Solved: Windows/System32/services.exe Trojan dropper

RDM926 · 13-Jul-2012, 11:16 PM #1

Thanks a ton for providing this service. I used to work as a low-level tech for a PC maintenance company (emphasis on low), so I know a little bit about what a pain it can be providing tech support. This, however, is way over my head.

I was notified a few days ago by my internet provider that something had been sending spam e-mails from my internet connection. They recommended that I run a virus scan to remove the threat, or to have it professionally removed. At the time, I was using IOBit's Advanced System Care 5 protection, but nothing significant came up in the scan. So, I tried MBAM, which located what it identified as 3 Trojans and a Rootkit. It was able to remove 2 of the items, but not the other two. I did a little research and downloaded AVG to see if they could locate and sequester the problem. It identified the two problems, including the following - c:\Windows\System32\Services.exe - which it identified as a "Trojan horse Dropper.Generic_c.MMI. The result is that the "Object is white-listed (critical/system file that should not be removed)". It also said that access to the infected files would be restricted.

I re-ran MBAM since then, and it came up with nothing. So, I thought the problem was solved, but AVG keeps popping up 2-3 times per hour with the same notification about the same file. I'm not sure if "white-listed" means that it's sequestered and incapable of damaging my system anymore or not, but the AVG pop-ups are concerning enough that I want the thing removed.

One other thing I thought you might need to know. As I was investigating this forum, I came across a post that sounded exactly similar to mine. So, I followed the instructions that were given, which was to run ComboFix.exe. I followed the instructions exactly; saved to desktop under alternate name, temporarily disabled AVG, ran ComboFix. At the end of ComboFix, though, it gave me some kind of ring tone and then just disappeared. No logfile appeared or anything. I rebooted the computer and tried again, and the same thing happened. Only after that did I read the instructions to not follow steps for another person's computer, and not to run ComboFix unless specifically instructed to do so. I hope I didn't screw up anything!

I have backed up all important files and followed the instructions per forum rules. What follows is the System Info Utility, the HijackThis log from 7-13-12, and DDS.txt from same date. Attach.txt is attached.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4056 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1804 Mb
Hard Drives: C: Total - 290204 MB, Free - 34710 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled
___________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:09 PM, on 7/13/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...t&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
O1 - Hosts: 216.239.32.20 www.google.de # bck9
O1 - Hosts: 216.239.32.20 www.google.dk # bck9
O1 - Hosts: 216.239.32.20 www.google.es # bck9
O1 - Hosts: 216.239.32.20 www.google.fi # bck9
O1 - Hosts: 216.239.32.20 www.google.fr # bck9
O1 - Hosts: 216.239.32.20 www.google.it # bck9
O1 - Hosts: 216.239.32.20 www.google.lt # bck9
O1 - Hosts: 216.239.32.20 www.google.lv # bck9
O1 - Hosts: 216.239.32.20 www.google.nl # bck9
O1 - Hosts: 216.239.32.20 www.google.pl # bck9
O1 - Hosts: 216.239.32.20 www.google.pt # bck9
O1 - Hosts: 216.239.32.20 www.google.ro # bck9
O1 - Hosts: 216.239.32.20 www.google.ru # bck9
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA1NDc 4MjI0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU 0yKzEtRkwxMCsxLVhPMTArMTEtTElDKzI"&"prod=90"&"ver=10.0.1325
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rachel H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Dropbox.lnk = Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://crestedg.century21.com/EDGDO...eUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://submit.shutterstock.com/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16408 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Rachel H at 21:48:23 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.1846 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/accounts/Serv...t&ltmplcache=2
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Rachel H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [<NO NAME>]
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA1NDc 4MjI0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU 0yKzEtRkwxMCsxLVhPMTArMTEtTElDKzI"&"prod=90"&"ver=10.0.1325
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\RACHEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\RACHEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\Dropbox.lnk - C:\Users\Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://crestedg.century21.com/EDGDOTNET/ImageUploader/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://submit.shutterstock.com/ImageUploader4.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{35F2435D-5B0D-45B6-AF17-B33BA276FA54} : DhcpNameServer = 10.1.26.205
TCP: Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1}\3456E6475727970223130235D696478602D41696E60225F657475627 : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1}\355707562783D2332353 : DhcpNameServer = 209.116.241.10 209.205.242.132
TCP: Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1}\73238375 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1}\759696 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1}\D41636F48696F6 : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [(Default)]
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA1NDc 4MjI0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU 0yKzEtRkwxMCsxLVhPMTArMTEtTElDKzI"&"prod=90"&"ver=10.0.1325
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
Hosts: 216.239.32.20 www.google.ae # bck9
Hosts: 216.239.32.20 www.google.at # bck9
Hosts: 216.239.32.20 www.google.be # bck9
Hosts: 216.239.32.20 www.google.ca # bck9
Hosts: 216.239.32.20 www.google.ch # bck9
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-11-15 746392]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-8-2 655944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-13 658656]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-12 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
.
=============== Created Last 30 ================
.
2012-07-13 21:34:21 -------- d-s---w- C:\username123.exe
2012-07-13 20:54:52 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-13 20:54:16 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-13 02:51:47 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection
2012-07-13 02:38:02 -------- d-----w- C:\Users\Rachel H\AppData\Local\Google
2012-07-13 02:37:26 -------- d-----w- C:\Users\Rachel H\AppData\Local\Apps
2012-07-13 02:37:25 -------- d-----w- C:\Users\Rachel H\AppData\Local\Deployment
2012-07-12 19:40:34 -------- d-----w- C:\Users\Rachel H\AppData\Roaming\AVG2012
2012-07-12 19:39:24 -------- d-----w- C:\Users\Rachel H\AppData\Local\AVG Secure Search
2012-07-12 19:39:01 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-12 19:38:59 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-12 19:38:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-12 19:38:37 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-12 19:35:59 -------- d--h--w- C:\$AVG
2012-07-12 19:35:59 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-12 19:35:59 -------- d-----w- C:\ProgramData\AVG2012
2012-07-09 23:30:19 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-06 08:15:06 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88580977-1150-4D09-B0D7-C3026A586DF1}\mpengine.dll
2012-06-21 04:46:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 04:45:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 04:45:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 04:45:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 21:49:06.49 ===============

mrp · 14-Jul-2012, 11:03 AM #2

Hello RDM926, my name is Michael and I will be helping you with your computer problems.

Be aware that I am currently in training, which means that my replies must first be approved by one of my teachers. This may cause a slight delay in my responses, but keep in mind that this process is only to ensure you are receiving advice of the utmost accuracy.

Please keep the following points in mind:

Malware research is often a time consuming process and sometimes multiple tools/methods will have to be employed before an infection is completely dealt with. Please be patient during the process of removal.
Read my instructions carefully before carrying them out. Also, consider printing out any instructions in case you lose your Internet connection.
If you have any questions, please ask before carrying out a fix. Clearing up any confusion beforehand will save time in the long run. That said, I will try to post instructions as clearly and concisely as possible.
Please reply to this thread. Do not start a new topic, and do not request help on other forums during the course of the cleaning process.
If you do not reply after three (3) days, your thread will be closed.

IMPORTANT NOTE: Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

I will be back as soon as possible with a response.

RDM926 · 14-Jul-2012, 11:25 AM #3

Sounds great, Michael. Looking forward to working with you!

mrp · 14-Jul-2012, 11:50 AM #4

download Farbar Recovery Scan Tool (for your computer, choose to download the 64-bit version) and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
now press the search button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)

RDM926 · 14-Jul-2012, 12:31 PM #5

I downloaded Farbar on my healthy PC and saved it to my flash drive. I inserted the flash drive into the infected PC, then realized that I had to restart. So, I restarted the computer to initiate the System Recovery from Advanced Boot Options as directed. At some point during the startup (I may have missed the BIOS screen, but I don't think so...), Windows began what looks like an update - it says "Preparing to configure Windows... Do not turn off your computer". However, it's been sitting here for about 20 minutes now... The last Windows Update I remember doing was shortly before I began this thread, but I'm pretty sure this is NOT the first time I've rebooted the computer since then...

At this point, I don't want to do anything unless instructed. Any ideas?

RDM926 · 14-Jul-2012, 12:47 PM #6

After about 30 mins, it switched to "Assembling Windows updates" and is now Configuring. I'll wait until this finishes and then continue with your instructions. Sorry about the confusion!

RDM926 · 14-Jul-2012, 01:45 PM #7

Michael -

Here are my FRST logs. After running the search for services.exe, I accidentally told it to scan again and couldn't stop it, so it saved over the first log.

