1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC running SUPER slow

Discussion in 'Virus & Other Malware Removal' started by Airmiles, Sep 1, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    First time in ages.. My PC is running SO incredibly slow. Not sure what is going on. I have a good anti-virus on it so unlikely a virus slipped through although my PC is running painstakingly slow. It takes ages for a page to load and on top of that many times in a day the pages freeze, and then after a little bit unfreeze. Very annoying. This only started happening today but I find it very frustrating. Can anyone help me? I do not want to run EasyClean as have been told this can sometimes delete necessary items from the registry.

    Thanking you in advance.

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz, x86 Family 15 Model 6 Stepping 2
    Processor Count: 2
    RAM: 1022 Mb
    Graphics Card: RADEON X600 256MB HyperMemory, 256 Mb
    Hard Drives: C: Total - 300355 MB, Free - 115142 MB; F: Total - 476911 MB, Free - 347071 MB; K: Total - 305234 MB, Free - 4411 MB;
    Motherboard: Dell Inc. , 0FJ030, , ..CN7082161KG0OV.
    Antivirus: Norton Internet Security, Updated: Yes, On-Demand Scanner: Enabled
     
  2. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    **Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.**

    IMPORTANT NOTE : Please do not delete, download or install anything or run additional scans unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.
     
  3. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Airmiles,

    Please download DDS from one of the following links and save it to your desktop.

    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    ---------------------------------------------------
    • Post the contents of the DDS.txt report in your next reply
    • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

    ----------

    [​IMG]
    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in your reply.


    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    .
    ----------

    In your next reply please post the logs created by DDS and GMER. :)
     
  4. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    Here is the DDS log


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Amanda Miles at 13:56:46 on 2011-09-05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.165 [GMT 1:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\stsystra.exe
    svchost.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.talktalk.co.uk/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = proxy137.scansafe.net:8080
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - c:\program files\acro software\cutepdf filler evaluation\CPFillerCoE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\amanda miles\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [CTSysVol] "c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe" /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dairy%20Dash/Images/stg_drm.ocx
    DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183591433593
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4}
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5068/mcfscan.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2F2D4393-C50C-4C43-9DB2-0582A742A8EB} : NameServer = 212.74.112.66,212.74.112.67
    TCP: Interfaces\{777B347E-CD52-427A-822B-5F573F5EE8A3} : NameServer = 212.74.112.66,212.74.112.67
    TCP: Interfaces\{777B347E-CD52-427A-822B-5F573F5EE8A3} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys [2011-7-28 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys [2011-7-28 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-26 815736]
    R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-4 216912]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys [2011-7-28 136312]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccSvcHst.exe [2011-7-28 130008]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-5 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\ipsdefs\20110902.030\IDSXpx86.sys [2011-9-3 356280]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\virusdefs\20110904.002\NAVENG.SYS [2011-9-4 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\virusdefs\20110904.002\NAVEX15.SYS [2011-9-4 1576312]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-5-16 362944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9bc43a70feec1;Google Update Service (gupdate1c9bc43a70feec1);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-5-16 17149]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-2 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-2 40552]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-31 17:24:43 -------- d-----w- c:\program files\iTunes
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-08-31 17:18:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-08-31 17:14:40 -------- d-----w- c:\program files\Bonjour
    2011-08-26 15:14:40 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-26 15:07:43 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2011-08-21 09:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2011-09-04 18:15:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-28 18:20:28 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-07-28 18:20:28 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-07-20 18:04:52 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-19 04:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-19 01:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 17:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 17:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    .
    ============= FINISH: 13:59:02.24 ===============

    Here is the Attach log


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/09/2006 19:41:51
    System Uptime: 05/09/2011 11:16:34 (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0FJ030
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 293 GiB total, 116.779 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 466 GiB total, 336.45 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is FIXED (NTFS) - 298 GiB total, 4.867 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP584: 05/06/2011 18:30:21 - System Checkpoint
    RP585: 06/06/2011 22:50:20 - System Checkpoint
    RP586: 07/06/2011 15:34:43 - Installed Windows Media Player Firefox Plugin
    RP587: 09/06/2011 13:27:15 - System Checkpoint
    RP588: 10/06/2011 13:40:08 - System Checkpoint
    RP589: 12/06/2011 19:12:09 - System Checkpoint
    RP590: 13/06/2011 19:32:52 - System Checkpoint
    RP591: 15/06/2011 14:29:10 - Installed Java(TM) 6 Update 26
    RP592: 16/06/2011 17:23:55 - System Checkpoint
    RP593: 17/06/2011 10:49:56 - Software Distribution Service 3.0
    RP594: 12/07/2011 14:38:32 - Installed Rapport
    RP595: 13/07/2011 03:11:19 - Software Distribution Service 3.0
    RP596: 14/07/2011 04:29:59 - Software Distribution Service 3.0
    RP597: 15/07/2011 17:06:40 - System Checkpoint
    RP598: 17/07/2011 14:02:58 - System Checkpoint
    RP599: 18/07/2011 20:11:51 - System Checkpoint
    RP600: 19/07/2011 21:48:40 - System Checkpoint
    RP601: 21/07/2011 14:16:55 - Removed OpenOffice.org 3.2
    RP602: 23/07/2011 22:13:57 - System Checkpoint
    RP603: 25/07/2011 17:10:48 - System Checkpoint
    RP604: 31/07/2011 11:36:53 - System Checkpoint
    RP605: 06/08/2011 20:03:25 - System Checkpoint
    RP606: 07/08/2011 20:31:25 - System Checkpoint
    RP607: 27/08/2011 09:04:23 - Installed Rapport
    RP608: 27/08/2011 09:05:47 - Software Distribution Service 3.0
    RP609: 27/08/2011 13:01:44 - Installed Java(TM) 6 Update 27
    RP610: 28/08/2011 23:51:42 - System Checkpoint
    RP611: 02/09/2011 20:02:31 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    1400
    1400_Help
    1400Trb
    Adobe Acrobat 6.0 Professional - English, Français, Deutsch
    Adobe AIR
    Adobe Audition 1.5
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop 6.0
    Adobe Reader X (10.1.0)
    Adobe® Photoshop® Album Starter Edition 3.2
    AiO_Scan
    AiOSoftware
    Airbus Collector Edition
    Andrea VoiceCenter
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Camera Suite 1.3
    Are You Smarter Than A 5th Grader
    ARTEuro
    ATI Control Panel
    ATI Display Driver
    Bonjour
    Bonusprint Pix
    Brain Training for Dummies
    BufferChm
    Canon Camera Access Library
    CANON iMAGE GATEWAY MyCamera Download Plugin
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow Launcher
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Click to Call with Skype
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    Creative MediaSource
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    CutePDF Form Filler 3.5 (Evaluation)
    Dell CinePlayer
    Dell Driver Reset Tool
    Dell Support 5.0.0 (630)
    Dell System Restore
    DellConnect
    Destinations
    DeviceManagementQFolder
    DNA
    DocProc
    EasyCleaner
    ESPNMotion
    eSupportQFolder
    Fax
    Garmin City Navigator Europe NT 2010.20 Update
    GemMaster Mystic
    Genius Move
    Google Chrome
    Google Earth
    Google Update Helper
    Half-Life 2
    Half-Life 2: Deathmatch
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 5.3
    HP Games
    HP Image Zone Express
    HP Imaging Device Functions 5.3
    HP Product Assistant
    HP PSC & OfficeJet 5.3.B
    HP Solution Center & Imaging Support Tools 5.3
    HP Update
    HPProductAssistant
    Intel Matrix Storage Manager
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Intel(R) Quick Resume Technology Drivers
    Intel® Viiv&#8482;
    iPod for Windows 2006-01-10
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 27
    Junk Mail filter update
    K-Lite Codec Pack 2.83 Full
    Learn2 Player (Uninstall Only)
    Logitech Audio Echo Cancellation Component
    Logitech Gaming Software
    Logitech QuickCam Software
    Logitech Video Enumerator
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    MarketResearch
    MCU
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Works 7.0
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Premium
    NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
    NewCopy
    Norton Internet Security
    NVIDIA PhysX v8.10.29
    Otto
    Philips SA19XX Device Manager
    ProductContext
    QuickTime
    Rapport
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Rosetta Stone Version 3
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    SAGEM [email protected] 800-840
    Sally's Salon (remove only)
    Scan
    ScannerCopy
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SigmaTel Audio
    Skype&#8482; 5.5
    SolutionCenter
    Sound Blaster Audigy ADVANCED MB
    Source SDK
    Source SDK Base
    Spotify
    Status
    Steam
    TextTwist 2
    The Legend of Sanna: Rise of a Great Colony
    TrayApp
    Unload
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Installer for WildTangent Games App
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.5
    WebFldrs XP
    WebReg
    WildTangent Games App (HP Games)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zenerchi
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/08/2011 17:19:53, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    31/08/2011 12:41:31, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    30/08/2011 22:17:17, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    30/08/2011 22:17:13, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
    30/08/2011 14:56:54, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    30/08/2011 12:45:36, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    29/08/2011 18:40:20, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    29/08/2011 03:43:05, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    29/08/2011 03:28:31, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    05/09/2011 11:17:59, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    05/09/2011 11:17:46, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    04/09/2011 17:49:48, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    04/09/2011 14:15:29, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    03/09/2011 17:04:28, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    03/09/2011 17:04:17, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
    03/09/2011 17:00:39, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
    03/09/2011 16:59:48, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    03/09/2011 16:59:46, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RapportMgmtService service.
    03/09/2011 16:59:11, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
    03/09/2011 16:57:53, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f799d948, parameter3 f799d644, parameter4 f7111ae8.
    03/09/2011 14:25:05, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    03/09/2011 01:57:07, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    02/09/2011 18:33:09, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    02/09/2011 17:03:45, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    02/09/2011 15:48:16, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    02/09/2011 10:18:23, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    02/09/2011 02:00:32, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    02/09/2011 02:00:08, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    01/09/2011 13:53:10, error: Service Control Manager [7023] - The Intel® Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
    .
    ==== End Of File ===========================

