DLL MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll MD5: b1c5adf56c4d47833d32d06a02d4e184 C:\Windows\system32\MSVCP71.dll MD5: fefc51a19141a9a911b1e161a6662ced C:\Windows\system32\MSVCR71.dll MD5: 915d3430fe926376dd942ae45a9a1665 C:\Windows\system32\mswmdm.dll MD5: 39ba737ebf8e7da1cd019fe95333fd70 C:\Windows\system32\Mystify.scr MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\System32\shdocvw.dll MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\T2EMBED.DLL MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\uxtheme.dll MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\system32\WINHTTP.dll MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV MD5: 9f1fac04a274adf9f65f9e1b851bdb1e C:\Windows\system32\wmdmps.dll MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\xmllite.dll MD5: 0d0e5281784c2c526ba43c2ecd374288 C:\Windows\SysWOW64\drivers\Afc.sys MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\syswow64\msvcrt.dll MD5: 6aaf63a85181e39f94ec0641c55a4ef0 C:\Windows\SysWOW64\ntdll.dll MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\syswow64\OLEAUT32.dll MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll MD5: da61f5c012a646771587a8cb9c0ae590 C:\Windows\SysWOW64\schannel.dll MD5: 3a5adb89f057cd7b5a229f1ace53fdf6 C:\Windows\syswow64\Secur32.dll MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 0.68 KB recvd Scanned 382 files and modules - 53 seconds ==============================================================================
  12. Logfile of random's system information tool 1.09 (written by random/random) Run by H at 2012-03-15 18:38:41 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 249 GB (42%) free of 596 GB Total RAM: 6133 MB (65% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:38:48 PM, on 3/15/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\H.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UPnPService - Magix AG - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10571 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\LSI SoftModem\agr64svc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" "C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE" "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe" WLIDSvcM.exe 2392 "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e96ceb24-497d-49a7-92d9-9de9531d263b -SystemEventPortName:HostProcess-9e33d973-a39b-4775-9662-24538968d305 -IoCancelEventPortName:HostProcess-77b0192e-bb45-4fd1-9223-bedb624162de -NonStateChangingEventPortName:HostProcess-70206ed7-5c71-4fe7-a8c0-5f97e1b5e304 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3e675d7b-beb4-4c8d-a480-d0e79cfecd6d "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" taskeng.exe {8C12CB59-0C1B-48A9-BEF4-9EDF553EA6D6} -netsvcs "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE taskeng.exe {24E8912B-5B18-4699-8A1C-0D5B7081D73E} "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Zune\ZuneLauncher.exe" "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "C:\Windows\ehome\ehtray.exe" "C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe" /Startup "C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe" "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" "C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Windows\system32\igfxsrvc.exe -Embedding "C:\Program Files\Windows Media Player\wmpnscfg.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files\iPod\bin\iPodService.exe" "C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE" -Embedding C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto C:\Windows\system32\sdclt.exe /DETECTFAILURE C:\Windows\system32\svchost.exe -k SDRSVC splwow64 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe16_ Global\UsGthrCtrlFltPipeMssGthrPipe16 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648 "C:\Users\H\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\PCDRScheduledMaintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HP Remote Software"=C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [2009-02-06 172032] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 154648] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 227352] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 202264] "SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-03-05 915512] "IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736] "Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968] "HPADVISOR"=c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-04-03 1644088] "TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240] "WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768] "HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016] "UpdateP2GoShortCut"=c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "UpdateLBPShortCut"=c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "UpdatePDIRShortCut"=c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "UpdatePSTShortCut"=c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216] "TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2009-04-09 1328424] "CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-04-09 185640] "DVDAgent"=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-19 1148200] "HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] "Microsoft Default Manager"=c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-11-12 141600] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2012-01-13 1081416] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Audible Download Manager.lnk - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-26 230400] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutorun"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-03-15 18:38:41 ----D---- C:\rsit 2012-03-15 18:38:41 ----D---- C:\Program Files\trend micro 2012-03-15 18:33:27 ----D---- C:\Program Files (x86)\ERUNT 2012-03-15 16:38:32 ----N---- C:\Windows\svchost.exe 2012-03-14 19:08:59 ----D---- C:\Windows\Microsoft Antimalware 2012-03-14 03:03:00 ----A---- C:\Windows\system32\MRT.INI 2012-03-13 22:22:24 ----A---- C:\Windows\system32\win32k.sys 2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll 2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll 2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d2d1.dll 2012-03-13 22:22:23 ----A---- C:\Windows\system32\DWrite.dll 2012-03-13 22:22:23 ----A---- C:\Windows\system32\d3d10warp.dll 2012-03-13 22:22:23 ----A---- C:\Windows\system32\d3d10_1core.dll 2012-03-13 22:22:22 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll 2012-03-13 22:22:22 ----A---- C:\Windows\system32\d3d10_1.dll 2012-03-13 22:22:22 ----A---- C:\Windows\system32\d2d1.dll 2012-03-13 22:22:21 ----A---- C:\Windows\system32\rdpencom.dll 2012-03-13 22:22:20 ----A---- C:\Windows\SYSWOW64\rdpencom.dll 2012-03-13 22:22:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys 2012-02-29 16:18:10 ----D---- C:\Windows\system32\Macromed ======List of files/folders modified in the last 1 month====== 2012-03-15 18:38:41 ----RD---- C:\Program Files 2012-03-15 18:38:10 ----D---- C:\Windows\temp 2012-03-15 18:35:10 ----D---- C:\Windows\ERDNT 2012-03-15 18:33:27 ----RD---- C:\Program Files (x86) 2012-03-15 18:07:50 ----D---- C:\Windows\System32 2012-03-15 18:07:50 ----D---- C:\Windows\inf 2012-03-15 18:07:50 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-03-15 18:07:15 ----D---- C:\Windows\Prefetch 2012-03-15 16:38:32 ----D---- C:\Windows 2012-03-15 16:19:26 ----SHD---- C:\System Volume Information 2012-03-15 16:09:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-15 16:09:38 ----D---- C:\Windows\system32\drivers 2012-03-14 17:46:09 ----SD---- C:\ProgramData\Microsoft 2012-03-14 03:31:06 ----D---- C:\Windows\winsxs 2012-03-14 03:25:23 ----D---- C:\Windows\Microsoft.NET 2012-03-14 03:21:00 ----D---- C:\Windows\system32\catroot 2012-03-14 03:18:37 ----D---- C:\Windows\SysWOW64 2012-03-14 03:18:36 ----D---- C:\Program Files\Windows Mail 2012-03-14 03:18:36 ----D---- C:\Program Files (x86)\Windows Mail 2012-03-14 03:00:51 ----A---- C:\Windows\system32\mrt.exe 2012-03-13 22:22:10 ----D---- C:\Windows\system32\catroot2 2012-03-13 17:28:28 ----D---- C:\Users\H\AppData\Roaming\Amazon 2012-03-13 03:17:34 ----RSD---- C:\Windows\assembly 2012-03-13 03:07:06 ----SHD---- C:\Windows\Installer 2012-02-18 15:16:13 ----D---- C:\Program Files (x86)\Mozilla Firefox 2012-02-18 15:09:46 ----D---- C:\Program Files (x86)\Microsoft Silverlight ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2008-12-04 407064] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440] R1 MpKslf8e589f0;MpKslf8e589f0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys [2012-03-15 35664] R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-09-18 22784] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-01-20 1254400] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2010-02-04 34152] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-02-26 10276352] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-02-11 1708192] R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2011-06-26 575488] R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-07-15 82816] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2009-01-20 195584] R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 112128] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 172544] S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-20 58496] S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-20 48768] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144] S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-20 61568] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936] S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552] S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432] S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-09 5120] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2009-08-28 49152] S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-10 32768] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704] S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 36864] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2008-08-26 16896] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464] R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648] R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 660256] R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2008-12-08 242424] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-07-04 68096] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968] S3 UPnPService;UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864] S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-03-15 18:38:49 ======Uninstall list====== -->"C:\Program Files (x86)\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\4 Elements\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Bejeweled Twist\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Bus Driver\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Farm Mania\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Final Drive Nitro\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Mahjongg Artifacts\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe" -->C:\Program Files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} ActionOutline Pro 3.0-->"C:\Program Files (x86)\ActionOutline\unins000.exe" ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe -maintain plugin Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 9.4.