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 14-07-2012 13:35:24
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Rachel H\...\Run: [AdobeBridge] [x]
HKU\Rachel H\...\Run: [Google Update] "C:\Users\Rachel H\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-12] (Google Inc.)
HKLM\...\RunOnce: [DSUpdateLauncher] "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA1NDc 4MjI0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU 0yKzEtRkwxMCsxLVhPMTArMTEtTElDKzI"&"prod=90"&"ver=10.0.1325 [x]
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rachel H\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rachel H\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [746392 2011-11-15] (Spigot, Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2122000 2012-02-13] (Blue Coat Systems, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-12] ()
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-11-11] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-11-11] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467696 2010-11-11] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 bckd; C:\Windows\System32\Drivers\bckd.sys [108304 2012-02-13] (Blue Coat Systems, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-13 22:24 - 2010-11-20 05:33 - 00982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-07-13 22:24 - 2010-11-20 05:33 - 00273792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2012-07-13 22:24 - 2010-11-20 05:33 - 00171392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2012-07-13 22:24 - 2010-11-20 05:33 - 00078720 ____A (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2012-07-13 22:24 - 2010-11-20 05:32 - 00112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-07-13 22:24 - 2010-11-20 05:27 - 02652160 ____A (Microsoft Corporation) C:\Windows\System32\netshell.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 01808384 ____A (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 01050624 ____A (Microsoft Corporation) C:\Windows\System32\printui.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00898560 ____A (Microsoft Corporation) C:\Windows\System32\OobeFldr.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00867840 ____A (Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\sdcpl.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00695808 ____A (Microsoft Corporation) C:\Windows\System32\netlogon.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00211456 ____A (Microsoft Corporation) C:\Windows\System32\mprddm.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00188928 ____A (Microsoft Corporation) C:\Windows\System32\netjoin.dll
2012-07-13 22:24 - 2010-11-20 05:27 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 03391488 ____A (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 02067456 ____A (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 01866240 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 01340416 ____A (Microsoft Corporation) C:\Windows\System32\diagperf.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 01244160 ____A (Microsoft Corporation) C:\Windows\System32\imapi2fs.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 01087488 ____A (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 01066496 ____A (Microsoft Corporation) C:\Windows\System32\Display.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00594432 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00573952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00355328 ____A (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\itircl.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\inetmib1.dll
2012-07-13 22:24 - 2010-11-20 05:26 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\elsTrans.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 01927680 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\certmgr.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00460800 ____A (Microsoft Corporation) C:\Windows\System32\certcli.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00412160 ____A (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\bcdsrv.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\AuxiliaryDisplayServices.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00109568 ____A (Microsoft Corporation) C:\Windows\System32\nslookup.exe
2012-07-13 22:24 - 2010-11-20 05:25 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\CertPolEng.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\acppage.dll
2012-07-13 22:24 - 2010-11-20 05:25 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\MultiDigiMon.exe
2012-07-13 22:24 - 2010-11-20 05:24 - 00346112 ____A (Microsoft Corporation) C:\Windows\System32\bcdedit.exe
2012-07-13 22:24 - 2010-11-20 05:24 - 00241664 ____A (Microsoft Corporation) C:\Windows\System32\Ribbons.scr
2012-07-13 22:24 - 2010-11-20 05:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\kstvtune.ax
2012-07-13 22:24 - 2010-11-20 05:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\mobsync.exe
2012-07-13 22:24 - 2010-11-20 05:24 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\ksxbar.ax
2012-07-13 22:24 - 2010-11-20 05:24 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\ftp.exe
2012-07-13 22:24 - 2010-11-20 05:13 - 00147456 ____A (Microsoft Corporation) C:\Windows\System32\RDPENCDD.dll
2012-07-13 22:24 - 2010-11-20 05:12 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\pifmgr.dll
2012-07-13 22:24 - 2010-11-20 05:02 - 00457216 ____A (Microsoft Corporation) C:\Windows\System32\imkr80.ime
2012-07-13 22:24 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDBLR.DLL
2012-07-13 22:24 - 2010-11-20 04:55 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-07-13 22:24 - 2010-11-20 04:51 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2012-07-13 22:24 - 2010-11-20 04:21 - 01115136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2012-07-13 22:24 - 2010-11-20 04:21 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2012-07-13 22:24 - 2010-11-20 04:21 - 00318976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2012-07-13 22:24 - 2010-11-20 04:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2012-07-13 22:24 - 2010-11-20 04:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2012-07-13 22:24 - 2010-11-20 04:21 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00988160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00406528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00166400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00165376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00090112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00060928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2012-07-13 22:24 - 2010-11-20 04:20 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 01493504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00488448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00392192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00266752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00226304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2012-07-13 22:24 - 2010-11-20 04:19 - 00219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00213504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2012-07-13 22:24 - 2010-11-20 04:19 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 01003520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00665600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00508416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00489984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00202752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00195584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2012-07-13 22:24 - 2010-11-20 04:18 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2012-07-13 22:24 - 2010-11-20 04:17 - 00322048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00157184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00101376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00098816 ____A (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00095232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2012-07-13 22:24 - 2010-11-20 04:17 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2012-07-13 22:24 - 2010-11-20 04:16 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2012-07-13 22:24 - 2010-11-20 04:16 - 00045568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2012-07-13 22:24 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2012-07-13 22:24 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2012-07-13 22:24 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-07-13 22:24 - 2010-11-20 04:06 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2012-07-13 22:24 - 2010-11-20 02:43 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2012-07-13 22:24 - 2010-11-20 02:32 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Dot4Prt.sys
2012-07-13 22:24 - 2010-11-20 02:14 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2012-07-13 22:24 - 2010-11-20 02:04 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2012-07-13 22:24 - 2010-11-20 01:49 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-07-13 22:24 - 2010-11-20 01:25 - 00753664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2012-07-13 22:24 - 2010-11-20 01:19 - 00147456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2012-07-13 22:24 - 2010-11-04 17:58 - 00080720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2012-07-13 22:23 - 2010-11-20 05:44 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\NAPHLPR.DLL
2012-07-13 22:23 - 2010-11-20 05:44 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\NAPCRYPT.DLL
2012-07-13 22:23 - 2010-11-20 05:34 - 00295808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-07-13 22:23 - 2010-11-20 05:34 - 00215936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2012-07-13 22:23 - 2010-11-20 05:33 - 00155008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2012-07-13 22:23 - 2010-11-20 05:33 - 00140672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2012-07-13 22:23 - 2010-11-20 05:33 - 00014720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2012-07-13 22:23 - 2010-11-20 05:32 - 00334208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2012-07-13 22:23 - 2010-11-20 05:29 - 00345600 ____A (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2012-07-13 22:23 - 2010-11-20 05:29 - 00298104 ____A (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2012-07-13 22:23 - 2010-11-20 05:29 - 00223248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2012-07-13 22:23 - 2010-11-20 05:28 - 00166784 ____A (Microsoft Corporation) C:\Windows\System32\basecsp.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 03860992 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 02543616 ____A (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 02262528 ____A (Microsoft Corporation) C:\Windows\System32\SyncCenter.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 02086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01911808 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-07-13 22:23 - 2010-11-20 05:27 - 01753088 ____A (Microsoft Corporation) C:\Windows\System32\vssapi.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01743360 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01363968 ____A (Microsoft Corporation) C:\Windows\System32\wdc.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01243136 ____A (Microsoft Corporation) C:\Windows\System32\WMNetMgr.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01232896 ____A (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2012-07-13 22:23 - 2010-11-20 05:27 - 01197056 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 01110016 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00978944 ____A (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2012-07-13 22:23 - 2010-11-20 05:27 - 00933376 ____A (Microsoft Corporation) C:\Windows\System32\SmiEngine.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00828416 ____A (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00799744 ____A (Microsoft Corporation) C:\Windows\System32\msftedit.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00758272 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00680960 ____A (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00666112 ____A (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2012-07-13 22:23 - 2010-11-20 05:27 - 00658432 ____A (Microsoft Corporation) C:\Windows\System32\PerfCenterCPL.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00641024 ____A (Microsoft Corporation) C:\Windows\System32\msscp.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00636416 ____A (Microsoft Corporation) C:\Windows\System32\wmdrmdev.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00633344 ____A (Microsoft Corporation) C:\Windows\System32\riched20.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00625664 ____A (Microsoft Corporation) C:\Windows\System32\mscms.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00605696 ____A (Microsoft Corporation) C:\Windows\System32\wmpeffects.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00594432 ____A (Microsoft Corporation) C:\Windows\System32\wvc.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\mspbda.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00527872 ____A (Microsoft Corporation) C:\Windows\System32\wmdrmnet.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00457216 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00451072 ____A (Microsoft Corporation) C:\Windows\System32\shwebsvc.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00444416 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00435712 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceStatus.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00418816 ____A (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00406016 ____A (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\sharemediacpl.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00344064 ____A (Microsoft Corporation) C:\Windows\System32\rasmans.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\srchadmin.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00326144 ____A (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00325632 ____A (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00312320 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\scansetting.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00299520 ____A (Microsoft Corporation) C:\Windows\System32\tsmf.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\ws2_32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\srrstr.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00268288 ____A (Microsoft Corporation) C:\Windows\System32\MSAC3ENC.DLL
2012-07-13 22:23 - 2010-11-20 05:27 - 00263168 ____A (Microsoft Corporation) C:\Windows\System32\spwizui.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00250880 ____A (Microsoft Corporation) C:\Windows\System32\qdv.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00244736 ____A (Microsoft Corporation) C:\Windows\System32\sqmapi.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00244224 ____A (Microsoft Corporation) C:\Windows\System32\spp.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\taskbarcpl.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00238080 ____A (Microsoft Corporation) C:\Windows\System32\mstask.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00232448 ____A (Microsoft Corporation) C:\Windows\System32\sppcomapi.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00224256 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceSyncProvider.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00222720 ____A (Microsoft Corporation) C:\Windows\System32\wwanconn.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00221696 ____A (Microsoft Corporation) C:\Windows\System32\OnLineIDCpl.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\wpdwcn.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00207360 ____A (Microsoft Corporation) C:\Windows\System32\sysclass.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00165376 ____A (Microsoft Corporation) C:\Windows\System32\netid.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\wkssvc.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00115200 ____A (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\thumbcache.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\regapi.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\UserAccountControlSettings.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\napdsnap.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\wsnmp32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\vss_ps.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00059904 ____A (Microsoft Corporation) C:\Windows\System32\umb.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\msdmo.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\netutils.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\wsdchngr.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\TRAPI.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\syssetup.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\nrpsrv.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\shunimpl.dll
2012-07-13 22:23 - 2010-11-20 05:27 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\riched32.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 04120064 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00955904 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00934912 ____A (Microsoft Corporation) C:\Windows\System32\FirewallControlPanel.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\fontext.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00853504 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2012-07-13 22:23 - 2010-11-20 05:26 - 00787968 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00675328 ____A (Microsoft Corporation) C:\Windows\System32\DXPTaskRingtone.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00503296 ____A (Microsoft Corporation) C:\Windows\System32\imapi2.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00501248 ____A (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2012-07-13 22:23 - 2010-11-20 05:26 - 00495104 ____A (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00459776 ____A (Microsoft Corporation) C:\Windows\System32\DXP.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\mfds.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00345600 ____A (Microsoft Corporation) C:\Windows\System32\MediaMetadataHandler.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\hgcpl.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00317952 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00313344 ____A (Microsoft Corporation) C:\Windows\System32\dot3ui.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00282624 ____A (Microsoft Corporation) C:\Windows\System32\iTVData.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00281600 ____A (Microsoft) C:\Windows\System32\DShowRdpFilter.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\iprtrmgr.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\MFPlay.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\hgprint.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairingFolder.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\iasrad.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\IPHLPAPI.DLL
2012-07-13 22:23 - 2010-11-20 05:26 - 00121344 ____A (Microsoft Corporation) C:\Windows\System32\fphc.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00116224 ____A (Windows (R) Codename Longhorn DDK provider) C:\Windows\System32\fms.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\iasacct.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\KMSVC.DLL
2012-07-13 22:23 - 2010-11-20 05:26 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\Mcx2Svc.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\dot3cfg.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\luainstall.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\FXSMON.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\mimefilt.dll
2012-07-13 22:23 - 2010-11-20 05:26 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\HotStartUserAgent.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 03957760 ____A (Microsoft Corporation) C:\Windows\System32\WinSAT.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 03524608 ____A (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 01975296 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 01600512 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00840192 ____A (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00726528 ____A (Microsoft Corporation) C:\Windows\System32\AuxiliaryDisplayCpl.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00705024 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2012-07-13 22:23 - 2010-11-20 05:25 - 00598016 ____A (Microsoft Corporation) C:\Windows\System32\spinstall.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00549888 ____A (Microsoft Corporation) C:\Windows\System32\ActionCenterCPL.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00504320 ____A (Microsoft Corporation) C:\Windows\System32\biocpl.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00349696 ____A (Microsoft Corporation) C:\Windows\System32\slui.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00342016 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00314368 ____A (Microsoft Corporation) C:\Windows\System32\clusapi.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\wusa.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00301568 ____A (Microsoft Corporation) C:\Windows\System32\spreview.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00293888 ____A (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\perfmon.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00128000 ____A (Microsoft) C:\Windows\System32\Robocopy.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\msiexec.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00114688 ____A (Microsoft Corporation) C:\Windows\System32\AxInstSv.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\cca.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\certprop.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\tabcal.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\takeown.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\PnPUnattend.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00056832 ____A (Microsoft Corporation) C:\Windows\System32\runonce.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\userinit.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2012-07-13 22:23 - 2010-11-20 05:25 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