    Here is the Gmer log


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-05 14:24:52
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
    Running: gmer.exe; Driver: C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\kgtdypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 860D4138 ZwAlertResumeThread
    SSDT 86274160 ZwAlertThread
    SSDT 85FFA190 ZwAllocateVirtualMemory
    SSDT 8605B0B0 ZwAssignProcessToJobObject
    SSDT 8654ABC0 ZwConnectPort
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB124CA56]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB137B710]
    SSDT 85FBC608 ZwCreateMutant
    SSDT 85D10EA8 ZwCreateSymbolicLinkObject
    SSDT 86704EB0 ZwCreateThread
    SSDT 86604160 ZwDebugActiveProcess
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB124CBD4]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB137B990]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB137BEF0]
    SSDT 860679F8 ZwDuplicateObject
    SSDT 86077CE0 ZwFreeVirtualMemory
    SSDT 85D20E98 ZwImpersonateAnonymousToken
    SSDT 8602EE98 ZwImpersonateThread
    SSDT 861482B0 ZwLoadDriver
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xB1250410]
    SSDT 866FE668 ZwMapViewOfSection
    SSDT 8626A178 ZwOpenEvent
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB124CB2C]
    SSDT 86003440 ZwOpenProcess
    SSDT 86602160 ZwOpenProcessToken
    SSDT 85D9E150 ZwOpenSection
    SSDT 85C7B150 ZwOpenThread
    SSDT 860AB328 ZwProtectVirtualMemory
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB1250386]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB12502F0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB1250322]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB1250354]
    SSDT 86270180 ZwResumeThread
    SSDT 85CED1B8 ZwSetContextThread
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB124CC40]
    SSDT 86072BA0 ZwSetInformationProcess
    SSDT 85D2F180 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB137C140]
    SSDT 85C71160 ZwSuspendProcess
    SSDT 86063288 ZwSuspendThread
    SSDT 85D341A0 ZwTerminateProcess
    SSDT 8606CC80 ZwTerminateThread
    SSDT 860524A0 ZwUnmapViewOfSection
    SSDT 85C13170 ZwWriteVirtualMemory

    INT 0x01 \??\C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\mbr.sys F793BC42

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2DCD 80504669 7 Bytes [34, 00, 86, 60, 21, 60, 86]
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7885760]
    init C:\WINDOWS\system32\drivers\sigfilt.sys entry point in "init" section [0xEC487180]
    ? C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[788] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00413DB0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2460] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3472] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 0043E8E0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3472] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 71AE001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3472] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3472] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00C89570 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [22, 00, 91, 71, C3] {AND AL, [EAX]; XCHG ECX, EAX; JNO 0xffffffffffffffc8}
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!ReadFile 7C801812 6 Bytes PUSH 71530022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A90001
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!CreateProcessW 7C802336 6 Bytes PUSH 714F0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!CloseHandle 7C809BE7 6 Bytes PUSH 71670022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 6 Bytes PUSH 716B0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!WriteFile 7C810E27 6 Bytes PUSH 715F0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!CreateNamedPipeW 7C82F0DD 6 Bytes PUSH 715B0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!CancelIo 7C8300E2 6 Bytes PUSH 71630022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!CreateIoCompletionPort 7C83138D 6 Bytes PUSH 71570022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71950022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes PUSH 714B0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71730022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 71A30022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 71AE0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWindowLongW 7E42C2BB 6 Bytes PUSH 71770022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetParent 7E42C7F9 6 Bytes PUSH 717B0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 719E000A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 719A000A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 717F0022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71870022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes PUSH 71830022; RET
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 716F0022
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A9B76F 3 Bytes [68, 22, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] CRYPT32.dll!CertVerifyCertificateChainPolicy + 4 77A9B773 2 Bytes [71, C3] {JNO 0xffffffffffffffc5}
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4192] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4280] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5568] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5640] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Amanda Miles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5908] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  5. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    Thank you for your help Jeffce. :)
     
  6. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Airmiles,

    Are you using a proxy server or are you aware that your system is set up to use a proxy server?
    ----------

    I noticed while reviewing your logs that you have Malwarebytes on your system. Please open that program, Update it and then run a Quick Scan. Save the log that is created as I will need to see that in your next reply.
    ----------

    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.




    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Push Finish

    http://www.eset.com/onlinescan/
    ----------

    In your next reply please let me know about the proxy server and then post the logs created by Malwarebytes and ESET Online Scanner.
     
  7. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    I didn't realise I hadn't changed that. I had to use it for a job I did last year. How do I change it back? Actually according to my settings I am not using the proxy server at this moment, so I am not sure why you are detecting that??
     
