ComboFix 11-11-12.04 - Anh 11/12/2011 12:26:34.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3950.2581 [GMT -5:00] Running from: c:\users\Anh\Desktop\ComboFix.exe Command switches used :: c:\users\Anh\Desktop\cfscript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_is3srv . . ((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 ))))))))))))))))))))))))))))))) . . 2011-11-12 17:31 . 2011-11-12 17:31 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-11-12 17:31 . 2011-11-12 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-12 17:31 . 2011-11-12 17:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-11-07 21:35 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-07 21:35 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-07 21:35 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-07 21:35 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-07 21:35 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-07 21:35 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-07 21:35 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-07 21:34 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr 2011-11-07 21:34 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-11-07 21:34 . 2011-11-07 21:34 -------- d-----w- c:\programdata\AVAST Software 2011-11-07 21:34 . 2011-11-07 21:34 -------- d-----w- c:\program files\AVAST Software 2011-11-07 21:28 . 2011-11-07 21:28 -------- d-----w- C:\_OTL 2011-11-07 01:43 . 2011-11-07 01:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-06 23:14 . 2011-09-01 05:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-06 23:14 . 2011-09-01 02:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-11-06 23:14 . 2011-09-01 05:35 174368 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-11-06 23:14 . 2011-09-01 02:41 141088 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2011-11-06 23:12 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-11-06 23:12 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-11-06 23:12 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-11-06 23:12 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-11-06 23:12 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-11-06 23:12 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-06 23:12 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-11-06 23:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-11-06 23:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-11-06 23:01 . 2011-11-06 23:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-11-06 20:58 . 2011-11-06 22:59 -------- d-----w- c:\programdata\STOPzilla! 2011-11-06 20:40 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D3B26E-4264-4BD2-A836-6523604A6581}\mpengine.dll 2011-11-06 20:30 . 2011-11-06 20:30 -------- d-----w- c:\windows\Sun 2011-10-22 12:10 . 2011-10-22 12:10 -------- d-----w- c:\program files (x86)\Application Updater 2011-10-22 12:10 . 2011-10-22 12:10 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar 2011-10-22 12:10 . 2011-10-22 12:10 -------- d-----w- c:\program files (x86)\Common Files\Spigot . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-12 17:35 . 2011-11-12 17:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D3B26E-4264-4BD2-A836-6523604A6581}\offreg.dll 2011-10-04 04:23 . 2011-10-04 04:23 485576 ----a-w- c:\users\Anh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2011-10-03 10:06 . 2010-05-03 12:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-16 18:58 . 2011-09-16 18:58 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-09-16 18:58 . 2011-09-16 18:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-09-16 18:58 . 2011-09-16 18:58 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-09-16 18:58 . 2011-09-16 18:58 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-09-16 18:58 . 2011-09-16 18:58 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-09-16 18:58 . 2011-09-16 18:58 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-09-16 18:58 . 2011-09-16 18:58 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-09-16 18:58 . 2011-09-16 18:58 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-09-16 18:58 . 2011-09-16 18:58 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-09-16 18:58 . 2011-09-16 18:58 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-09-16 18:58 . 2011-09-16 18:58 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-09-16 18:58 . 2011-09-16 18:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-09-16 18:58 . 2011-09-16 18:58 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-09-16 18:58 . 2011-09-16 18:58 448512 ----a-w- c:\windows\system32\html.iec 2011-09-16 18:58 . 2011-09-16 18:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-09-16 18:58 . 2011-09-16 18:58 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-09-16 18:58 . 2011-09-16 18:58 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-09-16 18:58 . 2011-09-16 18:58 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-16 18:58 . 