2012-07-13 22:23 - 2010-11-20 05:25 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00957440 ____A (Microsoft Corporation) C:\Windows\System32\mblctr.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00899584 ____A (Microsoft Corporation) C:\Windows\System32\Bubbles.scr
2012-07-13 22:23 - 2010-11-20 05:24 - 00777728 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00689152 ____A (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00684032 ____A (Microsoft Corporation) C:\Windows\System32\TabletPC.cpl
2012-07-13 22:23 - 2010-11-20 05:24 - 00653312 ____A (Microsoft Corporation) C:\Windows\System32\lpksetup.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00474112 ____A (Microsoft Corporation) C:\Windows\System32\sysmon.ocx
2012-07-13 22:23 - 2010-11-20 05:24 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\diskraid.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00359936 ____A (Microsoft Corporation) C:\Windows\System32\eudcedit.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00272896 ____A (Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00250880 ____A (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2012-07-13 22:23 - 2010-11-20 05:24 - 00242688 ____A (Microsoft Corporation) C:\Windows\System32\Mystify.scr
2012-07-13 22:23 - 2010-11-20 05:24 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\wdmaud.drv
2012-07-13 22:23 - 2010-11-20 05:24 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\VBICodec.ax
2012-07-13 22:23 - 2010-11-20 05:24 - 00166400 ____A (Microsoft Corporation) C:\Windows\System32\diskpart.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\desk.cpl
2012-07-13 22:23 - 2010-11-20 05:24 - 00104448 ____A (Microsoft Corporation) C:\Windows\System32\logman.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\WSTPager.ax
2012-07-13 22:23 - 2010-11-20 05:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\manage-bde.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00071168 ____A (Microsoft Corporation) C:\Windows\bfsvc.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\g711codc.ax
2012-07-13 22:23 - 2010-11-20 05:24 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\vbisurf.ax
2012-07-13 22:23 - 2010-11-20 05:24 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\choice.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
2012-07-13 22:23 - 2010-11-20 05:24 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\FXSUNATD.exe
2012-07-13 22:23 - 2010-11-20 05:15 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-07-13 22:23 - 2010-11-20 05:13 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\nlsbres.dll
2012-07-13 22:23 - 2010-11-20 05:02 - 01148416 ____A (Microsoft Corporation) C:\Windows\System32\IMJP10.IME
2012-07-13 22:23 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDTUF.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDSG.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\kbdlk41a.dll
2012-07-13 22:23 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDGKL.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDNEPR.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDUS.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDUGHR1.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDTAJIK.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-07-13 22:23 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDBULG.DLL
2012-07-13 22:23 - 2010-11-20 04:54 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\BlbEvents.dll
2012-07-13 22:23 - 2010-11-20 04:36 - 00046080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2012-07-13 22:23 - 2010-11-20 04:21 - 02983424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 02157568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 02146304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 01667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 01624064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 01619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-07-13 22:23 - 2010-11-20 04:21 - 01227776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00755200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00739328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2012-07-13 22:23 - 2010-11-20 04:21 - 00738816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00600064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00505856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00444928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00416768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00410112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00372224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00363008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00350720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00346624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00327680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00222208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00194048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00182272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00181760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00113664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00111104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00108032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00090112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00051200 ____A (Twain Working Group) C:\Windows\twain_32.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00040448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2012-07-13 22:23 - 2010-11-20 04:21 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 02504192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2012-07-13 22:23 - 2010-11-20 04:20 - 02494464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 02130944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 01750528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 01661440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 01508864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 01414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00656384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00600576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00346112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00236544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00218112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00190976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00183296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00077824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00068096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2012-07-13 22:23 - 2010-11-20 04:20 - 00040960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00732160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00400896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00341504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00312832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00301568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00271360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00232448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00216576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2012-07-13 22:23 - 2010-11-20 04:19 - 00176128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00127488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00124416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2012-07-13 22:23 - 2010-11-20 04:19 - 00013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 03727872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 01400320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 01334272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00744448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00630784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00537600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00333824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00323072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00295936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00242176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00222208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00211456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00210432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00205312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00168960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00094208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00045568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-07-13 22:23 - 2010-11-20 04:18 - 00030208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00022528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2012-07-13 22:23 - 2010-11-20 04:18 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2012-07-13 22:23 - 2010-11-20 04:17 - 01049600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00303104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00144896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00113152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00082944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00062976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00047616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00042496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00037888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2012-07-13 22:23 - 2010-11-20 04:17 - 00024064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2012-07-13 22:23 - 2010-11-20 04:16 - 00878592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2012-07-13 22:23 - 2010-11-20 04:16 - 00776192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2012-07-13 22:23 - 2010-11-20 04:16 - 00668160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2012-07-13 22:23 - 2010-11-20 04:16 - 00326656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2012-07-13 22:23 - 2010-11-20 04:16 - 00320000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2012-07-13 22:23 - 2010-11-20 04:16 - 00220672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2012-07-13 22:23 - 2010-11-20 04:16 - 00142336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2012-07-13 22:23 - 2010-11-20 04:16 - 00107008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2012-07-13 22:23 - 2010-11-20 04:08 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2012-07-13 22:23 - 2010-11-20 04:08 - 00119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2012-07-13 22:23 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2012-07-13 22:23 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2012-07-13 22:23 - 2010-11-20 04:07 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2012-07-13 22:23 - 2010-11-20 04:00 - 01027584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2012-07-13 22:23 - 2010-11-20 03:57 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2012-07-13 22:23 - 2010-11-20 03:05 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\rdpdd.dll
2012-07-13 22:23 - 2010-11-20 02:52 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2012-07-13 22:23 - 2010-11-20 02:52 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2012-07-13 22:23 - 2010-11-20 02:52 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2012-07-13 22:23 - 2010-11-20 02:52 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2012-07-13 22:23 - 2010-11-20 02:44 - 00184960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2012-07-13 22:23 - 2010-11-20 02:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2012-07-13 22:23 - 2010-11-20 02:43 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2012-07-13 22:23 - 2010-11-20 02:43 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2012-07-13 22:23 - 2010-11-20 02:43 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2012-07-13 22:23 - 2010-11-20 02:33 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2012-07-13 22:23 - 2010-11-20 01:27 - 00309248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2012-07-13 22:23 - 2010-11-20 01:26 - 00140800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2012-07-13 22:23 - 2010-11-20 01:26 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-07-13 22:23 - 2010-11-20 01:23 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2012-07-13 22:23 - 2010-11-19 19:52 - 00419880 ____A C:\Windows\SysWOW64\locale.nls
2012-07-13 22:23 - 2010-11-19 19:52 - 00419880 ____A C:\Windows\System32\locale.nls
2012-07-13 22:23 - 2010-11-04 18:20 - 00347904 ____A C:\Windows\System32\systemsf.ebd
2012-07-13 22:23 - 2010-11-04 17:58 - 00155472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2012-07-13 22:23 - 2010-11-04 17:57 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-07-13 22:23 - 2010-11-04 17:57 - 00154960 ____A (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2012-07-13 22:22 - 2010-11-20 05:34 - 00363392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2012-07-13 22:22 - 2010-11-20 05:33 - 00263040 ____A (Microsoft Corporation) C:\Windows\System32\hal.dll
2012-07-13 22:22 - 2010-11-20 05:33 - 00213888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2012-07-13 22:22 - 2010-11-20 05:27 - 02250752 ____A (Microsoft Corporation) C:\Windows\System32\SensorsCpl.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 02193920 ____A (Microsoft Corporation) C:\Windows\System32\themecpl.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 02055680 ____A (Microsoft Corporation) C:\Windows\System32\Query.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 02018304 ____A (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01900544 ____A (Microsoft Corporation) C:\Windows\System32\setupapi.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01646080 ____A (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01556992 ____A (Microsoft Corporation) C:\Windows\System32\RacEngn.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01281024 ____A (Microsoft Corporation) C:\Windows\System32\werconcpl.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\propsys.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01190400 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\webservices.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 01098240 ____A (Microsoft Corporation) C:\Windows\System32\Vault.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00849920 ____A (Microsoft Corporation) C:\Windows\System32\qmgr.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00781312 ____A (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00691200 ____A (Microsoft Corporation) C:\Windows\System32\VAN.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00577536 ____A (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00529408 ____A (Microsoft Corporation) C:\Windows\System32\wbemcomn.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00503296 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\QAGENTRT.DLL
2012-07-13 22:22 - 2010-11-20 05:27 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\wlangpui.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00462336 ____A (Microsoft Corporation) C:\Windows\System32\wiadefui.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00446976 ____A (Microsoft Corporation) C:\Windows\System32\sqlcese30.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00431104 ____A (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\rastls.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00403968 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00392192 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\shsvcs.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00358400 ____A (Microsoft Corporation) C:\Windows\System32\wmpdxm.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00337920 ____A (Microsoft Corporation) C:\Windows\System32\raschap.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00335360 ____A (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00266240 ____A (Microsoft Corporation) C:\Windows\System32\QAGENT.DLL
2012-07-13 22:22 - 2010-11-20 05:27 - 00264192 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00263168 ____A (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00258560 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00255488 ____A (Microsoft Corporation) C:\Windows\System32\wavemsp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00253440 ____A (Microsoft Corporation) C:\Windows\System32\tcpipcfg.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\scecli.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\wmpsrcwp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00217600 ____A (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00200192 ____A (Microsoft Corporation) C:\Windows\System32\syncui.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00193024 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00187904 ____A (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\vdsutil.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\prncache.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\twext.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\ocsetapi.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\recovery.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00143360 ____A (Microsoft Corporation) C:\Windows\System32\mydocs.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\shacct.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\ntlanman.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\srvcli.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\QUTIL.DLL
2012-07-13 22:22 - 2010-11-20 05:27 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\sppnp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\QCLIPROV.DLL
2012-07-13 22:22 - 2010-11-20 05:27 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\tlscsp.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\wkscli.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\vfwwdm32.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\ncryptui.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\odbcconf.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\vpnikeapi.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00036352 ____A (Microsoft Corporation) C:\Windows\System32\wdiasqmmodule.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\schedcli.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\rdprefdrvapi.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\spopk.dll
2012-07-13 22:22 - 2010-11-20 05:27 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 03205120 ____A (Microsoft Corporation) C:\Windows\System32\mmcndmgr.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 01838080 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 01457664 ____A (Microsoft Corporation) C:\Windows\System32\DxpTaskSync.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00777728 ____A (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\evr.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00508928 ____A (Microsoft Corporation) C:\Windows\System32\DeviceCenter.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00422912 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00304128 ____A (Microsoft Corporation) C:\Windows\System32\efscore.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00252416 ____A (Microsoft Corporation) C:\Windows\System32\dot3svc.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00186880 ____A (Microsoft Corporation) C:\Windows\System32\logoncli.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\fde.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00166912 ____A (Microsoft Corporation) C:\Windows\System32\inetpp.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\dot3msm.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\dot3api.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2012-07-13 22:22 - 2010-11-20 05:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\dsauth.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 03745792 ____A (Microsoft Corporation) C:\Windows\System32\accessibilitycpl.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 01504256 ____A (Microsoft Corporation) C:\Windows\System32\wbengine.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 01116672 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00958464 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 00780800 ____A (Microsoft Corporation) C:\Windows\System32\ActionCenter.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 00533504 ____A (Microsoft Corporation) C:\Windows\System32\vds.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00390656 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00306688 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00305152 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00273920 ____A (Microsoft Corporation) C:\Windows\System32\SndVol.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00213504 ____A (Microsoft Corporation) C:\Windows\System32\ActionQueue.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\ocsetup.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\autoplay.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\net1.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 00094720 ____A (Microsoft Corporation) C:\Windows\System32\cabinet.dll
2012-07-13 22:22 - 2010-11-20 05:25 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\tzutil.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\relog.exe
2012-07-13 22:22 - 2010-11-20 05:25 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\proquota.exe
2012-07-13 22:22 - 2010-11-20 05:24 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\mmsys.cpl
2012-07-13 22:22 - 2010-11-20 05:24 - 00763904 ____A (Microsoft Corporation) C:\Windows\System32\autofmt.exe
2012-07-13 22:22 - 2010-11-20 05:24 - 00442368 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-07-13 22:22 - 2010-11-20 05:24 - 00352768 ____A (Microsoft Corporation) C:\Windows\System32\sysdm.cpl
2012-07-13 22:22 - 2010-11-20 05:24 - 00321536 ____A (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2012-07-13 22:22 - 2010-11-20 05:24 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\bcdboot.exe