  8. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7660

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    06/09/2011 14:11:52
    mbam-log-2011-09-06 (14-11-52).txt

    Scan type: Quick scan
    Objects scanned: 242775
    Time elapsed: 35 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  9. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Airmiles,

    Thanks for the Malwarebytes log! Did you get a chance to run ESET Online Scanner yet? If you did, please post the log created into your next reply. If you did not, please run that and then post the log that is created into your next reply. :)
     
  10. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    C:\Documents and Settings\Amanda Miles\My Documents\Downloads\Programs\unlocker1.9.0.exe Win32/Adware.ADON application
    F:\Random\DancingCraze_10337.exe Win32/Toolbar.Zugo application
     
  11. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Airmiles,

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ----------
     
  12. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    Do I not need to remove those two virus threats first?
     
  13. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Airmiles,

    We will get to that with ComboFix. :) After ComboFix has run please post the log that is created into your next reply.
     
  14. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
  15. Airmiles

    Airmiles Thread Starter

    Joined:
    May 13, 2007
    Messages:
    419
    ComboFix 11-09-08.03 - Amanda Miles 08/09/2011 16:35:54.8.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT 1:00]
    Running from: c:\documents and settings\Amanda Miles\Desktop\Puppy.exe
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\AMANDA~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.385e8e6d.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
    c:\documents and settings\Amanda Miles\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Amanda Miles\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
    c:\documents and settings\Amanda Miles\Start Menu\Internet Explorer.lnk
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.385e8e6d.ini
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
    c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.385e8e6d.ini
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
    c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
    c:\windows\bwUnin-7.2.0.157-8876480SL.exe
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\iun6002.exe
    c:\windows\kb913800.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-06 13:40 . 2011-09-06 13:40 -------- d-----w- c:\program files\ESET
    2011-09-04 18:15 . 2011-09-04 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2011-09-03 10:17 . 2011-09-03 10:17 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-08-31 17:24 . 2011-08-31 17:25 -------- d-----w- c:\program files\iTunes
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-08-31 17:18 . 2011-08-31 17:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-08-31 17:17 . 2011-08-31 17:18 -------- d-----w- c:\program files\QuickTime
    2011-08-31 17:14 . 2011-08-31 17:14 -------- d-----w- c:\program files\Bonjour
    2011-08-27 12:03 . 2011-08-27 12:03 -------- d-----w- c:\program files\Common Files\Java
    2011-08-26 15:14 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-26 15:07 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2011-08-21 09:00 . 2011-08-21 09:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-04 18:15 . 2011-05-16 16:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-03 10:17 . 2005-08-16 04:18 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-28 18:20 . 2011-07-28 18:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-07-28 18:20 . 2011-07-28 18:20 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-07-20 18:04 . 2011-07-20 18:04 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-19 04:05 . 2010-04-26 00:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-19 01:40 . 2007-05-16 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-15 13:29 . 2006-02-28 18:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-08 14:02 . 2005-08-16 04:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 18:52 . 2010-11-08 22:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52 . 2010-11-08 22:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-24 14:10 . 2005-08-16 04:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2005-08-16 04:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2005-08-16 04:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2005-08-16 04:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2005-08-16 04:18 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2005-08-16 04:18 293376 ----a-w- c:\windows\system32\winsrv.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-04-27_09.50.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-13 19:17 . 2011-05-13 19:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
    + 2011-05-13 18:45 . 2011-05-13 18:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
    + 2011-05-14 00:06 . 2011-05-14 00:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
    + 2011-05-14 00:23 . 2011-05-14 00:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
    + 2011-05-13 17:37 . 2011-05-13 17:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
    + 2011-09-08 14:58 . 2011-09-08 14:58 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
    + 2011-09-05 10:18 . 2011-09-05 10:18 16384 c:\windows\Temp\Perflib_Perfdata_32c.dat
    + 2007-01-29 08:58 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    - 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    + 2011-07-13 17:14 . 2011-02-18 16:36 41984 c:\windows\system32\ReinstallBackups\0019\DriverFiles\usbaapl.sys
    - 2005-08-16 04:18 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
    + 2006-10-27 13:09 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
    - 2006-10-27 13:09 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
    - 2005-08-16 04:18 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
    + 2007-01-02 01:04 . 2011-08-26 15:11 68080 c:\windows\system32\GDIPFONTCACHEV1.DAT
    - 2007-01-02 01:04 . 2011-03-30 13:28 68080 c:\windows\system32\GDIPFONTCACHEV1.DAT
    + 2011-07-13 17:14 . 2011-05-10 07:06 42496 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaapl.sys
    + 2011-07-13 17:14 . 2011-05-10 07:06 18432 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\netaapl.sys
    + 2011-01-24 16:37 . 2011-05-10 07:06 42496 c:\windows\system32\drivers\usbaapl.sys
    + 2011-07-28 18:20 . 2011-03-31 03:00 50168 c:\windows\system32\drivers\NIS\1206000.01D\srtspx.sys
    + 2009-06-27 13:53 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-06-27 13:53 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2006-06-23 11:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2006-06-23 11:25 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2007-05-09 19:02 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2007-05-09 19:02 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2006-10-17 11:05 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-10-17 11:05 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-06-23 11:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-06-23 11:25 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2005-08-16 04:18 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
    - 2005-08-16 04:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
    - 2011-02-10 03:10 . 2011-02-10 03:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-07-30 08:22 . 2011-07-30 08:22 22016 c:\windows\Installer\21ea82.msi
    + 2011-07-17 16:22 . 2011-07-17 16:22 18944 c:\windows\Installer\122f691.msi
    + 2011-07-17 16:21 . 2011-07-17 16:21 92672 c:\windows\Installer\122f688.msi
    + 2011-05-20 13:55 . 2011-05-20 13:55 38400 c:\windows\Installer\1046843.msi
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-06-03 21:27 . 2011-06-03 21:27 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
    - 2011-03-20 00:19 . 2011-03-30 13:21 23558 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000001}\ARPPRODUCTICON.exe
    + 2011-03-20 00:19 . 2011-08-08 21:40 23558 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000001}\ARPPRODUCTICON.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2011-05-20 13:56 . 2011-06-17 10:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-07-13 17:30 . 2011-07-13 17:30 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
    + 2011-08-27 08:11 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a2ef92260effc4f8cef9339a24ba230b\UIAutomationProvider.ni.dll
    + 2011-07-13 13:02 . 2011-07-13 13:02 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\0ec57bf11a79dc3fa5255a94472e36ec\System.Windows.Presentation.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9966b7174848e36b4a0d54e3cce53d8c\System.Web.ApplicationServices.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d78f1819ba6c790b0400a5891bcd12b6\System.ServiceModel.Channels.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\6c15a9f7fb56275fb9ad22ae306d9d42\System.AddIn.Contract.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\9cce7d40f80e50a7e43d8e99f039359f\Microsoft.VisualC.ni.dll