2011-09-16 18:58 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-09-16 18:58 . 2011-09-16 18:58 222208 ----a-w- c:\windows\system32\msls31.dll 2011-09-16 18:58 . 2011-09-16 18:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-16 18:58 . 2011-09-16 18:58 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-09-16 18:58 . 2011-09-16 18:58 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-09-16 18:58 . 2011-09-16 18:58 160256 ----a-w- c:\windows\system32\wextract.exe 2011-09-16 18:58 . 2011-09-16 18:58 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-09-16 18:58 . 2011-09-16 18:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-09-16 18:58 . 2011-09-16 18:58 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-16 18:58 . 2011-09-16 18:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-09-16 18:58 . 2011-09-16 18:58 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-09-16 18:58 . 2011-09-16 18:58 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-09-16 18:58 . 2011-09-16 18:58 12288 ----a-w- c:\windows\system32\mshta.exe 2011-09-16 18:58 . 2011-09-16 18:58 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-09-16 18:58 . 2011-09-16 18:58 114176 ----a-w- c:\windows\system32\admparse.dll 2011-09-16 18:58 . 2011-09-16 18:58 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-16 18:58 . 2011-09-16 18:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-09-16 18:58 . 2011-09-16 18:58 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-31 22:00 . 2011-08-03 19:49 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-21 23:09 . 2011-08-03 21:01 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-08-20 20:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-20 20:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-16 18:26 . 2011-08-16 18:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2011-11-07_01.21.01 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-25 20:24 . 2011-11-09 02:33 58326 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-11-12 17:17 37244 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-05-01 01:51 . 2011-11-12 17:17 19324 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3079230850-313331458-1004908580-1001_UserData.bin + 2009-07-14 04:46 . 2011-11-12 17:19 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-11-07 02:01 . 2011-11-07 02:01 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\3cc4abfef1dab52ed9554579370fdc63\System.Windows.Presentation.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c4a4564925c5fa6d43dac830cfb294bd\System.Web.DynamicData.Design.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c4a4564925c5fa6d43dac830cfb294bd\System.Web.DynamicData.Design.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\de6cc37afc2bb3ea973c29211f0b21d8\System.Windows.Presentation.ni.dll - 2011-11-07 00:53 . 2011-11-07 00:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\de6cc37afc2bb3ea973c29211f0b21d8\System.Windows.Presentation.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\813e44ed9fb1cc60fa0ddc7a8d790a0a\System.Web.DynamicData.Design.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\813e44ed9fb1cc60fa0ddc7a8d790a0a\System.Web.DynamicData.Design.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\d0ed41e7dcb1be4a43a76e47de276d94\System.ComponentModel.DataAnnotations.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\d0ed41e7dcb1be4a43a76e47de276d94\System.ComponentModel.DataAnnotations.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\af072bb984952ba5e573ca93cc0cad44\PresentationFontCache.ni.exe + 2011-11-07 01:21 . 2011-11-07 01:21 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\af072bb984952ba5e573ca93cc0cad44\PresentationFontCache.ni.exe - 2011-11-07 00:52 . 2011-11-07 00:52 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\a38f8e60cdbca2d158d8daaea9577934\napcrypt.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\a38f8e60cdbca2d158d8daaea9577934\napcrypt.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\0067507e3305266a72358b51bdd5dd86\Microsoft.WSMan.Runtime.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\0067507e3305266a72358b51bdd5dd86\Microsoft.WSMan.Runtime.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f7a51d8e344dda4d7f38e1b824cd83ad\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f7a51d8e344dda4d7f38e1b824cd83ad\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ed12245481e36d8cc238876bd79b1e6c\Microsoft.Windows.Diagnosis.SDHost.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ed12245481e36d8cc238876bd79b1e6c\Microsoft.Windows.Diagnosis.SDHost.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e5e22edbc2a34b9d9a166dbbaf7379ff\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e5e22edbc2a34b9d9a166dbbaf7379ff\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ca1daccfdb3f0bff3bd0062644a539bf\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ca1daccfdb3f0bff3bd0062644a539bf\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\afe4d94d07a22c70106c859139cb314a\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\afe4d94d07a22c70106c859139cb314a\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62e68252fc137a55d2d39fe0d5093599\Microsoft.Windows.Diagnosis.SDEngine.