2012-07-13 22:22 - 2010-11-20 05:24 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\Kswdmcap.ax
2012-07-13 22:22 - 2010-11-20 05:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\cmstp.exe
2012-07-13 22:22 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDSF.DLL
2012-07-13 22:22 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDPO.DLL
2012-07-13 22:22 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDMON.DLL
2012-07-13 22:22 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-07-13 22:22 - 2010-11-20 05:02 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\KBDGEO.DLL
2012-07-13 22:22 - 2010-11-20 04:32 - 05066752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2012-07-13 22:22 - 2010-11-20 04:23 - 00144768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 02311168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 01175040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00933376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00902656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2012-07-13 22:22 - 2010-11-20 04:21 - 00782336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00778240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00646144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2012-07-13 22:22 - 2010-11-20 04:21 - 00507392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00473600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00436736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00423936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00406528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00352768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00328192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00318464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00301568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00299520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00242176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00228352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00175616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00167936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2012-07-13 22:22 - 2010-11-20 04:21 - 00146944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00146432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00144384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00134656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00109568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00099328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2012-07-13 22:22 - 2010-11-20 04:21 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2012-07-13 22:22 - 2010-11-20 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00051712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00051712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00046080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2012-07-13 22:22 - 2010-11-20 04:21 - 00008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 01111552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00395264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00283136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00171520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2012-07-13 22:22 - 2010-11-20 04:20 - 00121344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00120320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2012-07-13 22:22 - 2010-11-20 04:20 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2012-07-13 22:22 - 2010-11-20 04:20 - 00056832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 03207680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 02151936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00296448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00206336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00202752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00120320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2012-07-13 22:22 - 2010-11-20 04:19 - 00084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2012-07-13 22:22 - 2010-11-20 04:19 - 00013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 01828352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 01040384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00522752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00342016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2012-07-13 22:22 - 2010-11-20 04:18 - 00254464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00091648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2012-07-13 22:22 - 2010-11-20 04:18 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2012-07-13 22:22 - 2010-11-20 04:17 - 00327680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00327168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00220672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00026624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2012-07-13 22:22 - 2010-11-20 04:17 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2012-07-13 22:22 - 2010-11-20 04:16 - 00905216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2012-07-13 22:22 - 2010-11-20 04:16 - 00345088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2012-07-13 22:22 - 2010-11-20 04:16 - 00293888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2012-07-13 22:22 - 2010-11-20 04:16 - 00221184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2012-07-13 22:22 - 2010-11-20 04:08 - 00663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2012-07-13 22:22 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2012-07-13 22:22 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2012-07-13 22:22 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2012-07-13 22:22 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2012-07-13 22:22 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2012-07-13 22:22 - 2010-11-20 04:07 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2012-07-13 22:22 - 2010-11-20 04:05 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2012-07-13 22:22 - 2010-11-20 03:07 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-07-13 22:22 - 2010-11-20 02:51 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2012-07-13 22:22 - 2010-11-20 02:51 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-07-13 22:22 - 2010-11-20 02:44 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2012-07-13 22:22 - 2010-11-20 02:44 - 00032896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2012-07-13 22:22 - 2010-11-20 02:33 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2012-07-13 22:22 - 2010-11-20 02:10 - 00029696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2012-07-13 22:22 - 2010-11-20 01:26 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2012-07-13 22:22 - 2010-11-20 01:21 - 00119296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2012-07-13 22:22 - 2010-11-04 17:58 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2012-07-13 22:22 - 2010-11-04 17:58 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2012-07-13 22:22 - 2010-11-04 17:57 - 00048976 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-07-13 22:22 - 2010-11-04 17:53 - 00295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2012-07-13 22:22 - 2009-07-13 17:16 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2012-07-13 22:22 - 2009-06-10 13:40 - 00001041 ____A C:\Windows\SysWOW64\tcpbidi.xml
2012-07-13 22:21 - 2010-11-20 05:34 - 00071552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2012-07-13 22:21 - 2010-11-20 05:33 - 00184704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2012-07-13 22:21 - 2010-11-20 05:33 - 00094592 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2012-07-13 22:21 - 2010-11-20 05:33 - 00063360 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2012-07-13 22:21 - 2010-11-20 05:33 - 00031104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2012-07-13 22:21 - 2010-11-20 05:32 - 02217856 ____A (Microsoft Corporation) C:\Windows\System32\bootres.dll
2012-07-13 22:21 - 2010-11-20 05:32 - 00179072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2012-07-13 22:21 - 2010-11-20 05:32 - 00155520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2012-07-13 22:21 - 2010-11-20 05:27 - 14633472 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 03650560 ____A (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 03027968 ____A (Microsoft Corporation) C:\Windows\System32\WMVCORE.DLL
2012-07-13 22:21 - 2010-11-20 05:27 - 03008000 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01881088 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01689600 ____A (Microsoft Corporation) C:\Windows\System32\netcenter.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01509888 ____A (Microsoft Corporation) C:\Windows\System32\msdtctm.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\wlanpref.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01389056 ____A (Microsoft Corporation) C:\Windows\System32\pla.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01326080 ____A (Microsoft Corporation) C:\Windows\System32\NaturalLanguage6.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2012-07-13 22:21 - 2010-11-20 05:27 - 01082880 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01024512 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 01008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00769536 ____A (Microsoft Corporation) C:\Windows\System32\sud.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00758784 ____A (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00681472 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00501248 ____A (Microsoft Corporation) C:\Windows\System32\WinSATAPI.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00488448 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\powercpl.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00429568 ____A (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\prnfldr.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00414208 ____A (Microsoft Corporation) C:\Windows\System32\wlanui.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00409600 ____A (Microsoft Corporation) C:\Windows\System32\photowiz.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00372736 ____A (Microsoft Corporation) C:\Windows\System32\mtxclu.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00344576 ____A (Microsoft Corporation) C:\Windows\System32\ntprint.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00313856 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00312832 ____A (Microsoft Corporation) C:\Windows\System32\Wldap32.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00300032 ____A (Microsoft Corporation) C:\Windows\System32\pdh.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\qasf.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\winsta.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\QSHVHOST.DLL
2012-07-13 22:21 - 2010-11-20 05:27 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\mprapi.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\netiohlp.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00211456 ____A (Microsoft Corporation) C:\Windows\System32\rasppp.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\vdsbas.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00187904 ____A (Microsoft Corporation) C:\Windows\System32\provsvc.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00182784 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00153088 ____A (Microsoft Corporation) C:\Windows\System32\remotepg.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00124416 ____A (Microsoft Corporation) C:\Windows\System32\QSVRMGMT.DLL
2012-07-13 22:21 - 2010-11-20 05:27 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\SessEnv.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\TabSvc.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\unimdmat.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\rdpd3d.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\samcli.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\RpcRtRemote.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\WavDest.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\PrintIsolationProxy.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\wshbth.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\shimgvw.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\shgina.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2012-07-13 22:21 - 2010-11-20 05:27 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2012-07-13 22:21 - 2010-11-20 05:27 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 02746880 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00658944 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00399872 ____A (Microsoft Corporation) C:\Windows\System32\dpx.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\eapp3hst.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00303616 ____A (Microsoft Corporation) C:\Windows\System32\eapphost.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00295936 ____A (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00233984 ____A (Microsoft Corporation) C:\Windows\System32\defaultlocationcpl.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00232448 ____A (Microsoft Corporation) C:\Windows\System32\ListSvc.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\iasrecst.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\credui.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00162816 ____A (Microsoft Corporation) C:\Windows\System32\dps.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\eappgnui.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\hbaapi.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\fdProxy.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\lsmproxy.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\httpapi.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\mciqtz32.dll
2012-07-13 22:21 - 2010-11-20 05:26 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\iscsium.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00897536 ____A (Microsoft Corporation) C:\Windows\System32\azroles.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00749568 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00679424 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00405504 ____A (Microsoft Corporation) C:\Windows\System32\wisptis.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\nltest.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00359424 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00296448 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00199168 ____A (Microsoft Corporation) C:\Windows\System32\PkgMgr.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\amstream.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\setupcl.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2012-07-13 22:21 - 2010-11-20 05:25 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\AzSqlExt.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\bitsperf.dll
2012-07-13 22:21 - 2010-11-20 05:25 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\BWUnpairElevated.dll
2012-07-13 22:21 - 2010-11-20 05:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\System32\autoconv.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00721408 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2012-07-13 22:21 - 2010-11-20 05:24 - 00497664 ____A (Microsoft Corporation) C:\Windows\System32\main.cpl
2012-07-13 22:21 - 2010-11-20 05:24 - 00373248 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2012-07-13 22:21 - 2010-11-20 05:24 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\cmd.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00333824 ____A (Microsoft Corporation) C:\Windows\System32\ssText3d.scr
2012-07-13 22:21 - 2010-11-20 05:24 - 00300032 ____A (Microsoft Corporation) C:\Windows\System32\msconfig.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\iscsicli.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00146944 ____A (Microsoft Corporation) C:\Windows\System32\MdSched.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\aitagent.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\isoburn.exe
2012-07-13 22:21 - 2010-11-20 05:24 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\djoin.exe
2012-07-13 22:21 - 2010-11-20 05:16 - 12625920 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2012-07-13 22:21 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDCZ1.DLL
2012-07-13 22:21 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-07-13 22:21 - 2010-11-20 05:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDGR1.DLL
2012-07-13 22:21 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDTURME.DLL
2012-07-13 22:21 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDMAORI.DLL
2012-07-13 22:21 - 2010-11-20 04:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-ums-l1-1-0.dll
2012-07-13 22:21 - 2010-11-20 04:36 - 00107008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2012-07-13 22:21 - 2010-11-20 04:21 - 01712640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 01326592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00616960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00597504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00458752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00428544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00411648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00380416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00276992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00246272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00198144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00186368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00071168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00019968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00019456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00014848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2012-07-13 22:21 - 2010-11-20 04:21 - 00004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2012-07-13 22:21 - 2010-11-20 04:20 - 00932352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00859648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00547840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00297472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00175616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00136192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00116736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00022528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2012-07-13 22:21 - 2010-11-20 04:20 - 00017408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 03215872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00592384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00481792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00320512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00320512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00265216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00042496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2012-07-13 22:21 - 2010-11-20 04:19 - 00030720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 02522624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 01555456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 01171456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00854016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00762880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00743424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00685056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00484864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00402944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00252928 ____A (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00243712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00230912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00146944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00115200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00091136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2012-07-13 22:21 - 2010-11-20 04:18 - 00028160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2012-07-13 22:21 - 2010-11-20 04:17 - 00586752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00278016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00276480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00084992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2012-07-13 22:21 - 2010-11-20 04:17 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2012-07-13 22:21 - 2010-11-20 04:16 - 00658944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2012-07-13 22:21 - 2010-11-20 04:16 - 00281088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2012-07-13 22:21 - 2010-11-20 04:16 - 00186368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2012-07-13 22:21 - 2010-11-20 04:16 - 00172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2012-07-13 22:21 - 2010-11-20 04:16 - 00084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2012-07-13 22:21 - 2010-11-20 04:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2012-07-13 22:21 - 2010-11-20 04:16 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2012-07-13 22:21 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2012-07-13 22:21 - 2010-11-20 04:08 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2012-07-13 22:21 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-07-13 22:21 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2012-07-13 22:21 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2012-07-13 22:21 - 2010-11-20 03:37 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2012-07-13 22:21 - 2010-11-20 02:52 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2012-07-13 22:21 - 2010-11-20 02:52 - 00111104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2012-07-13 22:21 - 2010-11-20 02:49 - 00146432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2012-07-13 22:21 - 2010-11-20 02:43 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-07-13 22:21 - 2010-11-20 02:42 - 00112128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-07-13 22:21 - 2010-11-04 18:11 - 00433512 ____A (Microsoft Corporation) C:\Windows\System32\MCEWMDRMNDBootstrap.dll