    + 2011-07-13 12:53 . 2011-07-13 12:53 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ec6caf1c86ddb8ce9d7a89adb10264e8\Accessibility.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e01941c4292a588e4f1eb5585822087c\WindowsLiveWriter.ni.exe
    + 2011-08-27 09:09 . 2011-08-27 09:09 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6730cd9fbbafc6c69651abefafb0667a\WindowsLive.Writer.Api.ni.dll
    + 2011-07-13 02:47 . 2011-07-13 02:47 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
    + 2011-08-27 09:12 . 2011-08-27 09:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-07-13 12:43 . 2011-07-13 12:43 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
    + 2011-08-27 08:23 . 2011-08-27 08:23 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
    + 2011-08-27 08:22 . 2011-08-27 08:22 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
    + 2011-07-13 12:38 . 2011-07-13 12:38 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
    + 2011-07-13 12:40 . 2011-07-13 12:40 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
    + 2011-07-13 12:40 . 2011-07-13 12:40 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
    + 2011-07-13 12:39 . 2011-07-13 12:39 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
    + 2011-07-13 12:24 . 2011-07-13 12:24 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-07-14 03:37 . 2010-12-09 14:30 33280 c:\windows\$NtUninstallKB2507938$\csrsrv.dll
    + 2011-07-14 03:32 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
    + 2011-07-14 03:32 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll
    + 2011-06-17 09:56 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893\update\spcustom.dll
    + 2011-06-17 09:56 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893\spmsg.dll
    + 2011-06-17 09:51 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544521-IE8\update\spcustom.dll
    + 2011-06-17 09:51 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544521-IE8\spmsg.dll
    + 2011-07-13 02:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
    + 2011-07-13 02:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2541763\spmsg.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276\update\spcustom.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276\spmsg.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2535512\update\spcustom.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2535512\spmsg.dll
    + 2011-06-17 09:57 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2530548-IE8\update\spcustom.dll
    + 2011-06-17 09:57 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2530548-IE8\spmsg.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 12800 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\xpshims.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 66560 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtmled.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 55296 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeedsbs.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 43520 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\licmgr10.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 25600 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\jsproxy.dll
    + 2011-07-14 03:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
    + 2011-07-14 03:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll
    + 2011-04-26 11:02 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503665\update\spcustom.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503665\spmsg.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476490\update\spcustom.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476490\spmsg.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2011-07-17 16:21 . 2011-07-17 16:21 5632 c:\windows\system32\pndx5032.dll
    + 2011-07-17 16:21 . 2011-07-17 16:21 6656 c:\windows\system32\pndx5016.dll
    + 2007-06-15 16:40 . 2011-08-27 08:12 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2010-03-21 18:13 . 2010-10-13 18:31 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
    + 2010-03-21 18:13 . 2011-08-27 08:06 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
    - 2010-03-21 18:13 . 2010-10-13 18:31 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
    + 2010-03-21 18:13 . 2011-08-27 08:06 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
    + 2010-03-21 18:13 . 2011-08-27 08:06 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
    - 2010-03-21 18:13 . 2010-10-13 18:31 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
    + 2011-07-13 12:53 . 2011-07-13 12:53 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\2d01a98c567028c2aa3f58b71581c708\dfsvc.ni.exe
    + 2011-08-27 08:19 . 2011-08-27 08:19 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-05-14 00:17 . 2011-05-14 00:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
    + 2011-05-14 00:12 . 2011-05-14 00:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
    + 2011-05-14 00:11 . 2011-05-14 00:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
    - 2005-08-16 04:18 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
    + 2005-08-16 04:18 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
    + 2011-07-17 16:22 . 2011-07-17 16:22 198848 c:\windows\system32\rmoc3260.dll
    + 2011-07-17 16:21 . 2011-07-17 16:21 272896 c:\windows\system32\pncrt.dll
    - 2005-08-16 04:18 . 2011-04-15 02:20 552222 c:\windows\system32\perfh009.dat
    + 2005-08-16 04:18 . 2011-08-27 08:20 552222 c:\windows\system32\perfh009.dat
    + 2005-08-16 04:18 . 2011-08-27 08:20 101602 c:\windows\system32\perfc009.dat
    - 2005-08-16 04:18 . 2011-04-15 02:20 101602 c:\windows\system32\perfc009.dat
    + 2005-08-16 04:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
    - 2005-08-16 04:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
    - 2005-08-16 04:18 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
    - 2005-08-16 04:18 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
    - 2006-10-27 13:09 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
    + 2006-10-27 13:09 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
    + 2011-09-04 18:15 . 2011-09-04 18:15 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
    + 2011-09-04 18:15 . 2011-09-04 18:15 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll
    + 2011-05-19 12:02 . 2011-05-19 12:02 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
    + 2011-08-27 12:02 . 2011-07-19 04:05 157472 c:\windows\system32\javaws.exe
    - 2010-11-08 21:17 . 2010-09-15 03:50 145184 c:\windows\system32\javaw.exe
    + 2011-08-27 12:02 . 2011-07-19 04:05 145184 c:\windows\system32\javaw.exe
    + 2011-08-27 12:02 . 2011-07-19 04:05 145184 c:\windows\system32\java.exe
    - 2010-11-08 21:17 . 2010-09-15 03:50 145184 c:\windows\system32\java.exe
    + 2005-08-16 04:40 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
    - 2005-08-16 04:40 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
    - 2005-08-16 04:18 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
    - 2005-08-16 04:18 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
    + 2005-08-16 04:18 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
    - 2005-08-16 04:18 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
    + 2005-08-16 04:27 . 2011-08-26 14:59 287704 c:\windows\system32\FNTCACHE.DAT
    - 2005-08-16 04:27 . 2011-04-15 09:40 287704 c:\windows\system32\FNTCACHE.DAT
    + 2011-07-28 18:20 . 2011-03-22 00:39 331384 c:\windows\system32\drivers\NIS\1206000.01D\symtdiv.sys
    + 2011-07-28 18:20 . 2011-03-22 00:39 369784 c:\windows\system32\drivers\NIS\1206000.01D\symtdi.sys
    + 2011-07-28 18:20 . 2011-03-22 00:39 296568 c:\windows\system32\drivers\NIS\1206000.01D\symnets.sys
    + 2011-07-28 18:20 . 2011-03-15 02:31 744568 c:\windows\system32\drivers\NIS\1206000.01D\SymEFA.sys
    + 2011-07-28 18:20 . 2011-01-27 06:47 340088 c:\windows\system32\drivers\NIS\1206000.01D\SymDS.sys
    + 2011-07-28 18:20 . 2011-03-31 03:00 516216 c:\windows\system32\drivers\NIS\1206000.01D\srtsp.sys
    + 2011-07-28 18:20 . 2011-01-27 05:07 136312 c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.sys
    + 2005-08-16 04:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
    - 2005-08-16 04:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
    + 2005-08-16 04:18 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
    - 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2006-06-23 11:25 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
    + 2006-06-23 11:25 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
    + 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    + 2006-10-17 11:05 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
    - 2006-10-17 11:05 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
    + 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
    + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
    - 2006-10-17 11:04 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 11:04 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
    + 2011-06-16 09:02 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
    - 2006-06-23 11:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
    + 2006-06-23 11:25 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
    - 2007-05-09 19:02 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2007-05-09 19:02 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-11-23 18:57 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