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62e68252fc137a55d2d39fe0d5093599\Microsoft.Windows.Diagnosis.SDEngine.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\508857b730c4edea8eca42b3d435ef82\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\508857b730c4edea8eca42b3d435ef82\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll + 2011-11-12 17:32 . 2011-11-12 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-06 23:29 . 2011-11-07 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-12 17:32 . 2011-11-12 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-06 23:29 . 2011-11-07 01:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2011-11-12 17:33 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-11-07 01:12 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-01 15:40 . 2011-11-09 20:47 285220 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2009-07-14 02:36 . 2011-11-07 01:19 615360 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-07 22:57 615360 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-07 22:57 103702 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-11-07 01:19 103702 c:\windows\system32\perfc009.dat + 2009-12-25 21:38 . 2011-11-07 21:28 957680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2011-11-12 17:31 415640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-11-06 23:28 415640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-05-07 19:40 . 2011-11-12 17:31 596552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3079230850-313331458-1004908580-1001-8192.dat - 2010-05-07 19:40 . 2011-11-06 23:28 596552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3079230850-313331458-1004908580-1001-8192.dat + 2011-10-17 02:20 . 2011-11-09 02:10 537140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3079230850-313331458-1004908580-1001-12288.dat - 2011-10-17 02:20 . 2011-11-06 21:03 537140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3079230850-313331458-1004908580-1001-12288.dat - 2011-11-07 00:50 . 2011-11-07 00:50 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\756011e2290f779331336b1659d804e9\WsatConfig.ni.exe + 2011-11-07 02:01 . 2011-11-07 02:01 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\756011e2290f779331336b1659d804e9\WsatConfig.ni.exe + 2011-11-07 02:01 . 2011-11-07 02:01 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\bdf567eb555bffe4d9f4383b6b97832b\WindowsFormsIntegration.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\bdf567eb555bffe4d9f4383b6b97832b\WindowsFormsIntegration.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da4abebb1b165f2d27c5fe5bc6e9ed71\TaskScheduler.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da4abebb1b165f2d27c5fe5bc6e9ed71\TaskScheduler.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\2b9253e5a2818152f9f1a3b9d7c7ee60\System.Xml.Linq.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\2b9253e5a2818152f9f1a3b9d7c7ee60\System.Xml.Linq.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\5e59963a99fe6b3dfc07b6ecb375b42b\System.Web.Routing.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\5e59963a99fe6b3dfc07b6ecb375b42b\System.Web.Routing.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\550cf8623da60ebdaf41be0d472886cf\System.Web.Entity.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\550cf8623da60ebdaf41be0d472886cf\System.Web.Entity.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e97615ac42a73803dbb72feb560dc3f8\System.Web.Entity.Design.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e97615ac42a73803dbb72feb560dc3f8\System.Web.Entity.Design.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\469736b242d26e3a0df5dea6da3679f4\System.Web.DynamicData.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\469736b242d26e3a0df5dea6da3679f4\System.Web.DynamicData.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\de14c74ae9ddfaae3ecf50a7e4a1f1b0\System.Web.Abstractions.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\de14c74ae9ddfaae3ecf50a7e4a1f1b0\System.Web.Abstractions.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\1d7d8aef36a4181c824e7b19a5717181\System.Net.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\1d7d8aef36a4181c824e7b19a5717181\System.Net.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\515b6d806d49ee9f3a0c4777c313c5a9\System.Management.Instrumentation.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\515b6d806d49ee9f3a0c4777c313c5a9\System.Management.Instrumentation.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\09e99130b92146abae3d4c9b5c8bb116\System.IO.Log.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\09e99130b92146abae3d4c9b5c8bb116\System.IO.Log.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a342b0087027682df86caa73cf0dc223\System.Data.Services.Design.