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001} Agere Systems PCI-SV92EX Soft Modem-->C:\Windows\agrsmdel Amazon MP3 Downloader 1.0.12-->C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{9EFC40E3-5F31-4F75-8445-286273F74D8E} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 6-->C:\Program Files (x86)\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}\setup.exe" -l0x9 ArcSoft Print Creations-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9 Audible Download Manager-->C:\Program Files (x86)\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9 Belkin 54Mbps Wireless Network Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}\setup.exe -runfromtemp -l0x0009 -removeonly Bonjour-->MsiExec.exe /I{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD} CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon iP4800 series Printer Driver-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series /L0x0009 Canon MOV Decoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini" Canon MOV Encoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon RAW Codec-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\RAWCodec170\CRCUnInstall.ini" Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Utilities CameraWindow-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini" Canon Utilities Digital Photo Professional 3.6-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Digital Photo Professional\Uninst.ini" Canon Utilities EOS Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Utility\Uninst.ini" Canon Utilities MyCamera-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\MyCamera\Uninst.ini" Canon Utilities PhotoStitch-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\PhotoStitch\Uninst.ini" Canon Utilities Picture Style Editor-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Picture Style Editor\Uninst.ini" Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities WFT-E1/E2/E3/E4 Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\WFT Utility\Uninst.ini" Canon Utilities ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini" Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Default Manager-->MsiExec.exe /I{AE469025-08BA-4B2A-915D-CC7765132419} DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe" DVDFab 6.0.2.2 (June 26, 2009)-->"C:\Program Files (x86)\DVDFab 6\unins000.exe" EPSON CX9400 User's Guide-->C:\Program Files (x86)\epson\guide\cx9400_e\uninstall.exe EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\x64\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r EPSON Stylus CX9400Fax Series Scanner Driver Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}\Setup.exe" -l0x9 ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4} FixRedirectVirus-->"C:\Program Files (x86)\FixRedirectVirus\uninstall.exe" "/U:C:\Program Files (x86)\FixRedirectVirus\Uninstall\uninstall.xml" GEAR driver installer for x86 and x64-->MsiExec.exe /I{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77} Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" HP Active Support Library-->"C:\Program Files (x86)\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538} HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe" HP MediaSmart Demo-->"C:\ProgramData\Hewlett-Packard\HP MediaSmart Demo\unins000.exe" HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS HP MediaSmart SmartMenu-->MsiExec.exe /I{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA} HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B} HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4} HP Remote Software-->MsiExec.exe /X{5F240DB8-0D74-4F13-86C3-929760392A8D} HP Total Care Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42} HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe" Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{C9C243B9-03BD-44BA-A592-AB09630AE2D2} Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86} Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall Magic Audio Recorder v7.4.0.11-->"C:\Program Files (x86)\Magic Audio Recorder\unins000.exe" MAGIX MP3 Maker 15 Download version 10.0.0.317 (UK)-->C:\Program Files (x86)\MAGIX\MP3_Maker_15_Download_version\unwise.exe MAGIX Screenshare 4.3.6.1987 (UK)-->C:\Program Files (x86)\MAGIX\PCVisit\unwise.exe Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5} Microsoft Live Search Toolbar-->c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall Microsoft Live Search Toolbar-->MsiExec.exe /X{C79BF5BB-5671-41C0-A028-E9A2097D1AAD} Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7} Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30} Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f} Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729-->MsiExec.exe /X{4FFA2088-8317-3B14-93CD-4C699DB37843} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetupx64.dll,DoNTUninst Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\remove.exe PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032} Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall Python 2.6 pywin32-212-->"C:\program files (x86)\Python\Removepywin32.exe" -u "C:\program files (x86)\Python\pywin32-wininst.log" Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223} Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5} QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA} TomTom HOME 2.8.2.2264-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Veetle TV 0.9.15-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1} Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Mobile Device Updater Component-->MsiExec.exe /X{F2CB8C3C-9C9E-4FAB-9067-655601C5F748} Zune Language Pack (CHS)-->MsiExec.exe /X{2A9DFFD8-4E09-4B91-B957-454805B0D7C4} Zune Language Pack (CHT)-->MsiExec.exe /X{A5A53EA8-A11E-49F0-BDF5-AE536426A31A} Zune Language Pack (CSY)-->MsiExec.exe /X{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3} Zune Language Pack (DAN)-->MsiExec.exe /X{8B112338-2B08-4851-AF84-E7CAD74CEB32} Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E} Zune Language Pack (ELL)-->MsiExec.exe /X{3589A659-F732-4E65-A89A-5438C332E59D} Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10} Zune Language Pack (FIN)-->MsiExec.exe /X{B4870774-5F3A-46D9-9DFE-06FB5599E26B} Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A} Zune Language Pack (HUN)-->MsiExec.exe /X{C6BE19C6-B102-4038-B2A6-1C313872DBB4} Zune Language Pack (IND)-->MsiExec.exe /X{92ECE3F9-591E-4C12-8A62-B9FCE38BF646} Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA} Zune Language Pack (JPN)-->MsiExec.exe /X{D8A781C9-3892-4E2E-9320-480CF896CFBB} Zune Language Pack (KOR)-->MsiExec.exe /X{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741} Zune Language Pack (MSL)-->MsiExec.exe /X{76BA306B-2AA0-47C0-AB6B-F313AB56C136} Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2} Zune Language Pack (NOR)-->MsiExec.exe /X{5DEFD397-4012-46C3-B6DA-E8013E660772} Zune Language Pack (PLK)-->MsiExec.exe /X{8960A0A1-BB5A-479E-92CF-65AB9D684B43} Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9} Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4} Zune Language Pack (RUS)-->MsiExec.exe /X{57C51D56-B287-4C11-9192-EC3C46EF76A4} Zune Language Pack (SVE)-->MsiExec.exe /X{6EB931CD-A7DA-4A44-B74A-89C8EB50086F} Zune-->C:\Program Files\Zune\ZuneSetup.exe /x Zune-->MsiExec.exe /X{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: H-PC Event Code: 4374 Message: Windows Servicing identified that package KB2505189(Update) is not applicable for this system Record Number: 173034 Source Name: Microsoft-Windows-Servicing Time Written: 20110324100109.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: H-PC Event Code: 4374 Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system Record Number: 172914 Source Name: Microsoft-Windows-Servicing Time Written: 20110324100025.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: H-PC Event Code: 4374 Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system Record Number: 172913 Source Name: Microsoft-Windows-Servicing Time Written: 20110324100025.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: H-PC Event Code: 4374 Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system Record Number: 172907 Source Name: Microsoft-Windows-Servicing Time Written: 20110324100025.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: H-PC Event Code: 10010 Message: The server {738F20C7-539E-4A7D-AE00-D6803513A4BB} did not register with DCOM within the required timeout. Record Number: 172789 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20110324012658.000000-000 Event Type: Error User: =====Application event log===== Computer Name: H-PC Event Code: 400 Message: Timestamp: 09/11/2009 19:24:38.634; Category: FATAL; Priority:(4); Win32 Thread Id: [2108]; Message: Unhandled Exception: System.Runtime.InteropServices.COMException (0x88980406): Exception from HRESULT: 0x88980406 at System.Windows.Media.Composition.DUCE.Channel.SyncFlush() at System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel) at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget, Nullable`1 channelSet) at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget) at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr lParam) at System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr wparam, IntPtr lparam) at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler); EventId: 400; Severity: Critical; Machine: H-PC; Application Domain: HPAdvisor.exe; Process Id: 2104; Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended Properties: Record Number: 4896 Source Name: HP Advisor Time Written: 20090912022438.000000-000 Event Type: Error User: Computer Name: H-PC Event Code: 400 Message: Timestamp: 09/11/2009 05:30:08.995; Category: FATAL; Priority:(4); Win32 Thread Id: [2108]; Message: System.NullReferenceException: Object reference not set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400; Severity: Critical; Machine: H-PC; Application Domain: HPAdvisor.exe; Process Id: 2104; Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended Properties: Record Number: 4881 Source Name: HP Advisor Time Written: 20090911123009.000000-000 Event Type: Error User: Computer Name: H-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 4880 Source Name: Microsoft-Windows-WMI Time Written: 20090911123003.000000-000 Event Type: Error User: Computer Name: H-PC Event Code: 400 Message: Timestamp: 09/10/2009 06:40:41.149; Category: FATAL; Priority:(4); Win32 Thread Id: [3864]; Message: System.NullReferenceException: Object reference not set to an instance of an object. at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type) at HPAdvisor.MainFrame.Business.SearchManager.Initialize(); EventId: 400; Severity: Critical; Machine: H-PC; Application Domain: HPAdvisor.exe; Process Id: 3860; Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe; Extended Properties: Record Number: 4841 Source Name: HP Advisor Time Written: 20090910134041.000000-000 Event Type: Error User: Computer Name: H-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 4840 Source Name: Microsoft-Windows-WMI Time Written: 20090910134028.000000-000 Event Type: Error User: =====Security event log===== Computer Name: H-PC Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e927c Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 163478 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111012124150.626515-000 Event Type: Audit Success User: Computer Name: H-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e927c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: KIM2-PC Source Network Address: fe80::6c65:f46:3750:5399 Source Port: 53567 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 163477 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111012124150.610915-000 Event Type: Audit Success User: Computer Name: H-PC Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e926c Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 163476 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111012124150.423715-000 Event Type: Audit Success User: Computer Name: H-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e926c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: KIM2-PC Source Network Address: fe80::6c65:f46:3750:5399 Source Port: 53566 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 163475 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111012124150.423715-000 Event Type: Audit Success User: Computer Name: H-PC Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7de367 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 163474 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111012121002.699715-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Python;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=HPD "PCBRAND"=Pavilion "MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8} "CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF-----------------
  13. Hello, Microsoft Security Essentials indicatates I've got the Alureon Trojan. I've ran Malwarebytes and it says I've got a trojan SVChost. I can't seem to get them removed. I'd appreciate any help you can provide. Thanks . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21 Run by H at 16:53:45 on 2012-03-15 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4071 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\taskeng.exe -netsvcs C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\sdclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{22495898-5C40-4242-A868-481870BBACDD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 MpKslf8e589f0;MpKslf8e589f0;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys [2012-3-15 35664] R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-2-3 1155072] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?] S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?] S3 UPnPService;UPnPService;C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-11-2 548864] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-03-15 23:38:32 20480 ------w- C:\Windows\svchost.exe 2012-03-15 23:37:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\offreg.dll 2012-03-15 23:37:37 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys 2012-03-15 23:19:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\mpengine.dll 2012-03-15 02:08:59 -------- d-----w- C:\Windows\Microsoft Antimalware 2012-02-15 06:16:08 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-15 06:16:08 621056 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-15 06:16:05 404992 ----a-w- C:\Windows\System32\drivers\afd.sys . ==================== Find3M ==================== . 2012-02-29 23:18:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll 2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-09 16:16:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll 2012-01-09 14:27:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys . ============= FINISH: 16:54:56.47 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/28/2009 7:33:43 AM System Uptime: 3/15/2012 4:37:10 PM (0 hours ago) . Motherboard: PEGATRON CORPORATION | | Benicia Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 1200/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 582 GiB total, 242.898 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.368 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 932 GiB total, 412.799 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint ActionOutline Pro 3.0 ActiveCheck component for HP Active Support Library Adobe Flash Player 10 ActiveX Adobe Photoshop 7.0 Adobe Reader 9.4.7 Amazon MP3 Downloader 1.0.12 Apple Application Support Apple Software Update ArcSoft PhotoImpression 6 ArcSoft PhotoStudio 5.5 ArcSoft Print Creations Audible Download Manager Belkin 54g USB Network Adapter Belkin 54Mbps Wireless Network Adapter CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Codec Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.6 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities WFT-E1/E2/E3/E4 Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe D3DX10 Default Manager DirectX for Managed Code Update (Summer 2004) DVD Shrink 3.2 DVDFab 6.0.2.2 (June 26, 2009) EPSON CX9400 User's Guide EPSON Scan EPSON Stylus CX9400Fax Series Scanner Driver Update Firebird SQL Server - MAGIX Edition FixRedirectVirus GEAR driver installer for x86 and x64 Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Advisor HP Customer Experience Enhancements HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP Odometer HP Picasso Media Center Add-In HP Recovery Manager RSS HP Support Information HP Total Care Setup HP Update HPAsset component for HP Active Support Library ImgBurn Java Auto Updater Java 6 Update 21 Junk Mail filter update LabelPrint LightScribe System Software Macromedia Dreamweaver MX 2004 Macromedia Extension Manager Magic Audio Recorder v7.4.0.11 MAGIX MP3 Maker 15 Download version 10.0.0.317 (UK) MAGIX Screenshare 4.3.6.1987 (UK) Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft Live Search Toolbar Microsoft Office 2000 Professional Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Photodex Presenter PictureMover Power2Go PowerDirector Python 2.6 pywin32-212 Python 2.6.1 Quicken 2006 QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Segoe UI TomTom HOME 2.8.2.2264 TomTom HOME Visual Studio Merge Modules Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Veetle TV 0.9.15 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 3/15/2012 6:22:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/15/2012 4:39:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep 3/15/2012 4:37:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/15/2012 4:36:30 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control. 3/15/2012 4:07:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 8:53:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 8:49:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 6:06:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 6:00:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 5:04:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/14/2012 3:21:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/11/2012 4:20:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.121.1330.0). 3/11/2012 4:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1319.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070643 Error description: Fatal error during installation. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.