    - 2008-08-14 10:47 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2008-08-14 10:47 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-06-27 13:53 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-06-27 13:53 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2006-06-23 11:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-06-23 11:25 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-09 22:09 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-09 22:09 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2006-10-27 00:44 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2006-10-27 00:44 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-10-27 00:44 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
    - 2006-10-27 00:44 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
    - 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
    - 2011-02-10 03:10 . 2011-02-10 03:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    - 2011-02-10 03:10 . 2011-02-10 03:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    - 2011-02-10 03:10 . 2011-02-10 03:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    + 2011-03-25 05:15 . 2011-03-25 05:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2011-01-18 03:39 . 2011-01-18 03:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-03-25 05:15 . 2011-03-25 05:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2011-01-18 03:39 . 2011-01-18 03:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-03-25 05:15 . 2011-03-25 05:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2011-01-18 03:39 . 2011-01-18 03:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-08-27 12:03 . 2011-08-27 12:03 203776 c:\windows\Installer\962700.msi
    + 2011-06-07 14:34 . 2011-06-07 14:34 836096 c:\windows\Installer\7d216.msi
    + 2011-07-13 17:11 . 2011-07-13 17:11 811520 c:\windows\Installer\4fca12.msi
    + 2011-09-04 18:12 . 2011-09-04 18:12 459264 c:\windows\Installer\4cd257.msi
    + 2011-06-17 09:56 . 2011-06-17 09:56 467456 c:\windows\Installer\3a5a3.msi
    + 2011-09-01 01:24 . 2011-09-01 01:24 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-06-15 16:40 . 2011-04-15 02:24 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2007-06-15 16:40 . 2011-08-27 08:12 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2011-08-31 17:26 . 2011-08-31 17:26 380928 c:\windows\Installer\{69995C7A-062A-4A90-A4DF-8C22895DF522}\iTunesIco.exe
    + 2011-08-27 08:11 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
    + 2011-08-27 08:11 . 2009-03-08 03:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
    + 2011-08-27 08:11 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
    + 2011-08-27 08:11 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
    + 2011-08-27 08:11 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
    + 2011-08-27 08:11 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
    + 2011-06-17 09:51 . 2009-03-08 03:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2011-06-17 09:51 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2011-06-17 09:51 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2011-06-17 09:57 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
    + 2011-06-17 09:57 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
    + 2011-06-17 09:57 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
    + 2011-06-17 09:57 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
    + 2011-06-17 09:57 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
    + 2008-11-23 18:57 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2011-07-13 13:02 . 2011-07-13 13:02 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d738b0407098b816a0f867b46aee0a41\WindowsFormsIntegration.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\8d3a679adab2761b52ffbb45c9c3a424\UIAutomationTypes.ni.dll
    + 2011-07-13 13:02 . 2011-07-13 13:02 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\c21ab59fa89448166782d7e03861325a\UIAutomationClient.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\96cbc70b2e74e4f36d5c37fa27172651\System.Xml.Linq.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\291fdac42af1327a1c0f6232bca151e5\System.Windows.Input.Manipulations.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\05cdc2d6fb30991b33e4d8c275a3ef7c\System.Transactions.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6207727f9623cd06f6bd1ac81c38675c\System.ServiceProcess.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3e58226acd57d25fcaf8065c207c0825\System.ServiceModel.Routing.ni.dll
    + 2011-07-13 02:35 . 2011-07-13 02:35 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\adda4bed55f9ac422ec48b5c33ec4750\System.Security.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\dd02eb52dead028e9ca47004a0ef6811\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3d90bb729b58b4c05345e63a0ce9a265\System.Runtime.Remoting.ni.dll
    + 2011-07-13 02:18 . 2011-07-13 02:18 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\17c29c52d52ff0b9b348b54037329bd0\System.Numerics.ni.dll
    + 2011-07-13 13:00 . 2011-07-13 13:00 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\80ebfcfdb15014e4cfcbcb348ce41fa0\System.Net.ni.dll
    + 2011-07-13 13:00 . 2011-07-13 13:00 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\b7215ff3f1cc8fc60f9d608b9f2073a3\System.Messaging.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8e27c6ff47b91b55abaf5a7d7dd85419\System.Management.Instrumentation.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\665e155a3a359de4d8594cbeb237cde9\System.IO.Log.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\2a301b66ac56edca4d6003358e2ee605\System.IdentityModel.Selectors.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b4b3499aefaf0be2481e26bf1b3cf05c\System.EnterpriseServices.Wrapper.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b4b3499aefaf0be2481e26bf1b3cf05c\System.EnterpriseServices.ni.dll
    + 2011-07-13 02:35 . 2011-07-13 02:35 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\6f893454b0b766105686bdcc09bd6ca3\System.Dynamic.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\ab095e31f5fcc5cee8ebf3460e5803a7\System.DirectoryServices.Protocols.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\75f76c4954c3b8ea7678665a35217c9e\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\09c1b3e2cda73f11ecaf8aae27d57703\System.Device.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\fce58c2fdb55e2e3e32b6abd5e23d86a\System.Data.DataSetExtensions.ni.dll
    + 2011-07-13 02:34 . 2011-07-13 02:34 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\666c9ef4162700495e504025c20caacd\System.Configuration.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\79d036b23391ba31f328d8c665d19de7\System.Configuration.Install.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d00f5a3bc0ddeea7acb465cdfa1dc762\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-07-13 02:36 . 2011-07-13 02:36 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\cbfcb26007f6f800a3a7990a6477320e\System.ComponentModel.Composition.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\233e41689608b635f34bf9cbc79a5089\System.AddIn.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\bfd523abeb33bf1f4dd47b980d351920\System.Activities.DurableInstancing.ni.dll
    + 2011-07-13 12:53 . 2011-07-13 12:53 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7de68b493e06f87cd8f9f68a5919f08e\SMSvcHost.ni.exe
    + 2011-07-13 12:55 . 2011-07-13 12:55 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d9d6d360d09c77ca0e82f21c801bf4b0\SMDiagnostics.ni.dll
    + 2011-07-13 02:34 . 2011-07-13 02:34 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4d910883d184867c46cbd22e55335bd\PresentationFramework.Classic.ni.dll
    + 2011-07-13 02:36 . 2011-07-13 02:36 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dd2a517a799c92dc8cec54eeba4a940e\PresentationFramework.Luna.ni.dll
    + 2011-07-13 02:33 . 2011-07-13 02:33 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3997fab5d1debf59252f3049c4c4abcf\PresentationFramework.Royale.ni.dll
    + 2011-07-13 02:34 . 2011-07-13 02:34 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\13f8aaf3dab49bff630e4694f556159b\PresentationFramework.Aero.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0c0a3c1383fd49f671741773b9a749a4\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\03f3409eb882f29aff90d30018ac2ab5\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\05cdbb716020bb07505b04593ee0f2b0\CustomMarshalers.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
    + 2011-08-27 09:09 . 2011-08-27 09:09 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\3c563025202d24342179c8a1a0a755ad\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe621804d2c95c0e4fc8dff970b4f3f3\WindowsLive.Writer.HtmlParser.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fc64a3a9c3629479f0b1239f00825bbc\WindowsLive.Writer.BlogClient.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\efe876b4b72a7027fdec114bf09e7a88\WindowsLive.Writer.Passport.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ed53ada3701a243ad82946a6565391e9\WindowsLive.Writer.Instrumentation.ni.dll