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a342b0087027682df86caa73cf0dc223\System.Data.Services.Design.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\0749a52124e604d5104322fd60606810\System.Data.DataSetExtensions.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\0749a52124e604d5104322fd60606810\System.Data.DataSetExtensions.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\63c8a0af333eb6fa7d73d5b30c9acb38\System.ComponentModel.DataAnnotations.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\63c8a0af333eb6fa7d73d5b30c9acb38\System.ComponentModel.DataAnnotations.ni.dll + 2011-11-07 01:59 . 2011-11-07 01:59 920064 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\ecfb6b5c6e7665cbb7c54c7e7cdb8539\System.AddIn.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\edf038eef2dc9f21b13da8bdc046a834\System.AddIn.Contract.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\edf038eef2dc9f21b13da8bdc046a834\System.AddIn.Contract.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\0ba53d547dabd039b0cfc9ce52fa6c57\sysglobl.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\0ba53d547dabd039b0cfc9ce52fa6c57\sysglobl.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0f0e4119556b49e8e2adcd3a441753fc\WsatConfig.ni.exe - 2011-11-07 00:53 . 2011-11-07 00:53 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0f0e4119556b49e8e2adcd3a441753fc\WsatConfig.ni.exe + 2011-11-07 01:21 . 2011-11-07 01:21 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6eadd2ec3f027920eb71e6e9fed30ff2\UIAutomationClient.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6eadd2ec3f027920eb71e6e9fed30ff2\UIAutomationClient.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8c9f15092dab9a5f36d9f160b69d108c\TaskScheduler.ni.dll - 2011-11-07 00:53 . 2011-11-07 00:53 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8c9f15092dab9a5f36d9f160b69d108c\TaskScheduler.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3829b51abaacbeb5c4d871ab288f4fc2\System.Web.Routing.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3829b51abaacbeb5c4d871ab288f4fc2\System.Web.Routing.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\74181cc1641ef6eef960185a8295f481\System.Web.Extensions.Design.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\74181cc1641ef6eef960185a8295f481\System.Web.Extensions.Design.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2b4a2e72bcd57347b5c94f0e8d9a1895\System.Web.Entity.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2b4a2e72bcd57347b5c94f0e8d9a1895\System.Web.Entity.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\636d522ccf1f6956ba7be9ee79749c14\System.Web.Entity.Design.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\636d522ccf1f6956ba7be9ee79749c14\System.Web.Entity.Design.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\812d09cd97db4c0d689522d35b783990\System.Web.DynamicData.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\812d09cd97db4c0d689522d35b783990\System.Web.DynamicData.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\99615ea47ed1a1ffb696b035c922f1eb\System.Web.Abstractions.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\99615ea47ed1a1ffb696b035c922f1eb\System.Web.Abstractions.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\573003889d88b6c133de7360960c9da0\System.Net.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\573003889d88b6c133de7360960c9da0\System.Net.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\2e7668ad46be53fe98c5fbe4b3bf733e\System.Management.Instrumentation.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\2e7668ad46be53fe98c5fbe4b3bf733e\System.Management.Instrumentation.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\ebd645cff62cef59eaf1ef8e3b3c5127\System.IO.Log.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\ebd645cff62cef59eaf1ef8e3b3c5127\System.IO.Log.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\50da9308aea01ad914cc87509dd968ec\System.Data.Services.Design.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\50da9308aea01ad914cc87509dd968ec\System.Data.Services.Design.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6b2585c0630f7a9411ef5730f3558139\System.Data.Entity.Design.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6b2585c0630f7a9411ef5730f3558139\System.Data.Entity.Design.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c523aa7f545394a1ed7f9a6358cf18e3\System.Data.DataSetExtensions.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c523aa7f545394a1ed7f9a6358cf18e3\System.Data.DataSetExtensions.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\571bcd3c57411a09469a58c7462a4c8b\sysglobl.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\571bcd3c57411a09469a58c7462a4c8b\sysglobl.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2a25182592e8c63ea14d0935b0580b9d\SMSvcHost.ni.exe + 2011-11-07 01:21 . 2011-11-07 01:21 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2a25182592e8c63ea14d0935b0580b9d\SMSvcHost.ni.exe + 2011-11-07 01:21 . 