2012-07-13 22:21 - 2010-11-04 17:58 - 00049488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2012-07-13 22:21 - 2010-11-04 17:57 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-07-13 22:21 - 2010-11-04 17:53 - 00320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-07-13 22:21 - 2010-11-04 17:53 - 00109928 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-07-13 22:21 - 2010-11-04 17:53 - 00099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2012-07-13 22:20 - 2010-11-20 05:44 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\Narrator.exe
2012-07-13 22:20 - 2010-11-20 05:39 - 05066752 ____A (Microsoft Corporation) C:\Windows\System32\AuthFWSnapin.dll
2012-07-13 22:20 - 2010-11-20 05:33 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-07-13 22:20 - 2010-11-20 05:33 - 00376192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-07-13 22:20 - 2010-11-20 05:33 - 00366976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2012-07-13 22:20 - 2010-11-20 05:33 - 00299392 ____A (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2012-07-13 22:20 - 2010-11-20 05:33 - 00289664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2012-07-13 22:20 - 2010-11-20 05:33 - 00103808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2012-07-13 22:20 - 2010-11-20 05:29 - 00780008 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 03715584 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\networkmap.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\WMPEncEn.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 01672704 ____A (Microsoft Corporation) C:\Windows\System32\networkexplorer.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\sdengin2.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 01080320 ____A (Microsoft Corporation) C:\Windows\System32\onexui.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00933888 ____A (Microsoft Corporation) C:\Windows\System32\sqlsrv32.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00812032 ____A (Microsoft Corporation) C:\Windows\System32\wpccpl.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00750080 ____A (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00625664 ____A (Microsoft Corporation) C:\Windows\System32\usercpl.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00624128 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00582656 ____A (Microsoft Corporation) C:\Windows\System32\sxs.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00580096 ____A (Microsoft Corporation) C:\Windows\System32\wiaservc.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00512000 ____A (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00485888 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00481280 ____A (Microsoft Corporation) C:\Windows\System32\wmpps.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\nshipsec.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\spwizeng.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\termmgr.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\systemcpl.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00366080 ____A (Microsoft Corporation) C:\Windows\System32\zipfldr.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00324096 ____A (Microsoft Corporation) C:\Windows\System32\netdiagfx.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\tapisrv.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00235520 ____A (Microsoft Corporation) C:\Windows\System32\onex.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00181248 ____A (Microsoft Corporation) C:\Windows\System32\qcap.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00170496 ____A (Microsoft Corporation) C:\Windows\System32\sdrsvc.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\prntvpt.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00154624 ____A (Microsoft Corporation) C:\Windows\System32\uxlib.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\sppc.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\wmpshell.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00130048 ____A (Microsoft Corporation) C:\Windows\System32\shsetup.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00124928 ____A (Microsoft Corporation) C:\Windows\System32\wiavideo.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\userenv.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00090112 ____A (Microsoft Corporation) C:\Windows\System32\nci.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\spbcd.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\seclogon.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\sisbkup.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\wshirda.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\sscore.dll
2012-07-13 22:20 - 2010-11-20 05:27 - 00010240 ____A (Microsoft Corporation) C:\Windows\System32\rdpcfgex.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 01632256 ____A (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 01202176 ____A (Microsoft Corporation) C:\Windows\System32\DiagCpl.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 01009152 ____A (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00701440 ____A (Microsoft Corporation) C:\Windows\System32\dsuiext.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00584192 ____A (Microsoft Corporation) C:\Windows\System32\ipsmsnap.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00551936 ____A (Microsoft Corporation) C:\Windows\System32\localsec.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00434688 ____A (Microsoft Corporation) C:\Windows\System32\FXSTIFF.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00239616 ____A (Microsoft Corporation) C:\Windows\System32\dskquoui.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\ifsutil.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\EhStorAPI.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00118272 ____A (Microsoft Corporation) C:\Windows\System32\dnscmmc.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\mapistub.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\mapi32.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\fdeploy.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00046080 ____A (Microsoft Corporation) C:\Windows\System32\cscapi.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\cscdll.dll
2012-07-13 22:20 - 2010-11-20 05:26 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\credssp.dll
2012-07-13 22:20 - 2010-11-20 05:25 - 01264640 ____A (Microsoft Corporation) C:\Windows\System32\sdclt.exe
2012-07-13 22:20 - 2010-11-20 05:25 - 00472064 ____A (Microsoft Corporation) C:\Windows\System32\azroleui.dll
2012-07-13 22:20 - 2010-11-20 05:25 - 00378880 ____A (Microsoft Corporation) C:\Windows\System32\msinfo32.exe
2012-07-13 22:20 - 2010-11-20 05:25 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2012-07-13 22:20 - 2010-11-20 05:25 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\sethc.exe
2012-07-13 22:20 - 2010-11-20 05:25 - 00238080 ____A (Microsoft Corporation) C:\Windows\System32\recdisc.exe
2012-07-13 22:20 - 2010-11-20 05:25 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-07-13 22:20 - 2010-11-20 05:25 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-13 22:20 - 2010-11-20 05:25 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\repair-bde.exe
2012-07-13 22:20 - 2010-11-20 05:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\C_ISCII.DLL
2012-07-13 22:20 - 2010-11-20 05:24 - 00726528 ____A (Microsoft Corporation) C:\Windows\System32\appwiz.cpl
2012-07-13 22:20 - 2010-11-20 05:24 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\dfrgui.exe
2012-07-13 22:20 - 2010-11-20 05:24 - 00477696 ____A (Microsoft Corporation) C:\Windows\System32\PhotoScreensaver.scr
2012-07-13 22:20 - 2010-11-20 05:24 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\lsm.exe
2012-07-13 22:20 - 2010-11-20 05:24 - 00232448 ____A (Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
2012-07-13 22:20 - 2010-11-20 05:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl
2012-07-13 22:20 - 2010-11-20 05:24 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\findstr.exe
2012-07-13 22:20 - 2010-11-20 05:24 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\fixmapi.exe
2012-07-13 22:20 - 2010-11-20 05:14 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\spwizres.dll
2012-07-13 22:20 - 2010-11-20 05:02 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\KBDTUQ.DLL
2012-07-13 22:20 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDLT1.DLL
2012-07-13 22:20 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-07-13 22:20 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-07-13 22:20 - 2010-11-20 05:02 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2012-07-13 22:20 - 2010-11-20 04:58 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 11410432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 02202624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 01363456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 01128448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 01010688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 01003008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00638976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00560128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00352768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00352256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00351232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00335872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00307712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00160256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00105472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00087552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00085504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00082944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00056832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00047104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00020992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2012-07-13 22:20 - 2010-11-20 04:21 - 00004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 01644032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 00801280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 00563712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 00324608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 00295424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 00225792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2012-07-13 22:20 - 2010-11-20 04:20 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 02291712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00830464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2012-07-13 22:20 - 2010-11-20 04:19 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00176128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00167936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00148992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00093696 ____A (Windows (R) Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00052736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00050176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2012-07-13 22:20 - 2010-11-20 04:19 - 00022528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 01371136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00220672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00128512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00019456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2012-07-13 22:20 - 2010-11-20 04:18 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2012-07-13 22:20 - 2010-11-20 04:17 - 00280064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2012-07-13 22:20 - 2010-11-20 04:17 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2012-07-13 22:20 - 2010-11-20 04:17 - 00227328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2012-07-13 22:20 - 2010-11-20 04:17 - 00142336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2012-07-13 22:20 - 2010-11-20 04:16 - 00692736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2012-07-13 22:20 - 2010-11-20 04:16 - 00679424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2012-07-13 22:20 - 2010-11-20 04:16 - 00649216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2012-07-13 22:20 - 2010-11-20 04:16 - 00516096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2012-07-13 22:20 - 2010-11-20 04:16 - 00413696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2012-07-13 22:20 - 2010-11-20 04:16 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2012-07-13 22:20 - 2010-11-20 04:16 - 00153600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2012-07-13 22:20 - 2010-11-20 04:16 - 00128000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2012-07-13 22:20 - 2010-11-20 04:16 - 00068608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2012-07-13 22:20 - 2010-11-20 04:08 - 12625408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2012-07-13 22:20 - 2010-11-20 04:08 - 00311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2012-07-13 22:20 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-07-13 22:20 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-07-13 22:20 - 2010-11-20 04:08 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-07-13 22:20 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2012-07-13 22:20 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2012-07-13 22:20 - 2010-11-20 04:08 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2012-07-13 22:20 - 2010-11-20 04:00 - 00430080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2012-07-13 22:20 - 2010-11-20 03:04 - 00248832 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-07-13 22:20 - 2010-11-20 03:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2012-07-13 22:20 - 2010-11-20 02:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2012-07-13 22:20 - 2010-11-20 02:50 - 00056832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2012-07-13 22:20 - 2010-11-20 02:34 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2012-07-13 22:20 - 2010-11-20 02:33 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2012-07-13 22:20 - 2010-11-20 01:30 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2012-07-13 22:20 - 2010-11-20 01:22 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2012-07-13 22:20 - 2010-11-09 17:48 - 00010429 ____A C:\Windows\System32\ScavengeSpace.xml
2012-07-13 22:20 - 2010-11-04 18:20 - 00105559 ____A C:\Windows\SysWOW64\RacRules.xml
2012-07-13 22:20 - 2010-11-04 18:20 - 00105559 ____A C:\Windows\System32\RacRules.xml
2012-07-13 22:20 - 2010-11-04 18:11 - 00312168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2012-07-13 22:19 - 2012-07-13 22:19 - 00000000 ____D C:\Windows\System32\SPReview
2012-07-13 22:18 - 2012-07-13 22:18 - 00000000 ____D C:\Windows\System32\EventProviders
2012-07-13 22:08 - 2012-07-13 22:08 - 00509440 ____A (Tech Support Guy System) C:\Users\Rachel H\Downloads\SysInfo (1).exe
2012-07-13 21:50 - 2012-07-13 21:50 - 00024496 ____A C:\Users\Rachel H\Desktop\DDS.txt
2012-07-13 21:50 - 2012-07-13 21:50 - 00010696 ____A C:\Users\Rachel H\Desktop\Attach.txt
2012-07-13 21:46 - 2012-07-13 21:46 - 00607260 ____R (Swearware) C:\Users\Rachel H\Desktop\dds.com
2012-07-13 21:41 - 2012-07-13 21:41 - 00388608 ____A (Trend Micro Inc.) C:\Users\Rachel H\Desktop\HijackThis.exe
2012-07-13 16:42 - 2012-07-13 16:42 - 00509440 ____A (Tech Support Guy System) C:\Users\Rachel H\Downloads\SysInfo.exe
2012-07-13 16:34 - 2012-07-13 16:34 - 00000000 ___SD C:\username123.exe
2012-07-13 16:34 - 2012-07-13 16:34 - 00000000 ____D C:\Windows\erdnt
2012-07-13 16:31 - 2012-07-13 16:32 - 00000000 ____D C:\Qoobox
2012-07-13 15:54 - 2012-07-13 15:54 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-13 15:54 - 2012-07-13 15:53 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-13 15:54 - 2012-07-13 15:53 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-13 15:54 - 2012-07-05 22:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-13 15:54 - 2012-07-05 22:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-13 15:51 - 2012-07-13 15:51 - 00893936 ____A (Oracle Corporation) C:\Users\Rachel H\Downloads\chromeinstall-7u5.exe
2012-07-13 15:51 - 2012-07-13 15:51 - 00893936 ____A (Oracle Corporation) C:\Users\Rachel H\Downloads\chromeinstall-7u5 (1).exe
2012-07-12 22:16 - 2012-07-12 22:16 - 00001048 ____A C:\Users\Rachel H\Desktop\Dropbox.lnk
2012-07-12 22:12 - 2012-07-12 22:12 - 17755632 ____A (Dropbox, Inc.) C:\Users\Rachel H\Downloads\Dropbox 1.4.11 (2).exe
2012-07-12 22:06 - 2012-07-12 22:06 - 17755632 ____A (Dropbox, Inc.) C:\Users\Rachel H\Downloads\Dropbox 1.4.11 (1).exe
2012-07-12 21:58 - 2012-07-12 21:58 - 17755632 ____A (Dropbox, Inc.) C:\Users\Rachel H\Downloads\Dropbox 1.4.11.exe
2012-07-12 21:51 - 2012-07-12 22:19 - 00000000 ____D C:\Program Files\Blue Coat K9 Web Protection
2012-07-12 21:50 - 2012-07-12 21:50 - 01366624 ____A (Blue Coat Systems, Inc.) C:\Users\Rachel H\Downloads\k9-webprotection.exe
2012-07-12 21:38 - 2012-07-14 11:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000UA.job
2012-07-12 21:38 - 2012-07-13 21:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000Core.job
2012-07-12 21:38 - 2012-07-12 21:38 - 00000000 ____D C:\Users\Rachel H\Local Settings\Google
2012-07-12 21:38 - 2012-07-12 21:38 - 00000000 ____D C:\Users\Rachel H\Local Settings\Application Data\Google
2012-07-12 21:38 - 2012-07-12 21:38 - 00000000 ____D C:\Users\Rachel H\AppData\Local\Google
2012-07-12 21:37 - 2012-07-12 21:38 - 00000000 ____D C:\Users\Rachel H\Local Settings\Deployment
2012-07-12 21:37 - 2012-07-12 21:38 - 00000000 ____D C:\Users\Rachel H\Local Settings\Application Data\Deployment
2012-07-12 21:37 - 2012-07-12 21:38 - 00000000 ____D C:\Users\Rachel H\AppData\Local\Deployment
2012-07-12 21:37 - 2012-07-12 21:37 - 00000000 ____D C:\Users\Rachel H\AppData\Local\Apps\2.0
2012-07-12 21:36 - 2012-07-12 21:35 - 00006637 ____A C:\Users\Rachel H\Downloads\ChromeSetup.exe
2012-07-12 14:40 - 2012-07-12 14:40 - 00000000 ____D C:\Users\Rachel H\Application Data\AVG2012
2012-07-12 14:40 - 2012-07-12 14:40 - 00000000 ____D C:\Users\Rachel H\AppData\Roaming\AVG2012
2012-07-12 14:39 - 2012-07-12 14:39 - 00000000 ____D C:\Users\Rachel H\Local Settings\AVG Secure Search
2012-07-12 14:39 - 2012-07-12 14:39 - 00000000 ____D C:\Users\Rachel H\Local Settings\Application Data\AVG Secure Search
2012-07-12 14:39 - 2012-07-12 14:39 - 00000000 ____D C:\Users\Rachel H\AppData\Local\AVG Secure Search
2012-07-12 14:39 - 2012-07-12 14:39 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-12 14:39 - 2012-07-12 14:39 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
2012-07-12 14:38 - 2012-07-12 14:39 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-07-12 14:38 - 2012-07-12 14:38 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-12 14:35 - 2012-07-14 11:01 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-12 14:35 - 2012-07-12 14:44 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-12 14:35 - 2012-07-12 14:44 - 00000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-07-12 14:35 - 2012-07-12 14:35 - 00000000 ___HD C:\$AVG
2012-07-12 14:20 - 2012-07-14 11:54 - 00000672 ____A C:\Windows\setupact.log
2012-07-12 14:20 - 2012-07-12 21:28 - 00002922 ____A C:\Windows\PFRO.log
2012-07-12 14:20 - 2012-07-12 14:20 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 10:59 - 2012-07-10 10:59 - 70320128 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 14999552 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 00356352 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 00057344 ____A C:\Windows\System32\config\SAM.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 00024576 ____A C:\Windows\System32\config\SECURITY.iobit
2012-07-09 18:30 - 2012-07-09 18:30 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-30 17:31 - 2012-06-30 17:31 - 00025600 ____A C:\Users\Rachel H\My Documents\sabbath.wps
2012-06-30 17:31 - 2012-06-30 17:31 - 00025600 ____A C:\Users\Rachel H\Documents\sabbath.wps
2012-06-20 23:46 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 23:46 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 23:46 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 23:46 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 23:45 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 23:45 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 23:45 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 23:45 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 23:45 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 03:02 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 03:02 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 03:02 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 03:02 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 03:02 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 03:02 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 03:02 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 03:02 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 03:02 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 03:02 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 03:02 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 03:02 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 03:02 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 03:02 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 03:02 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 03:02 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 03:02 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 03:02 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 03:02 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 03:02 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 03:02 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 03:02 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 03:02 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 03:02 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 03:02 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 03:02 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 03:02 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 03:02 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