    + 2011-07-13 12:37 . 2011-07-13 12:37 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d78f83ddd58e30d6b7beb63b7534f092\WindowsLive.Writer.Interop.SHDocVw.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93c0a88195c257f98b0fb4371bfccc03\WindowsLive.Writer.SpellChecker.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8211d331938ec70d8f6c630b2eb74658\WindowsLive.Writer.Controls.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7a787d90ccf09155f4436bb4d53c941b\WindowsLive.Writer.Localization.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5f4061dfd69553f192267517ab2dc226\WindowsLive.Writer.Mshtml.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\486d51f1da2fb066734ce15fdf8c9733\WindowsLive.Writer.BrowserControl.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\470af3d7e20d0819ac6dab6f001264c1\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e2eb2d5abfe8d71ae30931a68ce6fe4\WindowsLive.Writer.FileDestinations.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21b955e068018c3e384bd504b600a78a\WindowsLive.Writer.Extensibility.ni.dll
    + 2011-07-13 12:37 . 2011-07-13 12:37 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1802baf79662b34a028da7f1a5de1e64\WindowsLive.Writer.Interop.Mshtml.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d88a9ab4974e271b5ad2fc0a699d8c4\WindowsLive.Writer.Interop.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\50952e96ff796d55954df71508ec0899\WindowsLive.Client.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
    + 2011-07-13 02:47 . 2011-07-13 02:47 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
    + 2011-08-27 09:14 . 2011-08-27 09:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
    + 2011-08-27 09:12 . 2011-08-27 09:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
    + 2011-08-27 09:12 . 2011-08-27 09:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
    + 2011-08-27 09:07 . 2011-08-27 09:07 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
    + 2011-08-27 09:07 . 2011-08-27 09:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
    + 2011-08-27 09:09 . 2011-08-27 09:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
    + 2011-08-27 08:24 . 2011-08-27 08:24 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
    + 2011-08-27 09:09 . 2011-08-27 09:09 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2011-07-13 12:40 . 2011-07-13 12:40 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
    + 2011-08-27 09:07 . 2011-08-27 09:07 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-07-14 03:32 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2555917$\spuninst\updspapi.dll
    + 2011-07-14 03:32 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
    + 2011-06-17 09:56 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893$\spuninst\updspapi.dll
    + 2011-06-17 09:56 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893$\spuninst\spuninst.exe
    + 2011-06-17 09:56 . 2011-03-07 05:33 692736 c:\windows\$NtUninstallKB2544893$\inetcomm.dll
    + 2011-07-13 02:13 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2541763$\spuninst\updspapi.dll
    + 2011-07-13 02:13 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
    + 2011-07-13 02:13 . 2010-06-30 12:31 149504 c:\windows\$NtUninstallKB2541763$\schannel.dll
    + 2011-06-17 09:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2536276$\spuninst\updspapi.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2536276$\spuninst\spuninst.exe
    + 2011-06-17 09:58 . 2011-02-17 13:18 455936 c:\windows\$NtUninstallKB2536276$\mrxsmb.sys
    + 2011-06-17 09:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2535512$\spuninst\updspapi.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2535512$\spuninst\spuninst.exe
    + 2011-06-17 09:58 . 2008-04-13 19:17 105344 c:\windows\$NtUninstallKB2535512$\mup.sys
    + 2011-07-14 03:37 . 2010-06-18 17:45 293376 c:\windows\$NtUninstallKB2507938$\winsrv.dll
    + 2011-07-14 03:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2507938$\spuninst\updspapi.dll
    + 2011-07-14 03:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
    + 2011-06-17 09:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2503665$\spuninst\updspapi.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2503665$\spuninst\spuninst.exe
    + 2011-06-17 09:59 . 2008-10-16 14:43 138496 c:\windows\$NtUninstallKB2503665$\afd.sys
    + 2011-06-17 09:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476490$\spuninst\updspapi.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476490$\spuninst\spuninst.exe
    + 2011-06-17 09:59 . 2008-04-14 00:12 551936 c:\windows\$NtUninstallKB2476490$\oleaut32.dll
    + 2011-07-14 03:32 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
    + 2011-07-14 03:32 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2555917\update\update.exe
    + 2011-07-14 03:32 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2555917\spuninst.exe
    + 2011-06-17 09:56 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893\update\updspapi.dll
    + 2011-06-17 09:56 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893\update\update.exe
    + 2011-06-17 09:56 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893\spuninst.exe
    + 2011-06-16 09:01 . 2011-05-02 15:30 692736 c:\windows\$hf_mig$\KB2544893\SP3QFE\inetcomm.dll
    + 2011-06-17 09:51 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544521-IE8\update\updspapi.dll
    + 2011-06-17 09:51 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544521-IE8\update\update.exe
    + 2011-06-17 09:51 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544521-IE8\spuninst.exe
    + 2011-06-16 09:00 . 2011-04-30 02:59 758784 c:\windows\$hf_mig$\KB2544521-IE8\SP3QFE\vgx.dll
    + 2011-07-13 02:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
    + 2011-07-13 02:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2541763\update\update.exe
    + 2011-07-13 02:13 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2541763\spuninst.exe
    + 2011-04-29 17:23 . 2011-04-29 17:23 151552 c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
    + 2011-06-17 09:58 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276\update\updspapi.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276\update\update.exe
    + 2011-06-17 09:58 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276\spuninst.exe
    + 2011-06-16 09:02 . 2011-04-29 16:47 457856 c:\windows\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
    + 2011-06-17 09:58 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2535512\update\updspapi.dll
    + 2011-06-17 09:58 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2535512\update\update.exe
    + 2011-06-17 09:58 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2535512\spuninst.exe
    + 2011-06-16 09:02 . 2011-04-21 13:52 105472 c:\windows\$hf_mig$\KB2535512\SP3QFE\mup.sys
    + 2011-06-17 09:57 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2530548-IE8\update\updspapi.dll
    + 2011-06-17 09:57 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2530548-IE8\update\update.exe
    + 2011-06-17 09:57 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2530548-IE8\spuninst.exe
    + 2011-06-16 09:02 . 2011-04-25 16:09 919552 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 206848 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\occache.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 611840 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mstime.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 602112 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeeds.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 247808 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieproxy.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 184320 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iepeers.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 743424 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedvtool.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 387584 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedkcs32.dll
    + 2011-06-16 09:02 . 2011-04-25 11:37 173568 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ie4uinit.exe
    + 2011-07-14 03:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
    + 2011-07-14 03:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507938\update\update.exe
    + 2011-07-14 03:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507938\spuninst.exe
    + 2011-04-26 11:02 . 2011-04-26 11:02 293376 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
    + 2011-06-17 09:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2503665\update\updspapi.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2503665\update\update.exe
    + 2011-06-17 09:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2503665\spuninst.exe
    + 2011-06-16 09:02 . 2011-02-16 13:25 138496 c:\windows\$hf_mig$\KB2503665\SP3QFE\afd.sys
    + 2011-06-17 09:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476490\update\updspapi.dll
    + 2011-06-17 09:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476490\update\update.exe
    + 2011-06-17 09:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476490\spuninst.exe
    + 2010-12-20 17:30 . 2010-12-20 17:30 552448 c:\windows\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll
    + 2011-05-13 19:04 . 2011-05-13 19:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
    + 2011-05-13 19:04 . 2011-05-13 19:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
    + 2005-08-16 04:18 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