2011-11-07 01:21 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\a41437397e3b33ebc5d2652d5d840667\napsnap.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\a41437397e3b33ebc5d2652d5d840667\napsnap.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c2030859672edc6a6f938650d64c42fc\napinit.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c2030859672edc6a6f938650d64c42fc\napinit.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\6c31aace1d7b39145fe0ef94f1530e8a\naphlpr.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\6c31aace1d7b39145fe0ef94f1530e8a\naphlpr.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\027cfb46a54d640ce0170818510f55cb\MSBuild.ni.exe - 2011-11-07 00:52 . 2011-11-07 00:52 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\027cfb46a54d640ce0170818510f55cb\MSBuild.ni.exe - 2011-11-07 00:52 . 2011-11-07 00:52 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\d2895e306d1273b26f21b2e236a8fa29\Microsoft.WSMan.Management.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\d2895e306d1273b26f21b2e236a8fa29\Microsoft.WSMan.Management.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce29d5de8d4f6f1b2216f7f17ae66c80\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce29d5de8d4f6f1b2216f7f17ae66c80\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\53ef826acbbf946830301f1fcc0361d2\Microsoft.PowerShell.GraphicalHost.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\53ef826acbbf946830301f1fcc0361d2\Microsoft.PowerShell.GraphicalHost.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\38b928a3c5a4ddbe616983989bae6487\Microsoft.PowerShell.Security.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\38b928a3c5a4ddbe616983989bae6487\Microsoft.PowerShell.Security.ni.dll + 2009-07-14 04:54 . 2011-11-12 17:33 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-07 01:12 5095424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-07 01:12 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-11-12 17:33 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-07 00:50 . 2011-11-07 00:50 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\888e738b2d4904fc2193ea2237acb01e\UIAutomationClientsideProviders.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\888e738b2d4904fc2193ea2237acb01e\UIAutomationClientsideProviders.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5e18a0dbf5fa5e5ebb20127e46fb5e39\System.WorkflowServices.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5e18a0dbf5fa5e5ebb20127e46fb5e39\System.WorkflowServices.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\0710a4905ff11c5534814f8d42e0e477\System.Web.Mobile.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\0710a4905ff11c5534814f8d42e0e477\System.Web.Mobile.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\940213c7e46d21b9f040b617716acd6e\System.Web.Extensions.Design.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\940213c7e46d21b9f040b617716acd6e\System.Web.Extensions.Design.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 3042304 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\045bff7a31fe725d20809c49e3d022fd\System.Web.Extensions.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 3042304 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\045bff7a31fe725d20809c49e3d022fd\System.Web.Extensions.ni.dll + 2011-11-07 02:01 . 2011-11-07 02:01 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\8e2d63ddf8223dab939bbdf5a9a51185\System.Speech.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\8e2d63ddf8223dab939bbdf5a9a51185\System.Speech.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\b2b78a61c8c7b8cb0739c3bad67ed756\System.ServiceModel.Web.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\b2b78a61c8c7b8cb0739c3bad67ed756\System.ServiceModel.Web.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ece506e2c1e0a1bde755dd7d652b5325\System.DirectoryServices.AccountManagement.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ece506e2c1e0a1bde755dd7d652b5325\System.DirectoryServices.AccountManagement.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\fe0d1dca499f1ccdee15400593b37cd3\System.Data.Services.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\fe0d1dca499f1ccdee15400593b37cd3\System.Data.Services.ni.dll - 2011-11-07 00:50 . 2011-11-07 00:50 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\55c030c014a9cd3ce63b1ce30722b6d7\System.Data.Services.Client.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\55c030c014a9cd3ce63b1ce30722b6d7\System.Data.Services.Client.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\6d2a8c2d751cb29ecdbc8a20aac2dd1e\System.Data.Linq.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\6d2a8c2d751cb29ecdbc8a20aac2dd1e\System.Data.Linq.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\2e1600551586106df9abd6ede3dd57df\System.Data.Entity.Design.