============ 3 Months Modified Files ========================

2012-07-14 12:06 - 2009-07-14 00:10 - 01654809 ____A C:\Windows\WindowsUpdate.log
2012-07-14 12:03 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-14 12:03 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-14 12:02 - 2009-07-14 00:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 11:54 - 2012-07-12 14:20 - 00000672 ____A C:\Windows\setupact.log
2012-07-14 11:54 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-14 11:53 - 2009-07-13 23:45 - 05178400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 11:45 - 2009-07-13 21:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-07-14 11:45 - 2009-07-13 21:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-07-14 11:43 - 2012-07-12 21:38 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000UA.job
2012-07-13 22:08 - 2012-07-13 22:08 - 00509440 ____A (Tech Support Guy System) C:\Users\Rachel H\Downloads\SysInfo (1).exe
2012-07-13 21:50 - 2012-07-13 21:50 - 00024496 ____A C:\Users\Rachel H\Desktop\DDS.txt
2012-07-13 21:50 - 2012-07-13 21:50 - 00010696 ____A C:\Users\Rachel H\Desktop\Attach.txt
2012-07-13 21:46 - 2012-07-13 21:46 - 00607260 ____R (Swearware) C:\Users\Rachel H\Desktop\dds.com
2012-07-13 21:43 - 2012-07-12 21:38 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000Core.job
2012-07-13 21:41 - 2012-07-13 21:41 - 00388608 ____A (Trend Micro Inc.) C:\Users\Rachel H\Desktop\HijackThis.exe
2012-07-13 16:42 - 2012-07-13 16:42 - 00509440 ____A (Tech Support Guy System) C:\Users\Rachel H\Downloads\SysInfo.exe
2012-07-13 15:53 - 2012-07-13 15:54 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-13 15:53 - 2012-07-13 15:54 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-13 15:51 - 2012-07-13 15:51 - 00893936 ____A (Oracle Corporation) C:\Users\Rachel H\Downloads\chromeinstall-7u5.exe
2012-07-13 15:51 - 2012-07-13 15:51 - 00893936 ____A (Oracle Corporation) C:\Users\Rachel H\Downloads\chromeinstall-7u5 (1).exe
2012-07-12 22:16 - 2012-07-12 22:16 - 00001048 ____A C:\Users\Rachel H\Desktop\Dropbox.lnk
2012-07-12 22:12 - 2012-07-12 22:12 - 17755632 ____A (Dropbox, Inc.) C:\Users\Rachel H\Downloads\Dropbox 1.4.11 (2).exe
2012-07-12 22:06 - 2012-07-12 22:06 - 17755632 ____A (Dropbox, Inc.) C:\Users\Rachel H\Downloads\Dropbox 1.4.11 (1).exe
2012-07-12 21:58 - 2012-07-12 21:58 - 17755632 ____A (Dropbox, Inc.) C:\Users\Rachel H\Downloads\Dropbox 1.4.11.exe
2012-07-12 21:50 - 2012-07-12 21:50 - 01366624 ____A (Blue Coat Systems, Inc.) C:\Users\Rachel H\Downloads\k9-webprotection.exe
2012-07-12 21:35 - 2012-07-12 21:36 - 00006637 ____A C:\Users\Rachel H\Downloads\ChromeSetup.exe
2012-07-12 21:28 - 2012-07-12 14:20 - 00002922 ____A C:\Windows\PFRO.log
2012-07-12 14:20 - 2012-07-12 14:20 - 00000000 ____A C:\Windows\setuperr.log
2012-07-11 16:13 - 2009-12-26 23:35 - 00013210 ____A C:\Users\Rachel H\Application Data\wklnhst.dat
2012-07-11 16:13 - 2009-12-26 23:35 - 00013210 ____A C:\Users\Rachel H\AppData\Roaming\wklnhst.dat
2012-07-10 10:59 - 2012-07-10 10:59 - 70320128 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 14999552 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 00356352 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 00057344 ____A C:\Windows\System32\config\SAM.iobit
2012-07-10 10:59 - 2012-07-10 10:59 - 00024576 ____A C:\Windows\System32\config\SECURITY.iobit
2012-07-05 22:06 - 2012-07-13 15:54 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 22:06 - 2012-07-13 15:54 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 22:06 - 2011-08-01 09:15 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-03 13:46 - 2010-08-02 23:59 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 17:31 - 2012-06-30 17:31 - 00025600 ____A C:\Users\Rachel H\My Documents\sabbath.wps
2012-06-30 17:31 - 2012-06-30 17:31 - 00025600 ____A C:\Users\Rachel H\Documents\sabbath.wps
2012-06-27 16:18 - 2011-09-24 18:24 - 00044032 __ASH C:\Users\Rachel H\My Documents\Thumbs.db
2012-06-27 16:18 - 2011-09-24 18:24 - 00044032 __ASH C:\Users\Rachel H\Documents\Thumbs.db
2012-06-27 16:17 - 2012-01-06 17:43 - 00016421 ____A C:\Users\Rachel H\My Documents\Print Orders Spreadsheet.ods
2012-06-27 16:17 - 2012-01-06 17:43 - 00016421 ____A C:\Users\Rachel H\Documents\Print Orders Spreadsheet.ods
2012-06-14 11:27 - 2012-04-23 12:29 - 00000300 ____A C:\Users\Rachel H\.JavaPowUpload.properties
2012-06-14 03:10 - 2009-12-25 02:08 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 09:40 - 2012-06-11 09:29 - 00166932 ____A C:\Windows\hpoins36.dat
2012-06-11 09:40 - 2012-06-11 09:29 - 00001269 ____A C:\Users\All Users\hpzinstall.log
2012-06-11 09:40 - 2012-06-11 09:29 - 00001269 ____A C:\Users\All Users\Application Data\hpzinstall.log
2012-06-11 09:38 - 2009-12-16 01:38 - 00085232 ____A C:\Users\Rachel H\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-11 09:38 - 2009-12-16 01:38 - 00085232 ____A C:\Users\Rachel H\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-11 09:38 - 2009-12-16 01:38 - 00085232 ____A C:\Users\Rachel H\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-11 09:38 - 2009-07-13 21:34 - 00000438 ____A C:\Windows\win.ini
2012-06-11 09:34 - 2012-06-11 09:34 - 00001317 ____A C:\Users\Public\Desktop\HP Solution Center.lnk
2012-06-11 09:34 - 2012-06-11 09:34 - 00001317 ____A C:\Users\All Users\Desktop\HP Solution Center.lnk
2012-06-02 17:19 - 2012-06-20 23:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-20 23:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-20 23:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-20 23:45 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-20 23:45 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-20 23:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-20 23:45 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-20 23:45 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-20 23:45 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 16:10 - 2012-05-29 16:10 - 00303852 ____A C:\Users\Rachel H\Downloads\Accordion 10 Panel Pano.zip
2012-05-17 21:47 - 2012-06-14 03:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-14 03:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-14 03:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-14 03:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-14 03:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-14 03:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-14 03:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-14 03:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-14 03:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-14 03:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-14 03:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-14 03:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-14 03:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-14 03:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-14 03:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-14 03:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-14 03:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-14 03:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-14 03:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-14 03:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-14 03:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-14 03:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-14 03:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-14 03:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-14 03:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-14 03:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-14 03:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-14 03:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 20:32 - 2012-06-13 03:08 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 23:49 - 2012-05-10 23:49 - 00002025 ____A C:\Users\Rachel H\Desktop\Miller's ROES.lnk
2012-05-04 16:01 - 2012-05-04 16:00 - 18026177 ____A C:\Users\Rachel H\Downloads\SWS-Sampler.zip
2012-05-04 06:06 - 2012-06-13 03:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-13 03:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-13 03:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 00:40 - 2012-06-13 03:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 09:49 - 2012-04-23 12:30 - 00000359 ____A C:\Users\Rachel H\.JavaPowUpload.ser
2012-04-27 22:55 - 2012-06-13 03:08 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-13 03:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-13 03:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-13 03:08 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 12:04 - 2012-04-24 11:58 - 415898156 ____A C:\Users\Rachel H\Desktop\The Thriving Photographer 2.zip
2012-04-24 00:37 - 2012-06-13 03:07 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-13 03:07 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-13 03:07 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-13 03:07 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-13 03:07 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-13 03:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-16 21:35 - 2012-04-16 21:35 - 00001300 ____A C:\Users\Rachel H\Desktop\Portrait Professional Studio 10.lnk
2012-04-16 21:34 - 2012-04-16 21:32 - 44581840 ____A (Anthropics Technology Ltd. ) C:\Users\Rachel H\Desktop\PortraitProfessionalStudioSetup.exe

ZeroAccess:
C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}
C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L
C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U

ZeroAccess:
C:\Users\Rachel H\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}
C:\Users\Rachel H\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@
C:\Users\Rachel H\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L
C:\Users\Rachel H\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 4056.36 MB
Available physical RAM: 3073.79 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3329.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:30.26 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1928 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

=========================================================================== =======

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================================== =======

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

=========================================================================== =======

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

=========================================================================== =======

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1928 MB 0 B

=========================================================================== =======

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================================== =======

==========================================================

Last Boot: 2012-07-08 10:41

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-14 13:15:07
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\$Recycle.Bin\S-1-5-21-2315779669-1304240532-62785759-1000\$RHR3XDG\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\$Recycle.Bin\S-1-5-21-2315779669-1304240532-62785759-1000\$RHR3XDG\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

mrp · 14-Jul-2012, 03:58 PM #8

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}
C:\Users\Rachel H\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

NEXT:

ComboFix

Refer to the ComboFix User's Guide
- Download ComboFix from HERE.
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
- Double click on ComboFix.exe & follow the prompts.
- Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
- When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouse click ComboFix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
- Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

RDM926 · 14-Jul-2012, 05:46 PM #9

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-14 17:53:08 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e} moved successfully.
C:\Users\Rachel H\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e} moved successfully.

==== End of Fixlog ====

ComboFix 12-07-14.01 - Rachel H 07/14/2012 18:03:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2646 [GMT -5:00]
Running from: c:\users\Rachel H\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Rachel H\AppData\Roaming\Install.dat
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\00000001.@
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\80000000.@
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\800000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 23:17 . 2012-07-14 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 18:09 . 2012-07-14 18:09 -------- d-----w- C:\FRST
2012-07-14 16:15 . 2010-11-20 10:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-07-14 16:14 . 2010-11-20 09:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-07-14 16:14 . 2010-11-20 10:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-07-14 16:14 . 2010-11-20 10:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-07-14 03:23 . 2010-11-20 10:27 448000 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2012-07-14 03:22 . 2010-11-20 10:26 1457664 ----a-w- c:\windows\system32\DxpTaskSync.dll
2012-07-14 03:21 . 2010-11-20 10:26 50176 ----a-w- c:\windows\system32\lsmproxy.dll
2012-07-14 03:20 . 2010-11-20 10:27 15360 ----a-w- c:\windows\system32\slwga.dll
2012-07-14 03:19 . 2012-07-14 03:19 -------- d-----w- c:\windows\system32\SPReview
2012-07-14 03:18 . 2012-07-14 03:18 -------- d-----w- c:\windows\system32\EventProviders
2012-07-13 20:55 . 2012-07-13 20:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-13 20:54 . 2012-07-13 20:54 -------- d-----w- c:\program files (x86)\Oracle
2012-07-13 20:54 . 2012-07-06 03:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-13 02:51 . 2012-07-13 03:19 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2012-07-13 02:38 . 2012-07-13 02:38 -------- d-----w- c:\users\Rachel H\AppData\Local\Google
2012-07-13 02:37 . 2012-07-13 02:37 -------- d-----w- c:\users\Rachel H\AppData\Local\Apps
2012-07-13 02:37 . 2012-07-13 02:38 -------- d-----w- c:\users\Rachel H\AppData\Local\Deployment
2012-07-12 19:40 . 2012-07-12 19:40 -------- d-----w- c:\users\Rachel H\AppData\Roaming\AVG2012
2012-07-12 19:39 . 2012-07-12 19:39 -------- d-----w- c:\users\Rachel H\AppData\Local\AVG Secure Search
2012-07-12 19:39 . 2012-07-12 19:39 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-12 19:38 . 2012-07-12 19:39 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-12 19:38 . 2012-07-12 19:39 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-12 19:38 . 2012-07-12 19:38 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-12 19:35 . 2012-07-14 16:01 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-12 19:35 . 2012-07-12 19:44 -------- d-----w- c:\programdata\AVG2012
2012-07-12 19:35 . 2012-07-12 19:35 -------- d-----w- C:\$AVG
2012-07-09 23:30 . 2012-07-09 23:30 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-06 08:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88580977-1150-4D09-B0D7-C3026A586DF1}\mpengine.dll
2012-06-21 04:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:45 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:45 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-14 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-06 03:06 . 2011-08-01 14:15 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 18:46 . 2010-08-03 04:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 02:06 . 2012-06-14 08:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-14 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-14 08:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:55 . 2012-06-14 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:51 . 2012-06-14 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-17 22:45 . 2012-06-14 08:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-14 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-14 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-13 08:08 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-13 08:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 08:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 08:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 08:08 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 08:08 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 08:08 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 08:08 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 08:08 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 08:07 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 08:07 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 08:07 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:07 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 08:07 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:07 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
2011-11-15 20:29 1050976 ----a-w- c:\program files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-12 19:38 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"= "c:\program files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll" [2011-11-15 1050976]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-12 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{0bda0769-fd72-49f4-9266-e1fb004f4d8f}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjA1NDc4M jI0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0y KzEtRkwxMCsxLVhPMTArMTEtTElDKzI&prod=90&ver=10.0.1325" [?]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
.
c:\users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
Dropbox.lnk - c:\users\Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-02-13 108304]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-11-15 746392]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2012-02-13 2122000]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-12 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000Core.job
- c:\users\Rachel H\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 02:38]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000UA.job
- c:\users\Rachel H\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Rachel H\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/accounts/Serv...t&ltmplcache=2
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-14 18:31:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 23:31
.
Pre-Run: 33,115,549,696 bytes free
Post-Run: 35,572,338,688 bytes free
.
- - End Of File - - 493EC5CF7CBC66D796A89B1820BA61B9

mrp · 15-Jul-2012, 08:03 AM **#10**

Malwarebytes' Anti-Malware

I see you already have MBAM on your computer. Please do the following:
- Once the program has loaded, click the Update tab and Check for Updates.
- Click the Scanner tab, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. This log is saved by MBAM and can be viewed by clicking the Logs tab.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Please paste the results in your next reply.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
ESET Online Scanner

Please disable any real-time security programs such as your anti-virus before proceeding with this scan.
- Open Internet Explorer.
- Download ESET Online Scanner.
- Put a checkmark in the checkbox next to YES, I accept the Terms of Use.
- Click Start.
- When prompted by your web browser, click Install.
- Uncheck Remove found threats.
- Check Scan archives.
- Click Start and let the scanner finish downloading virus signatures. The scan will begin afterward.
- When the scan completes, click List of found threats.
- Click Export to text file... and save the file to your desktop. Post it in your next reply.
- Click Back.
- Click Finish.

RDM926 · 15-Jul-2012, 03:51 PM **#11**

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rachel H :: RACHELH-PC [administrator]

Protection: Disabled

7/15/2012 9:11:45 AM
mbam-log-2012-07-15 (09-11-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213356
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET log

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\80000000.@.vir Win64/Sirefef.AL trojan
C:\Users\Rachel H\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\29f27d16-2aacbe8f a variant of Java/Exploit.CVE-2012-1723.C trojan
C:\Windows\Installer\1c3e5ab.msi a variant of Win32/Toolbar.Widgi application

mrp · 15-Jul-2012, 05:39 PM **#12**

Java is out of date

Java™ can be updated from the Java control panel. Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin. You may be prompted to close the Java control panel before updating; do so.

Clear Java cache

Go into the Control Panel and double-click the Java icon (looks like a coffee cup). If you do not see the icon, switch to Classic View.
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
  - Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- You may now close the Java control panel.
OTL

Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /rp /s
  DRIVES
  CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  - When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  - Post both logs

RDM926 · 15-Jul-2012, 07:54 PM **#13**

OTL logfile created on: 7/15/2012 6:17:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rachel H\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.64% Memory free
7.92 Gb Paging File | 6.03 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 33.77 Gb Free Space | 11.92% Space Free | Partition Type: NTFS

Computer Name: RACHELH-PC | User Name: Rachel H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 18:15:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel H\Desktop\OTL.exe
PRC - [2012/07/12 14:39:00 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/02 20:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2011/11/15 15:22:52 | 000,746,392 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011/03/15 17:42:18 | 000,499,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2010/10/08 11:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/03/31 11:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/14 16:46:26 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b 791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
MOD - [2012/07/14 12:00:12 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd51 68c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/07/14 11:59:51 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be82 09f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll
MOD - [2012/07/14 11:59:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7 b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/07/14 11:59:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe 6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/07/14 11:59:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2 d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/07/14 11:59:06 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d 7fba8f95419\System.ni.dll
MOD - [2012/07/14 11:58:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5c faa0c8848e64a\mscorlib.ni.dll
MOD - [2010/03/31 11:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/02/11 12:53:00 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/02/11 12:53:00 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/02/11 12:53:00 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/02/11 12:53:00 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/02/11 12:53:00 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/02/11 12:53:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/02/11 12:52:00 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/07/07 11:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 11:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 11:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 11:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 11:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/07 11:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/13 14:08:26 | 002,122,000 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2010/11/11 16:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 16:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 15:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a fc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/12 14:39:00 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/04 17:30:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/11/15 15:22:52 | 000,746,392 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/08 11:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/13 05:08:37 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/13 14:07:34 | 000,108,304 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3A9EF2B6-0AD2-4F34-ADA7-7C436FF25603}
IE:64bit: - HKLM\..\SearchScopes\{3A9EF2B6-0AD2-4F34-ADA7-7C436FF25603}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6EC3145C-B972-49BA-8129-E9D698771DD8}
IE - HKLM\..\SearchScopes\{6EC3145C-B972-49BA-8129-E9D698771DD8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...t&ltmplcache=2
IE - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\SearchScopes\{33D7F235-4B7D-461A-8527-88B1769DECF1}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=685749&ilc=12&p={searchTerms}
IE - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8179814F-3315-4D6E-82FD-56AE8472588D}&mid=0a340377d5f0aa2f119e7b7026bfe757-c6f8b2efa64935e8002e3ad347fb8f07f0bbfe7c&lang=en&ds=AVG&pr=fr&d=2012-07-12 14:39:02&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rachel H\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rachel H\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp .com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/11 09:35:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/12 14:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/12 14:39:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp. com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/11 09:35:26 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

rigi nalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginCh rome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rachel H\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rachel H\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Rachel H\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Rachel H\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Do Not Track = C:\Users\Rachel H\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Rachel H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/14 18:47:16 | 000,001,707 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.239.32.20 www.google.ae # bck9
O1 - Hosts: 216.239.32.20 www.google.at # bck9
O1 - Hosts: 216.239.32.20 www.google.be # bck9
O1 - Hosts: 216.239.32.20 www.google.ca # bck9
O1 - Hosts: 216.239.32.20 www.google.ch # bck9
O1 - Hosts: 216.239.32.20 www.google.cl # bck9
O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
O1 - Hosts: 216.239.32.20 www.google.com # bck9
O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
O1 - Hosts: 39 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rachel H\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://crestedg.century21.com/EDGDO...eUploader5.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://submit.shutterstock.com/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35F2435D-5B0D-45B6-AF17-B33BA276FA54}: DhcpNameServer = 10.1.26.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8A45D58-D099-4C67-A7B4-A80FAF98C9B1}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT*
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/15 18:15:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rachel H\Desktop\OTL.exe
[2012/07/15 09:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/14 18:31:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/14 18:20:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/14 18:00:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/14 18:00:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/14 18:00:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/14 18:00:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/14 17:58:01 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\Rachel H\Desktop\ComboFix.exe
[2012/07/14 13:09:18 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/13 22:23:05 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/07/13 22:20:24 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/07/13 22:19:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/13 22:18:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/07/13 21:46:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rachel H\Desktop\dds.com
[2012/07/13 21:41:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rachel H\Desktop\HijackThis.exe
[2012/07/13 16:34:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/13 16:31:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/13 15:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/13 15:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/12 22:08:24 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/07/12 21:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2012/07/12 21:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2012/07/12 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/12 21:38:02 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Local\Google
[2012/07/12 21:37:26 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Local\Apps
[2012/07/12 21:37:25 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Local\Deployment
[2012/07/12 14:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Roaming\AVG2012
[2012/07/12 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Rachel H\AppData\Local\AVG Secure Search
[2012/07/12 14:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/12 14:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/12 14:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/12 14:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/12 14:38:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/12 14:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/12 14:35:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/12 14:35:59 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/09 18:30:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/03/26 18:45:23 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Rachel H\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/15 18:15:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel H\Desktop\OTL.exe
[2012/07/15 17:52:17 | 101,553,324 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/15 17:43:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000UA.job
[2012/07/15 09:20:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000Core.job
[2012/07/14 18:47:16 | 000,001,707 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/14 18:46:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/14 18:46:44 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 16:56:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 16:56:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 16:54:22 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/14 16:54:22 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/14 16:54:22 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/14 15:54:12 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\Rachel H\Desktop\ComboFix.exe
[2012/07/14 11:53:57 | 005,178,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/13 21:46:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rachel H\Desktop\dds.com
[2012/07/13 21:41:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rachel H\Desktop\HijackThis.exe
[2012/07/12 22:16:16 | 000,001,048 | ---- | M] () -- C:\Users\Rachel H\Desktop\Dropbox.lnk
[2012/07/12 22:12:44 | 000,001,012 | ---- | M] () -- C:\Users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/07/12 14:38:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/12 14:38:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/11 16:13:29 | 000,013,210 | ---- | M] () -- C:\Users\Rachel H\AppData\Roaming\wklnhst.dat
[2012/07/09 11:17:39 | 000,424,166 | ---- | M] () -- C:\Users\Rachel H\Desktop\2006-11-17-the-power-of-a-personal-testimony-64k-eng.mp3
[2012/07/09 11:14:06 | 010,733,381 | ---- | M] () -- C:\Users\Rachel H\Desktop\2010-04-4060-president-thomas-s-monson-eng.mp3
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/30 17:31:16 | 000,025,600 | ---- | M] () -- C:\Users\Rachel H\Documents\sabbath.wps
[2012/06/27 16:17:43 | 000,016,421 | ---- | M] () -- C:\Users\Rachel H\Documents\Print Orders Spreadsheet.ods

========== Files Created - No Company Name ==========

[2012/07/15 17:52:17 | 101,553,324 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/14 18:00:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/14 18:00:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/14 18:00:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/14 18:00:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/14 18:00:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/13 22:23:58 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/07/13 22:22:57 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/07/13 22:20:39 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/07/13 22:20:38 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/07/13 22:20:38 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/07/12 22:16:16 | 000,001,048 | ---- | C] () -- C:\Users\Rachel H\Desktop\Dropbox.lnk
[2012/07/12 22:08:34 | 000,001,012 | ---- | C] () -- C:\Users\Rachel H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/07/12 21:38:06 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000UA.job
[2012/07/12 21:38:05 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2315779669-1304240532-62785759-1000Core.job
[2012/07/12 14:38:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/12 14:38:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/09 11:15:40 | 000,424,166 | ---- | C] () -- C:\Users\Rachel H\Desktop\2006-11-17-the-power-of-a-personal-testimony-64k-eng.mp3
[2012/07/09 11:13:51 | 010,733,381 | ---- | C] () -- C:\Users\Rachel H\Desktop\2010-04-4060-president-thomas-s-monson-eng.mp3
[2012/06/30 17:31:16 | 000,025,600 | ---- | C] () -- C:\Users\Rachel H\Documents\sabbath.wps
[2012/06/11 09:29:10 | 000,166,932 | ---- | C] () -- C:\Windows\hpoins36.dat
[2012/04/23 12:30:20 | 000,000,359 | ---- | C] () -- C:\Users\Rachel H\.JavaPowUpload.ser
[2012/04/23 12:29:38 | 000,000,300 | ---- | C] () -- C:\Users\Rachel H\.JavaPowUpload.properties
[2011/10/31 18:10:26 | 000,000,132 | ---- | C] () -- C:\Users\Rachel H\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/31 22:50:52 | 000,020,991 | ---- | C] () -- C:\Users\Rachel H\.recently-used.xbel
[2009/12/26 23:35:39 | 000,013,210 | ---- | C] () -- C:\Users\Rachel H\AppData\Roaming\wklnhst.dat
[2009/12/25 20:47:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2009/12/26 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\Absolute
[2010/12/18 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\Absolute Software
[2012/04/16 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\Anthropics
[2011/09/15 12:27:39 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\Audacity
[2011/04/26 14:32:04 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\AVG10
[2012/07/12 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\AVG2012
[2011/11/28 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/19 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/15 18:35:39 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\Dropbox
[2012/01/21 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\FileZilla
[2010/07/31 22:50:52 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\gtk-2.0
[2012/07/12 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\IObit
[2010/12/04 21:19:39 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\OpenOffice.org
[2011/02/17 02:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\SmartDraw
[2011/10/20 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/12/26 23:36:12 | 000,000,000 | ---D | M] -- C:\Users\Rachel H\AppData\Roaming\Template
[2011/12/09 09:23:33 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS543232L9A300
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 283.00GB
Starting Offset: 15770583040
Hidden sectors: 0

< End of report >

OTL Extras logfile created on: 7/15/2012 6:17:49 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rachel H\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.64% Memory free
7.92 Gb Paging File | 6.03 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 33.77 Gb Free Space | 11.92% Space Free | Partition Type: NTFS

Computer Name: RACHELH-PC | User Name: Rachel H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92317FD2-8A6B-4CEE-B03D-18CA3244E157}" = Windows Phone Intro Video (ENU)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{ABF9419C-26D2-4765-9D54-FBC4D2394424}" = IObit Toolbar v4.8
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell Webcam Central" = Dell Webcam Central
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MyCamera" = Canon Utilities MyCamera
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PortraitProfessionalStudio10_is1" = Portrait Professional Studio 10.9
"PortraitProfessionalStudio10Trial_is1" = Portrait Professional Studio 10.8 Trial
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2315779669-1304240532-62785759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 6/19/2012 12:06:52 PM | Computer Name = RachelH-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

[ Broadcom Wireless LAN Events ]
Error - 7/12/2012 2:23:36 PM | Computer Name = RachelH-PC | Source = WLAN-Tray | ID = 0
Description = 13:23:36, Thu, Jul 12, 12 Error - Unable to gain access to user store

[ System Events ]
Error - 7/14/2012 6:56:36 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 7/14/2012 6:59:17 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 7/14/2012 6:59:17 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/14/2012 6:59:17 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/14/2012 7:02:19 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/14/2012 7:09:29 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/14/2012 7:15:45 PM | Computer Name = RachelH-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/14/2012 7:17:17 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/14/2012 7:27:37 PM | Computer Name = RachelH-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/15/2012 3:56:29 PM | Computer Name = RachelH-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

< End of report >

mrp · 16-Jul-2012, 08:26 PM **#14**

Please navigate to Start > Control Panel > Programs and Features (or Uninstall a program) and find and uninstall the following:

Java™ 6 Update 14 (64-bit)
Java™ 6 Update 22
Java™ 6 Update 33
Adobe Reader 9.1.2

You can grab the latest Adobe Reader here: http://get.adobe.com/uk/reader/ (opt to not install McAfee).

OTL

Run OTL.exe.

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

Code:

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2315779669-1304240532-62785759-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

:Files
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\IObit Toolbar
C:\Windows\Installer\1c3e5ab.msi
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]

Click the Run Fix button.
OTL will now process the instructions.
When finished a box will open asking you to open the fix log, click OK.
The fix log will open.
Copy/Paste the log in your next reply please.

Note: If necessary, OTL may reboot your computer, or request that you do so. If it does, please go ahead and reboot your machine. After rebooting, open up Windows Explorer (Windows Key +E) and navigate to C:\_OTL\MovedFiles. Within, you should find a .log file with the format mmddyyyy_hhmmss, which represents the date and time the fix was run. Please copy and paste the contents of that file, making sure Word Wrap is off beforehand, if necessary.

Please advise how your computer is running and if there are any outstanding issues.

RDM926 · 17-Jul-2012, 04:59 AM **#15**

Computer is running fine, although I haven't been using it for much else other than your instructions. I will have my wife continue her regular usage and let you know if there is anything unusual. Here is the OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2315779669-1304240532-62785759-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2315779669-1304240532-62785759-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\IObit Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\IObit Toolbar\Res folder moved successfully.
C:\Program Files (x86)\IObit Toolbar\IE\4.8 folder moved successfully.
C:\Program Files (x86)\IObit Toolbar\IE folder moved successfully.
C:\Program Files (x86)\IObit Toolbar folder moved successfully.
C:\Windows\Installer\1c3e5ab.msi moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rachel H\Desktop\cmd.bat deleted successfully.
C:\Users\Rachel H\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rachel H
->Temp folder emptied: 1335487 bytes
->Temporary Internet Files folder emptied: 17724482 bytes
->Java cache emptied: 6881 bytes
->Google Chrome cache emptied: 141911795 bytes
->Flash cache emptied: 2892629 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174376 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 88585838 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deplo yment folder emptied: 666 bytes
RecycleBin emptied: 240541301 bytes

Total Files Cleaned = 470.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07172012_034806

Files\Folders moved on Reboot...
C:\Users\Rachel H\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Rachel H\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Windows/System32/services.exe Trojan dropper

Find the solution to your computer problem!

Find the solution to your
computer problem!