    + 2011-01-24 16:37 . 2011-05-10 07:06 4517664 c:\windows\system32\usbaaplrc.dll
    + 2005-08-16 04:18 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
    + 2011-07-13 17:14 . 2011-02-18 16:36 4184352 c:\windows\system32\ReinstallBackups\0019\DriverFiles\usbaaplrc.dll
    + 2005-08-16 04:18 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
    + 2011-03-21 21:19 . 2011-05-19 12:02 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2006-10-17 10:57 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
    - 2006-10-17 10:57 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
    + 2011-07-13 17:14 . 2011-05-10 07:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_5CBB3A09528F68FC4AD2F36E43C028E7E6F20400\usbaaplrc.dll
    + 2011-07-13 17:14 . 2010-04-19 20:29 1461992 c:\windows\system32\DRVSTORE\netaapl_B71F8545DA20A81C41BFD744E8D7D9784787E916\wdfcoinstaller01009.dll
    + 2008-10-15 16:18 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
    + 2006-07-25 20:42 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2006-07-28 11:30 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
    + 2007-05-09 19:02 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
    - 2007-05-09 19:02 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
    + 2011-03-22 21:01 . 2011-03-22 21:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    - 2011-02-10 03:10 . 2011-02-10 03:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    + 2011-04-12 14:11 . 2011-04-12 14:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    - 2011-02-10 03:10 . 2011-02-10 03:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    + 2011-03-25 05:15 . 2011-03-25 05:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2008-07-25 10:17 . 2008-07-25 10:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2010-03-23 04:32 . 2010-03-23 04:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-04-28 20:50 . 2011-04-28 20:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-03-25 05:15 . 2011-03-25 05:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2011-01-18 03:39 . 2011-01-18 03:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-03-25 05:15 . 2011-03-25 05:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-04-15 02:10 . 2011-04-15 02:10 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2011-07-13 02:31 . 2011-07-13 02:31 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-07-13 02:32 . 2011-07-13 02:32 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    - 2011-04-15 02:09 . 2011-04-15 02:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2011-07-12 11:18 . 2011-07-12 11:18 2295808 c:\windows\Installer\60f37.msi
    + 2011-07-13 17:30 . 2011-07-13 17:30 1769984 c:\windows\Installer\4fd463.msi
    + 2011-07-13 17:14 . 2011-07-13 17:14 3085312 c:\windows\Installer\4fca21.msi
    + 2011-03-25 08:03 . 2011-03-25 08:03 5079552 c:\windows\Installer\4425e.msp
    + 2011-01-18 22:36 . 2011-01-18 22:36 2687488 c:\windows\Installer\44257.msp
    + 2011-05-20 16:31 . 2011-05-20 16:31 5518848 c:\windows\Installer\3a5b7.msp
    + 2011-08-31 17:26 . 2011-08-31 17:26 5467136 c:\windows\Installer\326cc5.msi
    + 2011-08-31 17:18 . 2011-08-31 17:18 9474048 c:\windows\Installer\3262e2.msi
    + 2011-08-31 17:14 . 2011-08-31 17:14 1984512 c:\windows\Installer\326031.msi
    + 2011-04-27 10:14 . 2011-04-27 10:14 5520384 c:\windows\Installer\224a9.msp
    + 2011-06-03 21:27 . 2011-06-03 21:27 1529344 c:\windows\Installer\21182b.msi
    + 2011-09-01 01:25 . 2011-09-01 01:25 1241088 c:\windows\Installer\1f29bba.msi
    + 2011-09-01 01:24 . 2011-09-01 01:24 1527808 c:\windows\Installer\1f29bb3.msi
    + 2011-03-20 00:19 . 2011-08-08 21:39 3852288 c:\windows\Installer\1e95db.msi
    - 2011-03-20 00:19 . 2011-04-19 11:23 3852288 c:\windows\Installer\1e95db.msi
    + 2011-05-01 23:06 . 2011-05-01 23:06 2705920 c:\windows\Installer\10fc4.msp
    + 2011-07-26 12:50 . 2011-07-26 12:50 5522432 c:\windows\Installer\10fbd.msp
    + 2011-08-27 08:06 . 2011-08-27 08:06 1389056 c:\windows\Installer\10fa5.msi
    + 2011-08-27 08:11 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
    + 2011-08-27 08:11 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
    + 2011-08-27 08:11 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
    + 2006-12-18 17:17 . 2006-12-18 17:17 1652320 c:\windows\Downloaded Program Files\TriJinx.1.0.0.87.dll
    + 2006-12-16 21:48 . 2006-12-16 21:48 2094696 c:\windows\Downloaded Program Files\DinerDash2.1.0.0.68.dll
    + 2011-07-13 02:33 . 2011-07-13 02:33 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\39ad17570cd9b350f3191c46af747f0a\WindowsBase.ni.dll
    + 2011-07-13 13:02 . 2011-07-13 13:02 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2e99b31b1f410797d304205076303c84\UIAutomationClientsideProviders.ni.dll
    + 2011-07-13 02:33 . 2011-07-13 02:33 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\4532468deac0fdeff26329333c7642b6\System.ni.dll
    + 2011-07-13 02:35 . 2011-07-13 02:35 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ccaccea2516d5479f2267ed40ad51f2c\System.Xml.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bc3b4596da878455664b10f8f5a3eea9\System.Xaml.ni.dll
    + 2011-07-13 13:02 . 2011-07-13 13:02 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ea669fccb5098f6994d7dce2431f42bb\System.Windows.Forms.DataVisualization.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\fa9a425b4c0e25d72eff1b26927b228f\System.Web.Services.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\1fcecb3e1365356b59412dbc995358ca\System.Speech.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\91bbada7862bbe512ca563d4afbb1119\System.ServiceModel.Activities.ni.dll
    + 2011-07-13 13:01 . 2011-07-13 13:01 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\17f3615ee45aa9cadfde2aa1fa4c59b3\System.ServiceModel.Discovery.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\933c05c80f64460a6c332ead830b4313\System.Runtime.Serialization.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\1a84c3cbd223adb3230ccdbffba03344\System.Runtime.DurableInstancing.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\69120e2591cabae6c8dc6f0edfae57f4\System.Printing.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\71aec26781d7e59678f478eb0d829cca\System.Management.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\def90d4c4629a38ce4be1126723c655a\System.IdentityModel.ni.dll
    + 2011-07-13 02:33 . 2011-07-13 02:33 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5b5dbf8a469be467c6f3a1ef97ff22cd\System.Drawing.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\63107a42be6bb665bdfb04bf25e7a5d9\System.DirectoryServices.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\c813a0cf9615f9429eeb3084921e32ae\System.Deployment.ni.dll
    + 2011-07-13 02:36 . 2011-07-13 02:36 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9fea2a740d10da358757079ce9a25a8e\System.Data.ni.dll
    + 2011-07-13 02:36 . 2011-07-13 02:36 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\52716f5ab0c0db42191c5b0428992504\System.Data.SqlXml.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\5a95b68341029e18e2b48b5530d71aed\System.Data.Services.Client.ni.dll
    + 2011-07-13 02:36 . 2011-07-13 02:36 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\2edc269d198113ddd8ab871c5e682ef5\System.Data.Linq.ni.dll
    + 2011-07-13 02:34 . 2011-07-13 02:34 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ca04626157aebf0f25378a2489d08d00\System.Core.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\39784b2fdabbda2509943a51e880b996\System.Activities.ni.dll
    + 2011-07-13 12:57 . 2011-07-13 12:57 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\77b0ae34d286b1fff459892bac7f3ccd\System.Activities.Presentation.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\bf317ef84cccc7ac791fedc184506cce\System.Activities.Core.Presentation.ni.dll
    + 2011-07-13 12:56 . 2011-07-13 12:56 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\a751deb76e4ccd191d3b31949e72a4c6\ReachFramework.ni.dll
    + 2011-07-13 12:55 . 2011-07-13 12:55 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\c078d9d545ca92f4fff628ede6e9bbc9\PresentationUI.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\83c3c1f84ad219275e756ac40329c135\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5b5d2dd622551a1badbff3b553be488a\Microsoft.VisualBasic.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5975bd71ab4b12816ae943bb87491565\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2011-07-13 12:54 . 2011-07-13 12:54 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\efdf528a4475adb379b787a32b1227d5\Microsoft.Transactions.Bridge.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\a687723750d4f9f810c9f2bd8e022335\Microsoft.JScript.ni.dll
    + 2011-07-13 02:34 . 2011-07-13 02:34 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\90e32dcd498264ba026ad0916587f857\Microsoft.CSharp.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fd91703869c4577ee385f6950b744cbe\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dae5a7d92344cb126cd6f3fdfd661c07\WindowsLive.Writer.PostEditor.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29476a403ae6128b1f09f1f9dc4f3f2d\WindowsLive.Writer.CoreServices.ni.dll
    + 2011-08-27 08:22 . 2011-08-27 08:22 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
    + 2011-08-27 08:22 . 2011-08-27 08:22 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