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\2e1600551586106df9abd6ede3dd57df\System.Data.Entity.Design.ni.dll - 2011-11-07 00:53 . 2011-11-07 00:53 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\650f98b105afd8e1f75baaf6bd53050e\UIAutomationClientsideProviders.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\650f98b105afd8e1f75baaf6bd53050e\UIAutomationClientsideProviders.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\613ca3fba5bbcf6e9346170c9c2e4e65\System.WorkflowServices.ni.dll - 2011-11-07 00:53 . 2011-11-07 00:53 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\613ca3fba5bbcf6e9346170c9c2e4e65\System.WorkflowServices.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\91df75c9067c079446d43c7a7ff3c4cb\System.Web.Mobile.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\91df75c9067c079446d43c7a7ff3c4cb\System.Web.Mobile.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\338825754fc0f7046339859ca3ea6da5\System.Web.Extensions.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\338825754fc0f7046339859ca3ea6da5\System.Web.Extensions.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\0b5017932511872e37f6da04ef4f44b3\System.Speech.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\0b5017932511872e37f6da04ef4f44b3\System.Speech.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\01a1449b79d76e7cf39438cdd55cefbf\System.ServiceModel.Web.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\01a1449b79d76e7cf39438cdd55cefbf\System.ServiceModel.Web.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\078dc6604411139bb526d452033ff1d3\System.Data.Services.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\078dc6604411139bb526d452033ff1d3\System.Data.Services.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\91ee2a5b20d39be70a1d4e39ca9e23bf\System.Data.Services.Client.ni.dll + 2011-11-07 01:22 . 2011-11-07 01:22 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\91ee2a5b20d39be70a1d4e39ca9e23bf\System.Data.Services.Client.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\fabb785ea28124ebdf93acf16e5621d0\System.Data.Entity.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d34f41676aed9e84ef18852d371359e1\PresentationBuildTasks.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d34f41676aed9e84ef18852d371359e1\PresentationBuildTasks.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\060646580ce5113ef5e11d3523cbe883\Narrator.ni.exe + 2011-11-07 01:21 . 2011-11-07 01:21 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\060646580ce5113ef5e11d3523cbe883\Narrator.ni.exe + 2011-11-07 01:21 . 2011-11-07 01:21 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\09856e5c68686a53563775f9359e07ac\MMCEx.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\09856e5c68686a53563775f9359e07ac\MMCEx.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\beca29b613b68f68560960310c788ec3\Microsoft.PowerShell.GPowerShell.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\beca29b613b68f68560960310c788ec3\Microsoft.PowerShell.GPowerShell.ni.dll - 2011-11-07 00:52 . 2011-11-07 00:52 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\88b4d41e45ea4e4bcebdb5815f9e3c24\Microsoft.PowerShell.Editor.ni.dll + 2011-11-07 01:21 . 2011-11-07 01:21 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\88b4d41e45ea4e4bcebdb5815f9e3c24\Microsoft.PowerShell.Editor.ni.dll + 2011-11-07 02:00 . 2011-11-07 02:00 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\2d06fb193634c8d3951a01878f7d3297\System.Data.Entity.ni.dll - 2011-11-07 00:49 . 2011-11-07 00:49 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\2d06fb193634c8d3951a01878f7d3297\System.Data.Entity.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-02 05:03 98304 ------w- c:\windows\System32\VESWinlogon.dll . R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 135664] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 135664] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104] R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048] R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 01:53] . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-31 01:53] . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3079230850-313331458-1004908580-1001Core.job - c:\users\Anh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 01:22] . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3079230850-313331458-1004908580-1001UA.job - c:\users\Anh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 01:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU] "combofix"="c:\combofix\CF15737.3XE" [2010-11-20 345088] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\55ub4pvw.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe . ************************************************************************** . Completion time: 2011-11-12 12:39:50 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-12 17:39 ComboFix2.txt 2011-11-07 01:23 . Pre-Run: 200,900,173,824 bytes free Post-Run: 200,465,276,928 bytes free . - - End Of File - - 7F46C58F458FC289AB029BCB7FE0150C