    + 2011-08-27 09:14 . 2011-08-27 09:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
    + 2011-08-27 09:13 . 2011-08-27 09:13 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
    + 2011-08-27 09:13 . 2011-08-27 09:13 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
    + 2011-08-27 09:12 . 2011-08-27 09:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
    + 2011-08-27 09:12 . 2011-08-27 09:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
    + 2011-08-27 09:07 . 2011-08-27 09:07 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
    + 2011-08-27 09:07 . 2011-08-27 09:07 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
    + 2011-08-27 08:25 . 2011-08-27 08:25 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
    + 2011-08-27 08:25 . 2011-08-27 08:25 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\afb4d5e8161d0129ba15c37de2461d8a\System.Data.Entity.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
    + 2011-08-27 08:22 . 2011-08-27 08:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c523412e6b11e7072f93bdd3ef24a479\PresentationBuildTasks.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
    + 2011-08-27 09:11 . 2011-08-27 09:11 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
    + 2011-08-27 09:10 . 2011-08-27 09:10 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2011-08-27 08:20 . 2011-08-27 08:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2011-04-15 02:19 . 2011-04-15 02:19 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-04-15 02:20 . 2011-04-15 02:20 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-08-27 08:19 . 2011-08-27 08:19 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-07-14 03:32 . 2011-03-03 13:21 1857920 c:\windows\$NtUninstallKB2555917$\win32k.sys
    + 2011-06-02 14:07 . 2011-06-02 14:07 1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
    + 2011-06-16 09:02 . 2011-04-25 16:09 1213952 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\urlmon.dll
    + 2011-06-16 09:02 . 2011-05-30 22:17 5967360 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 1992192 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iertutil.dll
    + 2006-09-16 20:03 . 2011-08-27 08:12 52390856 c:\windows\system32\MRT.exe
    + 2006-10-27 13:09 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
    + 2007-05-09 19:02 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-03-28 02:27 . 2011-03-28 02:27 15456256 c:\windows\Installer\44269.msp
    + 2011-04-13 10:37 . 2011-04-13 10:37 19201024 c:\windows\Installer\44251.msp
    + 2011-06-17 09:59 . 2011-06-17 09:59 20333056 c:\windows\Installer\3a5c2.msp
    + 2011-05-20 13:55 . 2011-05-20 13:55 20314624 c:\windows\Installer\104684a.msp
    + 2011-08-27 08:11 . 2011-04-26 09:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
    + 2011-06-17 09:57 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
    + 2011-07-13 02:36 . 2011-07-13 02:36 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\81408cc3ba17ae98c1977f435a491e00\System.Windows.Forms.ni.dll
    + 2011-07-13 13:00 . 2011-07-13 13:00 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dbcea7c6574b18e66d93c9a26c8a9e57\System.ServiceModel.ni.dll
    + 2011-07-13 12:59 . 2011-07-13 12:59 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\5c2e8b47d12a32fae319a7b2b562ca89\System.Data.Entity.ni.dll
    + 2011-07-13 02:35 . 2011-07-13 02:35 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ff91a03e0ff9f9885b735db6734d568c\PresentationFramework.ni.dll
    + 2011-07-13 02:34 . 2011-07-13 02:34 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\942925bd6f724122cb4b3c71acbdcb04\PresentationCore.ni.dll
    + 2011-07-13 02:18 . 2011-07-13 02:18 14408704 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dc0b188b244ec4a4ccec59ac6f1620ad\mscorlib.ni.dll
    + 2011-08-27 08:26 . 2011-08-27 08:26 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
    + 2011-08-27 09:09 . 2011-08-27 09:09 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
    + 2011-08-27 09:08 . 2011-08-27 09:08 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
    + 2011-08-27 08:25 . 2011-08-27 08:25 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
    + 2011-08-27 08:24 . 2011-08-27 08:24 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
    + 2011-08-27 08:22 . 2011-08-27 08:22 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
    + 2011-07-13 02:44 . 2011-07-13 02:44 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    + 2011-06-16 09:02 . 2011-04-25 16:09 11083776 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
    "MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
    "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-17 273544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
    backup=c:\windows\pss\DSLMON.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
    backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Amanda Miles^Start Menu^Programs^Startup^MostFun.lnk]
    backup=c:\windows\pss\MostFun.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-08-05 21:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 07:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 03:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-06-17 07:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-03 20:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 10:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 10:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    2006-01-05 06:58 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    2006-01-05 07:15 73728 ----a-w- c:\program files\Logitech\Video\InstallHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-08-18 16:04 17360520 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-01-20 18:48 1242448 ----a-w- c:\program files\Steam\steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
    2005-09-19 07:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Amanda Miles\\My Documents\\Downloads\\utorrent (2).exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [21/08/2011 10:00 53816]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SymDS.sys [28/07/2011 19:20 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SymEFA.sys [28/07/2011 19:20 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110901.001\BHDrvx86.sys [02/09/2011 01:04 815736]
    R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [04/08/2011 17:20 216912]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [21/08/2011 10:00 66360]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [21/08/2011 10:00 158904]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.sys [28/07/2011 19:20 136312]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [28/07/2011 19:20 130008]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [21/08/2011 10:00 870200]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05/08/2011 12:03 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110907.030\IDSXpx86.sys [08/09/2011 15:47 356280]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 17:06 11520]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [16/05/2008 12:31 362944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
    S2 gupdate1c9bc43a70feec1;Google Update Service (gupdate1c9bc43a70feec1);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2009 15:24 133104]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/05/2008 12:31 17149]
    S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [12/10/2010 18:59 206072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2009 15:24 133104]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 14:24]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 14:24]
    .
    2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789418913-2538997229-1889637489-1005Core.job
    - c:\documents and settings\Amanda Miles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 10:57]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789418913-2538997229-1889637489-1005UA.job
    - c:\documents and settings\Amanda Miles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 10:57]
    .
    2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789418913-2538997229-1889637489-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789418913-2538997229-1889637489-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2011-09-07 c:\windows\Tasks\User_Feed_Synchronization-{2FD2E923-2736-420D-836E-A74D141691A5}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.talktalk.co.uk/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = proxy137.scansafe.net:8080
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2F2D4393-C50C-4C43-9DB2-0582A742A8EB}: NameServer = 212.74.112.66,212.74.112.67
    TCP: Interfaces\{777B347E-CD52-427A-822B-5F573F5EE8A3}: NameServer = 212.74.112.66,212.74.112.67
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-08 17:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    Completion time: 2011-09-08 17:17:22
    ComboFix-quarantined-files.txt 2011-09-08 16:17
    ComboFix2.txt 2011-05-11 11:23
    ComboFix3.txt 2011-04-27 09:55
    ComboFix4.txt 2011-04-02 11:11
    ComboFix5.txt 2011-09-08 15:33
    .
    Pre-Run: 124,785,364,992 bytes free
    Post-Run: 127,191,453,696 bytes free
    .
    - - End Of File - - A60AB16A7EF0C3810349D4634D669A1E
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1015493

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice