Infected with Alureon.TK & .FB and Sirefef.B & .J Problems with Google redirects and booting.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Infected with Alureon.TK & .FB and Sirefef.B & .J Problems with Google redirects and booting. Have been removing Alureon and Sirefef but they keep returning.

#1 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 11 February 2012 - 10:53 PM

Hello! My problem started with Google redirects but then I could not fully boot -- I've had to run Startup Repair which usually fails to fix the problem. I usually have to restore to a previous date to fully boot.

Microsoft Security Essentials has been repeatedly finding Alureon.TK, Alureon.FB, Sirefef.B and Sirefef.J. I delete them each time but MSE finds more.
Sometimes Firefox disconnects and can't reconnect even though I still have broadband service.

I found my firewall was off and when I tried to turn it on I got:
Windows Firewall can't change some of your settings
Error code 0x80070424

Thanks for your help!

Here's the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Alyssa at 22:36:26 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2485 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DrvMon.exe] C:\Windows\system32\DrvMon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Alyssa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun-x64: [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
mRun-x64: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alyssa\AppData\Roaming\Mozilla\Firefox\Profiles\fy3suc50.default\
FF - prefs.js: browser.startup.homepage - aol.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\npvtmp3dlifeplayer.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-6-10 243232]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
S1 ldizpaji;ldizpaji;\??\C:\Windows\system32\drivers\ldizpaji.sys --> C:\Windows\system32\drivers\ldizpaji.sys [?]
S1 oblnhmqr;oblnhmqr;\??\C:\Windows\system32\drivers\oblnhmqr.sys --> C:\Windows\system32\drivers\oblnhmqr.sys [?]
S1 qjjedrmh;qjjedrmh;\??\C:\Windows\system32\drivers\qjjedrmh.sys --> C:\Windows\system32\drivers\qjjedrmh.sys [?]
S1 tqhyqqji;tqhyqqji;\??\C:\Windows\system32\drivers\tqhyqqji.sys --> C:\Windows\system32\drivers\tqhyqqji.sys [?]
S1 ulzbjvxi;ulzbjvxi;\??\C:\Windows\system32\drivers\ulzbjvxi.sys --> C:\Windows\system32\drivers\ulzbjvxi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 135664]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;C:\Windows\system32\ws2help32.exe --> C:\Windows\system32\ws2help32.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-4 1153368]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\system32\DRIVERS\AGUx64.sys --> C:\Windows\system32\DRIVERS\AGUx64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [2011-9-9 954368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWVNDIS;Novatel Wireless Virtual Network Adapter;C:\Windows\system32\DRIVERS\NWVNdis.sys --> C:\Windows\system32\DRIVERS\NWVNdis.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-12 03:26:06 48464 ----a-w- C:\Windows\System32\drivers\ldizpaji.sys
2012-02-12 03:15:54 48464 ----a-w- C:\Windows\System32\drivers\ulzbjvxi.sys
2012-02-12 03:15:13 48464 ----a-w- C:\Windows\System32\drivers\qjjedrmh.sys
2012-02-12 03:14:24 48464 ----a-w- C:\Windows\System32\drivers\tqhyqqji.sys
2012-02-12 03:05:16 48464 ----a-w- C:\Windows\System32\drivers\oblnhmqr.sys
2012-02-12 03:04:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83DE7FCF-7728-4D61-9F2F-2BF8452455E7}\offreg.dll
2012-02-12 03:04:35 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-12 03:04:22 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{343AC7D5-E652-40F1-93F4-A7294F883896}\gapaengine.dll
2012-02-12 03:04:14 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83DE7FCF-7728-4D61-9F2F-2BF8452455E7}\mpengine.dll
2012-02-05 23:44:33 -------- d-----w- C:\Users\Alyssa\AppData\Local\{62FA8B7B-8A34-48EB-8A36-A993ABB7FCC7}
2012-02-05 15:10:49 -------- d-----w- C:\Windows\System32\SPReview
2012-02-05 15:09:37 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-05 15:06:11 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-04 02:19:46 48464 ----a-w- C:\Windows\System32\drivers\whzucpnq.sys
2012-02-04 02:19:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD9A308B-4C6A-45D6-B4BE-DB5D731681A1}\offreg.dll
2012-02-04 02:18:42 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18935521-3922-4616-8C2E-5CB0E477B3DC}\gapaengine.dll
2012-02-04 02:18:34 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD9A308B-4C6A-45D6-B4BE-DB5D731681A1}\mpengine.dll
2012-01-29 23:13:59 -------- d-----w- C:\Users\Alyssa\AppData\Local\{8143463B-58A1-4CCF-B9A6-231A341E0D24}
2012-01-29 20:34:00 -------- d-----w- C:\Users\Alyssa\AppData\Local\{612B2FC9-CF25-4479-AB0B-8CDF1FA8FB2B}
2012-01-23 21:05:33 -------- d-----w- C:\Users\Alyssa\AppData\Local\{2612A0D3-B88E-4F36-B366-13BA914A01EB}
2012-01-23 20:49:29 -------- d-----w- C:\Users\Alyssa\AppData\Local\{798B916C-4061-4CCA-8C82-FB5F31DA8071}
2012-01-23 20:42:20 -------- d-----w- C:\Users\Alyssa\AppData\Local\{9B510CED-1AA3-4253-A17B-6684CB407AC8}
2012-01-21 00:05:39 -------- d-----w- C:\Users\Alyssa\AppData\Local\{4FC9C2C2-AD41-48BD-975F-C14B2731E21B}
2012-01-21 00:04:31 -------- d-----w- C:\Users\Alyssa\AppData\Local\{9A9D73BD-E555-4F6B-843B-32C5DED39934}
2012-01-20 11:32:16 -------- d-----w- C:\Users\Alyssa\AppData\Local\{AB395A7C-7F94-456D-86F2-780B5245B344}
2012-01-20 11:31:42 -------- d-----w- C:\Users\Alyssa\AppData\Local\{EFCF8D3D-F78D-4FBD-9FAD-5B436FEA50A7}
2012-01-20 11:31:12 -------- d-----w- C:\Users\Alyssa\AppData\Local\{4E945F3F-4508-49BE-8634-61A4A08F75A2}
2012-01-20 11:30:52 -------- d-----w- C:\Users\Alyssa\AppData\Local\{F4E3213D-F004-47DE-897A-F2C07594EAB0}
2012-01-20 10:31:45 -------- d-----w- C:\Users\Alyssa\AppData\Local\{A543CF97-DFFB-4267-8F5F-0D8FA2F6D2BD}
2012-01-20 10:30:59 -------- d-----w- C:\Users\Alyssa\AppData\Local\{D50E82AA-02D6-407B-BEDC-7A7078E1B53A}
2012-01-20 10:27:47 -------- d-----w- C:\Users\Alyssa\AppData\Local\{A64135F9-D842-4C6D-BE72-F5418E02575A}
2012-01-20 10:23:46 -------- d-----w- C:\Users\Alyssa\AppData\Local\{143EE26F-8338-495C-8079-585B0BBDC1BC}
2012-01-19 09:59:00 -------- d-----w- C:\Users\Alyssa\AppData\Local\{A72B9CDA-5B55-475A-A879-C985378CB1C5}
2012-01-18 22:32:18 -------- d-----w- C:\Users\Alyssa\AppData\Local\{1CFC248B-4A2A-44A9-B591-59B1B2271A59}
2012-01-18 10:17:27 -------- d-----w- C:\Users\Alyssa\AppData\Local\{3836D2F2-42FD-4CBF-9932-4F3ED7C26B67}
2012-01-18 10:14:16 -------- d-----w- C:\Users\Alyssa\AppData\Local\{69CD6095-001A-431B-93F9-182569766131}
2012-01-15 17:19:18 -------- d-----w- C:\Users\Alyssa\AppData\Local\{AFECE2DE-E665-460D-85D6-498C0D2C1AB5}
2012-01-15 17:15:58 -------- d-----w- C:\Users\Alyssa\AppData\Local\{773C981B-4781-4F08-9C55-2F996E523C3A}
2012-01-15 17:10:27 -------- d-----w- C:\Users\Alyssa\AppData\Local\{83D9AE40-4382-4D02-9063-2C6B70520246}
2012-01-14 22:17:48 -------- d-----w- C:\Users\Alyssa\AppData\Local\{3A07CBC0-AD9C-4F95-8435-4474E87E90EC}
2012-01-14 01:14:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-14 01:14:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-13 10:44:52 -------- d-----w- C:\Users\Alyssa\AppData\Local\{0A13951D-1208-4F3B-A6DC-2C933378B93A}
2012-01-13 10:44:16 -------- d-----w- C:\Users\Alyssa\AppData\Local\{23517236-B95B-44C4-987F-AA643E550D9D}
2012-01-13 10:08:23 -------- d-----w- C:\Users\Alyssa\AppData\Local\{E6EE4A7D-27FC-4037-95F0-96851355BA02}
2012-01-13 10:03:39 -------- d-----w- C:\Users\Alyssa\AppData\Local\{7336A9D6-6819-4C8B-AB58-711C1ADB1B7B}
.
==================== Find3M ====================
.
2012-02-05 15:18:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-05 15:18:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-12-23 19:57:48 1937408 ----a-w- C:\Program Files (x86)\ThumbsUp.dll
2010-12-23 19:57:04 12120064 ----a-w- C:\Program Files (x86)\SketchUp.exe
2010-12-23 19:55:30 2236416 ----a-w- C:\Program Files (x86)\SkpWriter.dll
.
============= FINISH: 22:37:18.14 ===============

Attached File(s)

Attach.txt (122.39K)
Number of downloads: 1

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 12 February 2012 - 03:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 12 February 2012 - 11:22 PM

Hello Gringo! Thanks for the help so far. I thought I had all the antivirus and antimalware disabled before running Combofix, but it looks like Microsoft Security Essentials was still enabled. Otherwise, Combofix seemed to run OK, and reboots have been much smoother.

Here's the Combofix log:

ComboFix 12-02-12.01 - Alyssa 02/12/2012 22:47:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2528 [GMT -5:00]
Running from: c:\users\Alyssa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alyssa\AppData\Local\frri.exe
c:\users\Alyssa\AppData\Local\gdit.exe
c:\users\Alyssa\AppData\Local\nkdk.exe
c:\users\Alyssa\AppData\Local\vprt.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 03:55 . 2012-02-13 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 03:58 . 2012-02-12 03:58 48464 ----a-w- c:\windows\system32\drivers\ghjfpiys.sys
2012-02-12 03:48 . 2012-02-12 03:48 48464 ----a-w- c:\windows\system32\drivers\rxbbkgtx.sys
2012-02-12 03:26 . 2012-02-12 03:26 48464 ----a-w- c:\windows\system32\drivers\ldizpaji.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\ulzbjvxi.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\qjjedrmh.sys
2012-02-12 03:14 . 2012-02-12 03:14 48464 ----a-w- c:\windows\system32\drivers\tqhyqqji.sys
2012-02-12 03:05 . 2012-02-12 03:05 48464 ----a-w- c:\windows\system32\drivers\oblnhmqr.sys
2012-02-05 15:10 . 2012-02-06 06:17 -------- d-----w- c:\windows\system32\SPReview
2012-02-05 15:09 . 2012-02-05 15:09 -------- d-----w- c:\windows\system32\EventProviders
2012-02-05 15:06 . 2012-02-13 03:26 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 02:19 . 2012-02-04 02:19 48464 ----a-w- c:\windows\system32\drivers\whzucpnq.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 15:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-05 15:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-31 12:44 . 2011-01-01 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-09-05 02:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 09:28 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-10 20:10 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-10 20:10 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-10 20:10 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-10 20:10 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2010-12-23 19:57 . 2010-12-23 19:57 1937408 ----a-w- c:\program files (x86)\ThumbsUp.dll
2010-12-23 19:57 . 2010-12-23 19:57 12120064 ----a-w- c:\program files (x86)\SketchUp.exe
2010-12-23 19:55 . 2010-12-23 19:55 2236416 ----a-w- c:\program files (x86)\SkpWriter.dll
2010-12-23 19:51 . 2010-12-23 19:51 2359296 ----a-w- c:\program files (x86)\xerces-c_2_6.dll
2010-12-23 19:51 . 2010-12-23 19:51 892998 ----a-w- c:\program files (x86)\msvcrt-ruby18.dll
2010-12-23 19:51 . 2010-12-23 19:51 339968 ----a-w- c:\program files (x86)\mpiwin32.dll
2010-12-23 19:51 . 2010-12-23 19:51 2752512 ----a-w- c:\program files (x86)\gdal16.dll
2010-12-23 19:51 . 2010-12-23 19:51 986112 ----a-w- c:\program files (x86)\dbghelp.dll
2010-12-23 19:51 . 2010-12-23 19:51 31384 ----a-w- c:\program files (x86)\SpatialIndex_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 94872 ----a-w- c:\program files (x86)\DD_Br_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 8172184 ----a-w- c:\program files (x86)\DD_Db_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 709272 ----a-w- c:\program files (x86)\DD_AcisBuilder_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 701080 ----a-w- c:\program files (x86)\DD_Gi_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 61440 ----a-w- c:\program files (x86)\BugSplatRc.dll
2010-12-23 19:51 . 2010-12-23 19:51 565912 ----a-w- c:\program files (x86)\DD_Root_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 307864 ----a-w- c:\program files (x86)\DD_BrepRenderer_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 283288 ----a-w- c:\program files (x86)\DD_DbRoot_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 264328 ----a-w- c:\program files (x86)\BsSndRpt.exe
2010-12-23 19:51 . 2010-12-23 19:51 227408 ----a-w- c:\program files (x86)\BugSplat.dll
2010-12-23 19:51 . 2010-12-23 19:51 14488 ----a-w- c:\program files (x86)\DD_Alloc_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 119448 ----a-w- c:\program files (x86)\ModelerGeometry_3.02_8.drx
2010-12-23 19:51 . 2010-12-23 19:51 1057432 ----a-w- c:\program files (x86)\DD_Ge_3.02_8.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-05-15 53248]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-07 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-05-13 326560]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-08-18 273528]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"D-Link RangeBooster G WUA-2340"="c:\program files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2011-2-7 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 riikpxoz;riikpxoz;c:\windows\system32\drivers\riikpxoz.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\ws2help32.exe [x]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [2008-05-19 954368]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"combofix"="c:\combofix\CF9085.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsdfwd
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: mswsock.dll
FF - ProfilePath - c:\users\Alyssa\AppData\Roaming\Mozilla\Firefox\Profiles\fy3suc50.default\
FF - prefs.js: browser.startup.homepage - aol.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-12 23:01:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 04:01
.
Pre-Run: 549,282,869,248 bytes free
Post-Run: 548,583,510,016 bytes free
.
- - End Of File - - 992A831B5F244F9D393EDAFE7FC088D2

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 12 February 2012 - 11:44 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\drivers\ghjfpiys.sys
c:\windows\system32\drivers\rxbbkgtx.sys
c:\windows\system32\drivers\ldizpaji.sys
c:\windows\system32\drivers\ulzbjvxi.sys
c:\windows\system32\drivers\qjjedrmh.sys
c:\windows\system32\drivers\tqhyqqji.sys
c:\windows\system32\drivers\oblnhmqr.sys
c:\windows\system32\drivers\whzucpnq.sys

Driver::
riikpxoz

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#5 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 13 February 2012 - 10:39 PM

Hi Gringo. Thanks for the continued help. I ran Combofix with CFScript. The log is below. However, I RAN INTO A PROBLEM -- after saving the log file to my desktop, I tried to start VZAccess Manager to log onto my broadband but got the "Illegal operation attempted on a registry key..." error so I restarted the computer. Startup Repair came up but it couldn't repair. I tried restarting several times but kept getting the same results. I had to finally restore to yesterday to get fully booted up. Also, while in Firefox and logging into Bleepingcomputer, another tab opened up.

Anyway, here's the log from Combofix with CFScript:

ComboFix 12-02-12.01 - Alyssa 02/13/2012 21:23:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2576 [GMT -5:00]
Running from: c:\users\Alyssa\Desktop\ComboFix.exe
Command switches used :: c:\users\Alyssa\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ghjfpiys.sys"
"c:\windows\system32\drivers\ldizpaji.sys"
"c:\windows\system32\drivers\oblnhmqr.sys"
"c:\windows\system32\drivers\qjjedrmh.sys"
"c:\windows\system32\drivers\rxbbkgtx.sys"
"c:\windows\system32\drivers\tqhyqqji.sys"
"c:\windows\system32\drivers\ulzbjvxi.sys"
"c:\windows\system32\drivers\whzucpnq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_riikpxoz
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 02:30 . 2012-02-14 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 04:15 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{729F8C7D-3BFE-4AAB-ACDC-63C1BCE0EF3B}\mpengine.dll
2012-02-12 03:58 . 2012-02-12 03:58 48464 ----a-w- c:\windows\system32\drivers\ghjfpiys.sys
2012-02-12 03:48 . 2012-02-12 03:48 48464 ----a-w- c:\windows\system32\drivers\rxbbkgtx.sys
2012-02-12 03:26 . 2012-02-12 03:26 48464 ----a-w- c:\windows\system32\drivers\ldizpaji.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\ulzbjvxi.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\qjjedrmh.sys
2012-02-12 03:14 . 2012-02-12 03:14 48464 ----a-w- c:\windows\system32\drivers\tqhyqqji.sys
2012-02-12 03:05 . 2012-02-12 03:05 48464 ----a-w- c:\windows\system32\drivers\oblnhmqr.sys
2012-02-05 15:10 . 2012-02-06 06:17 -------- d-----w- c:\windows\system32\SPReview
2012-02-05 15:09 . 2012-02-05 15:09 -------- d-----w- c:\windows\system32\EventProviders
2012-02-05 15:06 . 2012-02-14 02:09 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 02:19 . 2012-02-04 02:19 48464 ----a-w- c:\windows\system32\drivers\whzucpnq.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 15:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-05 15:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-29 10:10 . 2011-01-01 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-09-05 02:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 09:28 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-10 20:10 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-10 20:10 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-10 20:10 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-10 20:10 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2010-12-23 19:57 . 2010-12-23 19:57 1937408 ----a-w- c:\program files (x86)\ThumbsUp.dll
2010-12-23 19:57 . 2010-12-23 19:57 12120064 ----a-w- c:\program files (x86)\SketchUp.exe
2010-12-23 19:55 . 2010-12-23 19:55 2236416 ----a-w- c:\program files (x86)\SkpWriter.dll
2010-12-23 19:51 . 2010-12-23 19:51 2359296 ----a-w- c:\program files (x86)\xerces-c_2_6.dll
2010-12-23 19:51 . 2010-12-23 19:51 892998 ----a-w- c:\program files (x86)\msvcrt-ruby18.dll
2010-12-23 19:51 . 2010-12-23 19:51 339968 ----a-w- c:\program files (x86)\mpiwin32.dll
2010-12-23 19:51 . 2010-12-23 19:51 2752512 ----a-w- c:\program files (x86)\gdal16.dll
2010-12-23 19:51 . 2010-12-23 19:51 986112 ----a-w- c:\program files (x86)\dbghelp.dll
2010-12-23 19:51 . 2010-12-23 19:51 31384 ----a-w- c:\program files (x86)\SpatialIndex_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 94872 ----a-w- c:\program files (x86)\DD_Br_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 8172184 ----a-w- c:\program files (x86)\DD_Db_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 709272 ----a-w- c:\program files (x86)\DD_AcisBuilder_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 701080 ----a-w- c:\program files (x86)\DD_Gi_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 61440 ----a-w- c:\program files (x86)\BugSplatRc.dll
2010-12-23 19:51 . 2010-12-23 19:51 565912 ----a-w- c:\program files (x86)\DD_Root_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 307864 ----a-w- c:\program files (x86)\DD_BrepRenderer_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 283288 ----a-w- c:\program files (x86)\DD_DbRoot_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 264328 ----a-w- c:\program files (x86)\BsSndRpt.exe
2010-12-23 19:51 . 2010-12-23 19:51 227408 ----a-w- c:\program files (x86)\BugSplat.dll
2010-12-23 19:51 . 2010-12-23 19:51 14488 ----a-w- c:\program files (x86)\DD_Alloc_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 119448 ----a-w- c:\program files (x86)\ModelerGeometry_3.02_8.drx
2010-12-23 19:51 . 2010-12-23 19:51 1057432 ----a-w- c:\program files (x86)\DD_Ge_3.02_8.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-13_03.56.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-21 23:48 . 2012-02-13 04:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-21 23:48 . 2012-01-18 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-13 04:32 . 2012-02-13 04:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021220120213\index.dat
+ 2011-12-22 00:07 . 2012-02-13 04:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-22 00:07 . 2012-01-18 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-06-10 17:17 . 2012-02-14 02:11 48426 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-14 02:11 45524 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-27 23:04 . 2012-02-14 02:11 19896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3142322181-2191948835-3067763791-1000_UserData.bin
- 2010-12-27 23:00 . 2012-02-13 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 23:00 . 2012-02-14 02:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:00 . 2012-02-13 03:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-27 23:00 . 2012-02-14 02:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-13 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-14 02:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-14 02:12 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-02-13 03:28 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-27 23:06 . 2012-02-14 02:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:06 . 2012-02-13 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 23:06 . 2012-02-14 02:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-27 23:06 . 2012-02-13 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 03:32 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-02-13 03:32 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-02-14 02:15 . 2012-02-14 02:15 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\c066431266a5b4c8326779d12542161c\PresentationCFFRasterizer.ni.dll
+ 2012-02-14 02:12 . 2012-02-14 02:12 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e6aabbfb38a14559712fdf51064ff3a1\Microsoft.VisualC.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\866c57c6e58cbe8249b36f21ec8ac18a\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\584f193ae53236bf55cd78b246214d83\LoadMxf.ni.exe
+ 2012-02-14 02:29 . 2012-02-14 02:29 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\fae9950502b5464108feda9d64ebea78\ehiTVMSMusic.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe
+ 2012-02-14 02:14 . 2012-02-14 02:14 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\d301e1d96d4f39f15482db09206f1fb1\Accessibility.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7681b87de3ecee06390331f0fab14c93\PresentationCFFRasterizer.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\3cb6023aa6ab962babcee9c0ec8991de\Microsoft.VisualC.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
+ 2012-02-14 02:32 . 2012-02-14 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 03:56 . 2012-02-13 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-14 02:32 . 2012-02-14 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-13 03:56 . 2012-02-13 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-02-13 04:32 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-02-13 03:44 628304 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-14 02:15 628304 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-13 03:44 108482 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-14 02:15 108482 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-14 02:31 345796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-13 03:55 345796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-13 03:32 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-02-13 03:31 . 2011-07-08 22:31 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2011-07-03 01:54 . 2010-11-05 01:56 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2012-02-13 03:32 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-02-13 03:31 . 2011-07-08 22:33 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-07-03 01:54 . 2010-11-05 01:58 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-07-03 01:54 . 2010-11-05 01:57 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-02-13 04:11 . 2011-03-29 22:33 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-02-13 03:31 . 2011-07-08 22:33 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-02-14 02:14 . 2012-02-14 02:14 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\344ac206baaadddc6f7c5fb8ae189b1a\UIAutomationTypes.ni.dll
+ 2012-02-14 02:14 . 2012-02-14 02:14 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\7a61dc7e8c606d1ed2c703cbeae2f8ef\UIAutomationProvider.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\d78f9ad8894e441f38d96697bee1d6fa\System.Web.RegularExpressions.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\f15a8af412d84b1fd14fc735fb5834f5\System.Transactions.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\8428a82fd82a1ef1d3dab07be67dd78f\System.ServiceProcess.ni.dll
+ 2012-02-14 02:13 . 2012-02-14 02:13 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\a3202e5eeb5c84ca6d5453b50c28e1af\System.Security.ni.dll
+ 2012-02-14 02:15 . 2012-02-14 02:15 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b3b42692707c0f555807def0c4acefe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\7b701647e76dc015ef7574b789abac7b\System.Messaging.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ab72e394c92f57172be9a9d29be90e90\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4b0fd98f11e1e243efcfb810c170decf\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\4026f724cc80f1beb4450d3286d93c0d\System.Drawing.Design.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ea326d1e49d4824358eb5826fe52921a\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\7d99138fb23b6c17aa205d49c6bfce9e\System.Configuration.Install.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\d912b15f4aaac2455b690f6e477a67b1\SMDiagnostics.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a4757ccc20fa4dac96856aaaea05ffaa\PresentationFramework.Royale.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9ab2ddfc6ccc7d84144aa45fc86969a1\PresentationFramework.Luna.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\631667d5c4e1f0beee46c82e316ed0cb\PresentationFramework.Aero.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2de40f08930236c079d2653ade704bfc\PresentationFramework.Classic.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\091f53e39941f5371814cc96d71729a3\MMCFxCommon.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c9b6a9b9a26ac6d9d3575cda488172ce\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c0673b635e9f01e3084c383e1cc689e5\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a4bde939b3d8da9baf5939b9e62d9ef7\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-02-14 02:31 . 2012-02-14 02:31 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\53074205d60375dc33155586a27d07eb\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\377d824dde728ce28d61ef522c3be808\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e1b7ce3acfe6f344c39e96d33637c4af\Microsoft.ManagementConsole.ni.dll
+ 2012-02-14 02:31 . 2012-02-14 02:31 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\a1a7ca0c475f607d60d4c8c17b5049af\Microsoft.Build.Utilities.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\8eda32beeba1d8dff2848edce97f15b3\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\0c7a36fa5c4a99e157201a67c10ba344\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\a37f126e2b6bbb6f476c0d14399949b0\Mcx2Dvcs.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\99229f50cf34d755c07c74f5d7e88803\mcupdate.ni.exe
+ 2012-02-14 02:29 . 2012-02-14 02:29 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\22e35c0c53328cbd317a395f81ce7122\mcstoredb.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4dce2da44e40d021caecb8243667718e\mcplayerinterop.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\9376158dbb6294a55db5b75cf78a06a4\mcGlidHostObj.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\b8735694a594d872e3b89050c3883f5c\MCESidebarCtrl.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\e96db8294b247cffcbd2df3cde0ece40\EventViewer.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d8fcbbc454183dbd4883686dce6fb198\ehRecObj.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\88c5012f9a84d220dc4d413c7935dd07\ehExtHost.ni.exe
+ 2012-02-14 02:28 . 2012-02-14 02:28 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\574c597861e298e143212535dc1e19ec\ehCIR.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll
+ 2012-02-14 02:27 . 2012-02-14 02:27 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\6ccad398816b1569afb2a7fcbd49bf42\ComSvcConfig.ni.exe
+ 2012-02-14 02:27 . 2012-02-14 02:27 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\e938d38129512db210e2bc77214849d5\BDATunePIA.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\54aff110093134e12558e26c7a038eb7\System.Web.RegularExpressions.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8aa064c925a6b6bc885c3bd5bb1f4149\System.Drawing.Design.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a5df8714e91f2e7d0f76081b6581d071\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\66a5094e521e34aecd51e4bae30ac266\System.Configuration.Install.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\aae0c17e133300ab45fb897647cdd8d7\PresentationFramework.Luna.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad023d8c5d5925e50b96c0d63da0235\PresentationFramework.Royale.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
+ 2009-07-14 04:54 . 2012-02-13 04:32 2703360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 2703360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 5226496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 04:32 5226496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-02-14 02:10 2222768 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-05 15:26 2222768 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-13 03:27 7115566 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-14 02:12 7115566 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-01-06 03:02 . 2012-02-14 02:31 3466924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-8192.dat
- 2011-01-06 03:02 . 2012-02-12 04:06 3466924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-8192.dat
+ 2012-02-13 04:11 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-02-13 03:32 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-02-13 04:11 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-02-13 03:31 . 2011-07-08 22:31 9990992 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2012-02-13 03:31 . 2011-07-08 22:31 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-02-13 04:11 . 2011-03-29 22:32 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-02-13 03:31 . 2011-07-08 22:31 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-02-13 04:11 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-02-13 03:32 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-02-13 04:11 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-13 03:31 . 2011-07-08 22:33 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-02-13 03:31 . 2011-07-08 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-02-14 02:13 . 2012-02-14 02:13 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\bb70e6c85f728c359f1853e2d994dbae\WindowsBase.ni.dll
+ 2012-02-14 02:13 . 2012-02-14 02:13 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\372dfe1a5b9ed9217b0f491ba07745d2\System.Xml.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\1377c29b871c7eb768769b5f4bdbb15d\System.Runtime.Serialization.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\ea01287229d87b63089ee4fa545d70a3\System.Printing.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4b0fd98f11e1e243efcfb810c170decf\System.EnterpriseServices.ni.dll
+ 2012-02-14 02:14 . 2012-02-14 02:14 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\7913f5c6b6fc7a75b2b8f558bb7b5568\System.Drawing.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3623e2ad193bcccf00ac1107d4f62236\System.DirectoryServices.ni.dll
+ 2012-02-14 02:14 . 2012-02-14 02:14 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\9c394336e3ce35330907d1c51c47951c\System.Deployment.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\4cfb4616eb3af7f91c1ea7113465860b\System.Data.ni.dll
+ 2012-02-14 02:13 . 2012-02-14 02:13 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\32cf78868a7f90ad05525253a2540e1f\System.Data.SqlXml.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\03c0fa3f53e9ddf45a7dce06ae740de8\System.Data.OracleClient.ni.dll
+ 2012-02-14 02:12 . 2012-02-14 02:12 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\fe860189c078d45125ca6366495fd414\System.Configuration.ni.dll
+ 2012-02-14 02:15 . 2012-02-14 02:15 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c9ead0d73ee0c798c1509479797611d8\ReachFramework.ni.dll
+ 2012-02-14 02:15 . 2012-02-14 02:15 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fd07cec48ab260c1a27c19b37466369f\PresentationUI.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\014c1c5365a633b4202b23ed09f7599c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ae64957bd11cb42df95fb949e690980c\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\70a990f97a3295782d195bcb052eb69f\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-02-14 02:31 . 2012-02-14 02:31 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-14 02:31 . 2012-02-14 02:31 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\ea8f48f12613578b64bd9077bdae4c31\Microsoft.Ink.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\f298e576c8e06073fe2310ccf0756396\Microsoft.Build.Tasks.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\9f6d2a67a43f90c37d475d9eb433e98b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\c8205ffff2cc4dea7093b8c59c3b5a3a\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a288688a887e392b713bb459110507c1\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\9fb794b6ac9dc760681ba3b485996b97\mcstore.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\2980298bb4b3f3c844523562d74b0854\mcepg.ni.dll
+ 2012-02-14 02:29 . 2012-02-14 02:29 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
+ 2012-02-14 02:20 . 2012-02-14 02:20 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\a18184c1609b655455395c522bd9054f\System.Printing.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f78fa584bb78607b65e8872d925a96af\System.DirectoryServices.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7bfd55df5c38d128885251b92e392943\System.Data.SqlXml.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1171b168dc6db0132146d8e26ae00d22\System.Data.OracleClient.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb6d83d30262cb6d1b6f2a47dcf8a37d\ReachFramework.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\79f71b891de1584cdcce378e22f047ee\PresentationUI.ni.dll
+ 2012-02-13 04:11 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-13 04:11 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-13 03:32 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-07-03 01:55 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-13 03:32 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-13 03:31 . 2011-07-08 22:31 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-13 03:32 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-13 03:31 . 2011-07-08 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-14 02:12 . 2012-02-14 02:12 10618880 c:\windows\assembly\NativeImages_v2.0.50727_64\System\8c862eb9bcba031e1479974a7d62aa0b\System.ni.dll
+ 2012-02-14 02:14 . 2012-02-14 02:14 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc4df91390f1b827ecb62a2edd0d1894\System.Windows.Forms.ni.dll
+ 2012-02-14 02:16 . 2012-02-14 02:16 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-02-14 02:28 . 2012-02-14 02:28 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-02-14 02:17 . 2012-02-14 02:17 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-02-14 02:15 . 2012-02-14 02:15 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\92eba0d443a423072e9c4b7ca1eec4cd\PresentationFramework.ni.dll
+ 2012-02-14 02:14 . 2012-02-14 02:14 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\11214511a256f136b8425bdd316b47c9\PresentationCore.ni.dll
+ 2012-02-14 02:12 . 2012-02-14 02:12 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\1d2d3e57724bcacaea5e41063dc565c1\mscorlib.ni.dll
+ 2012-02-14 02:30 . 2012-02-14 02:30 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
+ 2012-02-14 02:19 . 2012-02-14 02:19 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
+ 2012-02-14 02:18 . 2012-02-14 02:18 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-05-15 53248]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-07 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-05-13 326560]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-08-18 273528]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"D-Link RangeBooster G WUA-2340"="c:\program files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2011-2-7 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\ws2help32.exe [x]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [2008-05-19 954368]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"combofix"="c:\combofix\CF14980.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsdfwd
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: mswsock.dll
FF - ProfilePath - c:\users\Alyssa\AppData\Roaming\Mozilla\Firefox\Profiles\fy3suc50.default\
FF - prefs.js: browser.startup.homepage - aol.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-13 21:37:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 02:37
ComboFix2.txt 2012-02-13 04:01
.
Pre-Run: 548,001,832,960 bytes free
Post-Run: 547,354,931,200 bytes free
.
- - End Of File - - 5E5DEB5E67E2AED32BC10EA5EC1A776C

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 13 February 2012 - 11:18 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

RootKit::
c:\windows\system32\drivers\ghjfpiys.sys
c:\windows\system32\drivers\rxbbkgtx.sys
c:\windows\system32\drivers\ldizpaji.sys
c:\windows\system32\drivers\ulzbjvxi.sys
c:\windows\system32\drivers\qjjedrmh.sys
c:\windows\system32\drivers\tqhyqqji.sys
c:\windows\system32\drivers\oblnhmqr.sys
c:\windows\system32\drivers\whzucpnq.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

<-- Don't worry every little bit helps.

#7 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 14 February 2012 - 09:46 PM

Hi Gringo. I ran your last CFScript. The log is below. However, I had the same problem again -- I went to copy the new Combofix log to a USB drive and got the "Illegal operation attempted..." error. I rebooted and Startup Repair came up. I had to restore to yesterday.

Here's the latest Combofix log:

ComboFix 12-02-12.01 - Alyssa 02/14/2012 20:42:55.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2858 [GMT -5:00]
Running from: c:\users\Alyssa\Desktop\ComboFix.exe
Command switches used :: c:\users\Alyssa\Desktop\CFScript_2.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 01:55 . 2012-02-15 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 04:32 . 2012-02-13 04:32 48464 ----a-w- c:\windows\system32\drivers\rvxhbdfv.sys
2012-02-13 04:15 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{729F8C7D-3BFE-4AAB-ACDC-63C1BCE0EF3B}\mpengine.dll
2012-02-12 03:58 . 2012-02-12 03:58 48464 ----a-w- c:\windows\system32\drivers\ghjfpiys.sys
2012-02-12 03:48 . 2012-02-12 03:48 48464 ----a-w- c:\windows\system32\drivers\rxbbkgtx.sys
2012-02-12 03:26 . 2012-02-12 03:26 48464 ----a-w- c:\windows\system32\drivers\ldizpaji.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\ulzbjvxi.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\qjjedrmh.sys
2012-02-12 03:14 . 2012-02-12 03:14 48464 ----a-w- c:\windows\system32\drivers\tqhyqqji.sys
2012-02-12 03:05 . 2012-02-12 03:05 48464 ----a-w- c:\windows\system32\drivers\oblnhmqr.sys
2012-02-05 15:10 . 2012-02-06 06:17 -------- d-----w- c:\windows\system32\SPReview
2012-02-05 15:09 . 2012-02-05 15:09 -------- d-----w- c:\windows\system32\EventProviders
2012-02-05 15:06 . 2012-02-15 01:39 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 02:19 . 2012-02-04 02:19 48464 ----a-w- c:\windows\system32\drivers\whzucpnq.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 15:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-05 15:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-29 10:10 . 2011-01-01 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-09-05 02:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 09:28 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-10 20:10 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-10 20:10 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-10 20:10 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-10 20:10 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2010-12-23 19:57 . 2010-12-23 19:57 1937408 ----a-w- c:\program files (x86)\ThumbsUp.dll
2010-12-23 19:57 . 2010-12-23 19:57 12120064 ----a-w- c:\program files (x86)\SketchUp.exe
2010-12-23 19:55 . 2010-12-23 19:55 2236416 ----a-w- c:\program files (x86)\SkpWriter.dll
2010-12-23 19:51 . 2010-12-23 19:51 2359296 ----a-w- c:\program files (x86)\xerces-c_2_6.dll
2010-12-23 19:51 . 2010-12-23 19:51 892998 ----a-w- c:\program files (x86)\msvcrt-ruby18.dll
2010-12-23 19:51 . 2010-12-23 19:51 339968 ----a-w- c:\program files (x86)\mpiwin32.dll
2010-12-23 19:51 . 2010-12-23 19:51 2752512 ----a-w- c:\program files (x86)\gdal16.dll
2010-12-23 19:51 . 2010-12-23 19:51 986112 ----a-w- c:\program files (x86)\dbghelp.dll
2010-12-23 19:51 . 2010-12-23 19:51 31384 ----a-w- c:\program files (x86)\SpatialIndex_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 94872 ----a-w- c:\program files (x86)\DD_Br_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 8172184 ----a-w- c:\program files (x86)\DD_Db_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 709272 ----a-w- c:\program files (x86)\DD_AcisBuilder_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 701080 ----a-w- c:\program files (x86)\DD_Gi_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 61440 ----a-w- c:\program files (x86)\BugSplatRc.dll
2010-12-23 19:51 . 2010-12-23 19:51 565912 ----a-w- c:\program files (x86)\DD_Root_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 307864 ----a-w- c:\program files (x86)\DD_BrepRenderer_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 283288 ----a-w- c:\program files (x86)\DD_DbRoot_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 264328 ----a-w- c:\program files (x86)\BsSndRpt.exe
2010-12-23 19:51 . 2010-12-23 19:51 227408 ----a-w- c:\program files (x86)\BugSplat.dll
2010-12-23 19:51 . 2010-12-23 19:51 14488 ----a-w- c:\program files (x86)\DD_Alloc_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 119448 ----a-w- c:\program files (x86)\ModelerGeometry_3.02_8.drx
2010-12-23 19:51 . 2010-12-23 19:51 1057432 ----a-w- c:\program files (x86)\DD_Ge_3.02_8.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-13_03.56.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-21 23:48 . 2012-02-13 04:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-21 23:48 . 2012-01-18 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-13 04:32 . 2012-02-13 04:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021220120213\index.dat
+ 2011-12-22 00:07 . 2012-02-13 04:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-22 00:07 . 2012-01-18 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-06-10 17:17 . 2012-02-15 01:40 48482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-15 01:40 45644 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-27 23:04 . 2012-02-15 01:40 19952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3142322181-2191948835-3067763791-1000_UserData.bin
+ 2012-01-20 12:57 . 2012-02-14 02:39 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2012-01-20 12:57 . 2012-02-13 03:18 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-12-27 23:00 . 2012-02-15 01:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:00 . 2012-02-13 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 23:00 . 2012-02-15 01:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-27 23:00 . 2012-02-13 03:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-15 01:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-13 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-15 01:48 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-27 23:06 . 2012-02-15 01:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:06 . 2012-02-13 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:06 . 2012-02-13 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 23:06 . 2012-02-15 01:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-14 02:12 . 2012-02-14 02:12 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e6aabbfb38a14559712fdf51064ff3a1\Microsoft.VisualC.ni.dll
+ 2010-12-30 04:04 . 2012-02-14 02:38 4026 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-15 01:44 . 2012-02-15 01:55 5768 c:\windows\SoftwareDistribution\PostRebootEventCache\{5150FC2D-241C-4771-9655-D24481A9D70E}.bin
+ 2012-02-15 01:56 . 2012-02-15 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 03:56 . 2012-02-13 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 03:56 . 2012-02-13 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-15 01:56 . 2012-02-15 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-15 01:54 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-02-13 03:44 628304 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-15 01:44 628304 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-15 01:44 108482 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-13 03:44 108482 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:38 . 2012-02-14 06:17 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-02-13 06:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:12 . 2012-02-14 02:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-02-13 03:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-02-15 01:55 345796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-13 03:55 345796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 2703360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-15 01:54 2703360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 5226496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-15 01:54 5226496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-02-13 03:27 7115566 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-14 03:21 7115566 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-01-06 03:02 . 2012-02-14 03:48 3466924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-8192.dat
- 2011-01-06 03:02 . 2012-02-12 04:06 3466924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-8192.dat
+ 2009-07-14 02:34 . 2012-02-15 01:55 10420224 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-02-15 01:55 . 2012-02-15 01:55 10420224 c:\windows\ERDNT\subs\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-05-15 53248]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-07 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-05-13 326560]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-08-18 273528]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"D-Link RangeBooster G WUA-2340"="c:\program files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2011-2-7 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 riikpxoz;riikpxoz;c:\windows\system32\drivers\riikpxoz.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\ws2help32.exe [x]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [2008-05-19 954368]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"combofix"="c:\combofix\CF27037.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsdfwd
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: mswsock.dll
FF - ProfilePath - c:\users\Alyssa\AppData\Roaming\Mozilla\Firefox\Profiles\fy3suc50.default\
FF - prefs.js: browser.startup.homepage - aol.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-14 21:01:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 02:01
ComboFix2.txt 2012-02-14 02:37
ComboFix3.txt 2012-02-13 04:01
.
Pre-Run: 546,959,302,656 bytes free
Post-Run: 546,226,823,168 bytes free
.
- - End Of File - - F97D6D3929E5144FC9FC669079FF6294

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 14 February 2012 - 09:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

<-- Don't worry every little bit helps.

#9 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 15 February 2012 - 08:57 PM

Hello Gringo. I ran TDSSKiller and aswMBR. I had no problems running either. TDSSKiller did not require a reboot and did not find anything (report is below). The aswMBR log is also below -- it found infections. Continued thanks!

TDSSKiller Report:

18:05:05.0337 2792 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
18:05:05.0431 2792 ============================================================
18:05:05.0431 2792 Current date / time: 2012/02/15 18:05:05.0431
18:05:05.0431 2792 SystemInfo:
18:05:05.0431 2792
18:05:05.0431 2792 OS Version: 6.1.7601 ServicePack: 1.0
18:05:05.0431 2792 Product type: Workstation
18:05:05.0431 2792 ComputerName: MAINHOME
18:05:05.0431 2792 UserName: Alyssa
18:05:05.0431 2792 Windows directory: C:\Windows
18:05:05.0431 2792 System windows directory: C:\Windows
18:05:05.0431 2792 Running under WOW64
18:05:05.0431 2792 Processor architecture: Intel x64
18:05:05.0431 2792 Number of processors: 2
18:05:05.0431 2792 Page size: 0x1000
18:05:05.0431 2792 Boot type: Normal boot
18:05:05.0431 2792 ============================================================
18:05:07.0022 2792 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:05:07.0069 2792 \Device\Harddisk0\DR0:
18:05:07.0069 2792 MBR used
18:05:07.0069 2792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
18:05:07.0069 2792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x488252B0
18:05:07.0085 2792 Initialize success
18:05:07.0085 2792 ============================================================
18:05:21.0390 1664 ============================================================
18:05:21.0390 1664 Scan started
18:05:21.0390 1664 Mode: Manual;
18:05:21.0390 1664 ============================================================
18:05:22.0388 1664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:05:22.0388 1664 1394ohci - ok
18:05:22.0482 1664 A5AGU (4365ccab66ceb1b831abef450a23176b) C:\Windows\system32\DRIVERS\AGUx64.sys
18:05:22.0513 1664 A5AGU - ok
18:05:22.0544 1664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:05:22.0544 1664 ACPI - ok
18:05:22.0575 1664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:05:22.0575 1664 AcpiPmi - ok
18:05:22.0638 1664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:05:22.0653 1664 adp94xx - ok
18:05:22.0685 1664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:05:22.0700 1664 adpahci - ok
18:05:22.0716 1664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:05:22.0731 1664 adpu320 - ok
18:05:22.0778 1664 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:05:22.0794 1664 AFD - ok
18:05:22.0825 1664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:05:22.0825 1664 agp440 - ok
18:05:22.0856 1664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:05:22.0856 1664 aliide - ok
18:05:22.0887 1664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:05:22.0887 1664 amdide - ok
18:05:22.0903 1664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:05:22.0919 1664 AmdK8 - ok
18:05:22.0934 1664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:05:22.0934 1664 AmdPPM - ok
18:05:22.0965 1664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:05:22.0965 1664 amdsata - ok
18:05:22.0997 1664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:05:22.0997 1664 amdsbs - ok
18:05:23.0028 1664 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:05:23.0028 1664 amdxata - ok
18:05:23.0059 1664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:05:23.0059 1664 AppID - ok
18:05:23.0137 1664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:05:23.0137 1664 arc - ok
18:05:23.0168 1664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:05:23.0168 1664 arcsas - ok
18:05:23.0199 1664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:23.0199 1664 AsyncMac - ok
18:05:23.0231 1664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:05:23.0231 1664 atapi - ok
18:05:23.0277 1664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:05:23.0293 1664 b06bdrv - ok
18:05:23.0324 1664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:05:23.0324 1664 b57nd60a - ok
18:05:23.0355 1664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:05:23.0355 1664 Beep - ok
18:05:23.0418 1664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:05:23.0418 1664 blbdrive - ok
18:05:23.0465 1664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:05:23.0465 1664 bowser - ok
18:05:23.0496 1664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:05:23.0511 1664 BrFiltLo - ok
18:05:23.0527 1664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:05:23.0527 1664 BrFiltUp - ok
18:05:23.0574 1664 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:05:23.0574 1664 BridgeMP - ok
18:05:23.0605 1664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:05:23.0605 1664 Brserid - ok
18:05:23.0636 1664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:05:23.0636 1664 BrSerWdm - ok
18:05:23.0667 1664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:05:23.0667 1664 BrUsbMdm - ok
18:05:23.0699 1664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:05:23.0699 1664 BrUsbSer - ok
18:05:23.0714 1664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:05:23.0730 1664 BTHMODEM - ok
18:05:23.0808 1664 catchme - ok
18:05:23.0839 1664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:05:23.0839 1664 cdfs - ok
18:05:23.0886 1664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:05:23.0886 1664 cdrom - ok
18:05:23.0933 1664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:05:23.0933 1664 circlass - ok
18:05:23.0979 1664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:05:23.0979 1664 CLFS - ok
18:05:24.0042 1664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:24.0042 1664 CmBatt - ok
18:05:24.0073 1664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:05:24.0073 1664 cmdide - ok
18:05:24.0104 1664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:05:24.0120 1664 CNG - ok
18:05:24.0151 1664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:05:24.0151 1664 Compbatt - ok
18:05:24.0182 1664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:05:24.0182 1664 CompositeBus - ok
18:05:24.0213 1664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:05:24.0213 1664 crcdisk - ok
18:05:24.0276 1664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:05:24.0276 1664 DfsC - ok
18:05:24.0307 1664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:05:24.0307 1664 discache - ok
18:05:24.0369 1664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:05:24.0369 1664 Disk - ok
18:05:24.0416 1664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:05:24.0416 1664 drmkaud - ok
18:05:24.0463 1664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:05:24.0479 1664 DXGKrnl - ok
18:05:24.0557 1664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:05:24.0619 1664 ebdrv - ok
18:05:24.0666 1664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:05:24.0681 1664 elxstor - ok
18:05:24.0713 1664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:05:24.0713 1664 ErrDev - ok
18:05:24.0759 1664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:05:24.0759 1664 exfat - ok
18:05:24.0791 1664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:05:24.0791 1664 fastfat - ok
18:05:24.0837 1664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:05:24.0837 1664 fdc - ok
18:05:24.0884 1664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:05:24.0884 1664 FileInfo - ok
18:05:24.0900 1664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:05:24.0900 1664 Filetrace - ok
18:05:24.0962 1664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:05:24.0962 1664 flpydisk - ok
18:05:24.0993 1664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:05:24.0993 1664 FltMgr - ok
18:05:25.0040 1664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:05:25.0040 1664 FsDepends - ok
18:05:25.0118 1664 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
18:05:25.0118 1664 fssfltr - ok
18:05:25.0149 1664 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:05:25.0149 1664 Fs_Rec - ok
18:05:25.0196 1664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:05:25.0196 1664 fvevol - ok
18:05:25.0227 1664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:05:25.0227 1664 gagp30kx - ok
18:05:25.0274 1664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:05:25.0274 1664 GEARAspiWDM - ok
18:05:25.0368 1664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:05:25.0368 1664 hcw85cir - ok
18:05:25.0399 1664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:05:25.0415 1664 HdAudAddService - ok
18:05:25.0461 1664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:05:25.0461 1664 HDAudBus - ok
18:05:25.0493 1664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:05:25.0493 1664 HidBatt - ok
18:05:25.0524 1664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:05:25.0539 1664 HidBth - ok
18:05:25.0555 1664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:05:25.0555 1664 HidIr - ok
18:05:25.0602 1664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:05:25.0602 1664 HidUsb - ok
18:05:25.0649 1664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:05:25.0664 1664 HpSAMD - ok
18:05:25.0695 1664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:05:25.0711 1664 HTTP - ok
18:05:25.0742 1664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:05:25.0742 1664 hwpolicy - ok
18:05:25.0773 1664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:05:25.0789 1664 i8042prt - ok
18:05:25.0820 1664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:05:25.0820 1664 iaStorV - ok
18:05:25.0867 1664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:05:25.0867 1664 iirsp - ok
18:05:25.0961 1664 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
18:05:25.0976 1664 IntcAzAudAddService - ok
18:05:25.0992 1664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:05:25.0992 1664 intelide - ok
18:05:26.0039 1664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:05:26.0039 1664 intelppm - ok
18:05:26.0070 1664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:26.0070 1664 IpFilterDriver - ok
18:05:26.0117 1664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:05:26.0117 1664 IPMIDRV - ok
18:05:26.0132 1664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:05:26.0148 1664 IPNAT - ok
18:05:26.0195 1664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:05:26.0195 1664 IRENUM - ok
18:05:26.0226 1664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:05:26.0226 1664 isapnp - ok
18:05:26.0257 1664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:05:26.0257 1664 iScsiPrt - ok
18:05:26.0319 1664 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
18:05:26.0319 1664 JSWPSLWF - ok
18:05:26.0366 1664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:05:26.0366 1664 kbdclass - ok
18:05:26.0397 1664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:05:26.0397 1664 kbdhid - ok
18:05:26.0444 1664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:05:26.0444 1664 KSecDD - ok
18:05:26.0475 1664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:05:26.0475 1664 KSecPkg - ok
18:05:26.0507 1664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:05:26.0507 1664 ksthunk - ok
18:05:26.0553 1664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:05:26.0553 1664 lltdio - ok
18:05:26.0600 1664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:05:26.0616 1664 LSI_FC - ok
18:05:26.0631 1664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:05:26.0647 1664 LSI_SAS - ok
18:05:26.0663 1664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:05:26.0663 1664 LSI_SAS2 - ok
18:05:26.0694 1664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:05:26.0694 1664 LSI_SCSI - ok
18:05:26.0725 1664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:05:26.0725 1664 luafv - ok
18:05:26.0787 1664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:05:26.0787 1664 megasas - ok
18:05:26.0819 1664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:05:26.0819 1664 MegaSR - ok
18:05:26.0850 1664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:05:26.0850 1664 Modem - ok
18:05:26.0881 1664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:05:26.0897 1664 monitor - ok
18:05:26.0928 1664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:05:26.0928 1664 mouclass - ok
18:05:26.0959 1664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:05:26.0975 1664 mouhid - ok
18:05:26.0990 1664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:05:27.0006 1664 mountmgr - ok
18:05:27.0037 1664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:05:27.0037 1664 mpio - ok
18:05:27.0084 1664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:05:27.0084 1664 mpsdrv - ok
18:05:27.0131 1664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:05:27.0131 1664 MRxDAV - ok
18:05:27.0162 1664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:27.0162 1664 mrxsmb - ok
18:05:27.0193 1664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:27.0193 1664 mrxsmb10 - ok
18:05:27.0224 1664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:27.0224 1664 mrxsmb20 - ok
18:05:27.0255 1664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:05:27.0255 1664 msahci - ok
18:05:27.0302 1664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:05:27.0302 1664 msdsm - ok
18:05:27.0349 1664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:05:27.0349 1664 Msfs - ok
18:05:27.0380 1664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:05:27.0380 1664 mshidkmdf - ok
18:05:27.0396 1664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:05:27.0411 1664 msisadrv - ok
18:05:27.0458 1664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:05:27.0458 1664 MSKSSRV - ok
18:05:27.0505 1664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:27.0505 1664 MSPCLOCK - ok
18:05:27.0521 1664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:05:27.0521 1664 MSPQM - ok
18:05:27.0552 1664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:05:27.0552 1664 MsRPC - ok
18:05:27.0599 1664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:05:27.0599 1664 mssmbios - ok
18:05:27.0614 1664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:05:27.0614 1664 MSTEE - ok
18:05:27.0645 1664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:05:27.0645 1664 MTConfig - ok
18:05:27.0677 1664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:05:27.0677 1664 Mup - ok
18:05:27.0723 1664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:05:27.0723 1664 NativeWifiP - ok
18:05:27.0770 1664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:05:27.0786 1664 NDIS - ok
18:05:27.0817 1664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:27.0817 1664 NdisCap - ok
18:05:27.0848 1664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:27.0864 1664 NdisTapi - ok
18:05:27.0895 1664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:27.0895 1664 Ndisuio - ok
18:05:27.0926 1664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:27.0926 1664 NdisWan - ok
18:05:27.0957 1664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:05:27.0957 1664 NDProxy - ok
18:05:27.0989 1664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:05:27.0989 1664 NetBIOS - ok
18:05:28.0020 1664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:05:28.0035 1664 NetBT - ok
18:05:28.0113 1664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:05:28.0113 1664 nfrd960 - ok
18:05:28.0160 1664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:05:28.0160 1664 Npfs - ok
18:05:28.0176 1664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:05:28.0191 1664 nsiproxy - ok
18:05:28.0581 1664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:05:28.0597 1664 Ntfs - ok
18:05:28.0722 1664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:05:29.0221 1664 Null - ok
18:05:29.0549 1664 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:05:29.0580 1664 NVENETFD - ok
18:05:30.0001 1664 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:30.0095 1664 nvlddmkm - ok
18:05:30.0297 1664 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:05:30.0297 1664 NVNET - ok
18:05:30.0329 1664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:05:30.0329 1664 nvraid - ok
18:05:30.0360 1664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:05:30.0360 1664 nvstor - ok
18:05:30.0407 1664 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:05:30.0407 1664 nvstor64 - ok
18:05:30.0438 1664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:05:30.0453 1664 nv_agp - ok
18:05:30.0516 1664 NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
18:05:30.0516 1664 NWADI - ok
18:05:30.0547 1664 NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
18:05:30.0547 1664 NWUSBCDFIL64 - ok
18:05:30.0609 1664 NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
18:05:30.0609 1664 NWUSBModem_000 - ok
18:05:30.0656 1664 NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
18:05:30.0656 1664 NWUSBPort2_000 - ok
18:05:30.0687 1664 NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser_000.sys
18:05:30.0703 1664 NWUSBPort_000 - ok
18:05:30.0750 1664 NWVNDIS (82edd90ef94c33d3ebcaca7ed1a4240b) C:\Windows\system32\DRIVERS\NWVNdis.sys
18:05:30.0765 1664 NWVNDIS - ok
18:05:30.0812 1664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:05:30.0812 1664 ohci1394 - ok
18:05:30.0843 1664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:05:30.0859 1664 Parport - ok
18:05:30.0875 1664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:05:30.0875 1664 partmgr - ok
18:05:30.0921 1664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:05:30.0921 1664 pci - ok
18:05:30.0953 1664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:05:30.0953 1664 pciide - ok
18:05:30.0984 1664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:05:30.0984 1664 pcmcia - ok
18:05:31.0015 1664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:05:31.0015 1664 pcw - ok
18:05:31.0046 1664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:05:31.0077 1664 PEAUTH - ok
18:05:31.0155 1664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:05:31.0155 1664 PptpMiniport - ok
18:05:31.0187 1664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:05:31.0187 1664 Processor - ok
18:05:31.0233 1664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:05:31.0233 1664 Psched - ok
18:05:31.0421 1664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:05:31.0452 1664 ql2300 - ok
18:05:31.0530 1664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:05:31.0545 1664 ql40xx - ok
18:05:31.0577 1664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:05:31.0577 1664 QWAVEdrv - ok
18:05:31.0608 1664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:05:31.0608 1664 RasAcd - ok
18:05:31.0639 1664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:31.0639 1664 RasAgileVpn - ok
18:05:31.0670 1664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:31.0686 1664 Rasl2tp - ok
18:05:31.0920 1664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:31.0935 1664 RasPppoe - ok
18:05:31.0998 1664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:05:31.0998 1664 RasSstp - ok
18:05:32.0107 1664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:05:32.0123 1664 rdbss - ok
18:05:32.0247 1664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:05:32.0247 1664 rdpbus - ok
18:05:32.0263 1664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:32.0263 1664 RDPCDD - ok
18:05:32.0294 1664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:05:32.0294 1664 RDPENCDD - ok
18:05:32.0325 1664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:05:32.0325 1664 RDPREFMP - ok
18:05:32.0357 1664 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:05:32.0357 1664 RDPWD - ok
18:05:32.0403 1664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:05:32.0419 1664 rdyboost - ok
18:05:32.0481 1664 riikpxoz - ok
18:05:32.0528 1664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:05:32.0528 1664 rspndr - ok
18:05:32.0559 1664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:05:32.0575 1664 sbp2port - ok
18:05:32.0606 1664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:05:32.0606 1664 scfilter - ok
18:05:32.0653 1664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:05:32.0653 1664 secdrv - ok
18:05:32.0684 1664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:05:32.0700 1664 Serenum - ok
18:05:32.0731 1664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:05:32.0731 1664 Serial - ok
18:05:32.0778 1664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:05:32.0778 1664 sermouse - ok
18:05:32.0825 1664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:05:32.0825 1664 sffdisk - ok
18:05:32.0856 1664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:05:32.0856 1664 sffp_mmc - ok
18:05:32.0871 1664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:05:32.0871 1664 sffp_sd - ok
18:05:32.0918 1664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:05:32.0918 1664 sfloppy - ok
18:05:32.0965 1664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:05:32.0965 1664 SiSRaid2 - ok
18:05:32.0996 1664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:05:32.0996 1664 SiSRaid4 - ok
18:05:33.0027 1664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:05:33.0027 1664 Smb - ok
18:05:33.0074 1664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:05:33.0074 1664 spldr - ok
18:05:33.0137 1664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:05:33.0152 1664 srv - ok
18:05:33.0183 1664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:05:33.0183 1664 srv2 - ok
18:05:33.0215 1664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:05:33.0215 1664 srvnet - ok
18:05:33.0261 1664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:05:33.0261 1664 stexstor - ok
18:05:33.0293 1664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:05:33.0293 1664 swenum - ok
18:05:33.0417 1664 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:05:33.0464 1664 Tcpip - ok
18:05:33.0495 1664 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:05:33.0511 1664 TCPIP6 - ok
18:05:33.0558 1664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:05:33.0558 1664 tcpipreg - ok
18:05:33.0589 1664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:05:33.0605 1664 TDPIPE - ok
18:05:33.0636 1664 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:05:33.0636 1664 TDTCP - ok
18:05:33.0667 1664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:05:33.0667 1664 tdx - ok
18:05:33.0698 1664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:05:33.0698 1664 TermDD - ok
18:05:33.0761 1664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:33.0761 1664 tssecsrv - ok
18:05:33.0807 1664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:05:33.0823 1664 TsUsbFlt - ok
18:05:33.0870 1664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:05:33.0870 1664 tunnel - ok
18:05:33.0885 1664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:05:33.0885 1664 uagp35 - ok
18:05:33.0917 1664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:05:33.0932 1664 udfs - ok
18:05:33.0979 1664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:05:33.0979 1664 uliagpkx - ok
18:05:34.0026 1664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:05:34.0026 1664 umbus - ok
18:05:34.0041 1664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:05:34.0041 1664 UmPass - ok
18:05:34.0104 1664 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:05:34.0119 1664 USBAAPL64 - ok
18:05:34.0151 1664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:34.0151 1664 usbccgp - ok
18:05:34.0166 1664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:05:34.0166 1664 usbcir - ok
18:05:34.0197 1664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:05:34.0197 1664 usbehci - ok
18:05:34.0291 1664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:05:34.0307 1664 usbhub - ok
18:05:34.0338 1664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:05:34.0338 1664 usbohci - ok
18:05:34.0385 1664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:05:34.0385 1664 usbprint - ok
18:05:34.0447 1664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:05:34.0463 1664 usbscan - ok
18:05:34.0494 1664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:05:34.0494 1664 USBSTOR - ok
18:05:34.0525 1664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:05:34.0525 1664 usbuhci - ok
18:05:34.0556 1664 USB_RNDIS (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys
18:05:34.0556 1664 USB_RNDIS - ok
18:05:34.0603 1664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:05:34.0603 1664 vdrvroot - ok
18:05:34.0651 1664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:34.0651 1664 vga - ok
18:05:34.0682 1664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:05:34.0682 1664 VgaSave - ok
18:05:34.0698 1664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:05:34.0713 1664 vhdmp - ok
18:05:34.0729 1664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:05:34.0729 1664 viaide - ok
18:05:34.0760 1664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:05:34.0760 1664 volmgr - ok
18:05:34.0807 1664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:05:34.0807 1664 volmgrx - ok
18:05:34.0854 1664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:05:34.0854 1664 volsnap - ok
18:05:34.0900 1664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:05:34.0900 1664 vsmraid - ok
18:05:34.0916 1664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:05:34.0932 1664 vwifibus - ok
18:05:34.0963 1664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:05:34.0963 1664 WacomPen - ok
18:05:35.0010 1664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:35.0010 1664 WANARP - ok
18:05:35.0025 1664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:35.0025 1664 Wanarpv6 - ok
18:05:35.0103 1664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:05:35.0103 1664 Wd - ok
18:05:35.0134 1664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:05:35.0166 1664 Wdf01000 - ok
18:05:35.0212 1664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:35.0228 1664 WfpLwf - ok
18:05:35.0259 1664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:05:35.0259 1664 WIMMount - ok
18:05:35.0353 1664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:05:35.0353 1664 WinUsb - ok
18:05:35.0400 1664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:05:35.0400 1664 WmiAcpi - ok
18:05:35.0462 1664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:05:35.0462 1664 ws2ifsl - ok
18:05:35.0540 1664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:05:35.0556 1664 WudfPf - ok
18:05:35.0602 1664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:35.0602 1664 WUDFRd - ok
18:05:35.0665 1664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:05:35.0712 1664 \Device\Harddisk0\DR0 - ok
18:05:35.0712 1664 Boot (0x1200) (dc78dc10bb40d8b83f1b1ceac6ffa4eb) \Device\Harddisk0\DR0\Partition0
18:05:35.0743 1664 \Device\Harddisk0\DR0\Partition0 - ok
18:05:35.0758 1664 Boot (0x1200) (f32cedfeedae7cd1a83eaef53f45563e) \Device\Harddisk0\DR0\Partition1
18:05:35.0790 1664 \Device\Harddisk0\DR0\Partition1 - ok
18:05:35.0790 1664 ============================================================
18:05:35.0790 1664 Scan finished
18:05:35.0790 1664 ============================================================
18:05:35.0805 2300 Detected object count: 0
18:05:35.0805 2300 Actual detected object count: 0

aswMBR Log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 18:11:12
-----------------------------
18:11:12.851 OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:12.851 Number of processors: 2 586 0x603
18:11:12.851 ComputerName: MAINHOME UserName: Alyssa
18:11:14.567 Initialize success
19:17:40.943 AVAST engine defs: 12021501
19:22:44.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
19:22:44.565 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
19:22:44.565 Disk 0 MBR read successfully
19:22:44.581 Disk 0 MBR scan
19:22:44.581 Disk 0 Windows 7 default MBR code
19:22:44.581 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
19:22:44.597 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
19:22:44.612 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593994 MB offset 33761280
19:22:44.612 Service scanning
19:22:45.751 Modules scanning
19:22:45.751 Disk 0 trace - called modules:
19:22:45.767 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:22:45.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f8060]
19:22:46.281 3 CLASSPNP.SYS[fffff880019b443f] -> nt!IofCallDriver -> [0xfffffa800428a040]
19:22:46.281 5 ACPI.sys[fffff88000ee97a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800428a9c0]
19:22:48.013 AVAST engine scan C:\Windows
19:22:51.507 AVAST engine scan C:\Windows\system32
19:22:59.106 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
19:24:23.821 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
19:24:25.163 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
19:25:16.732 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
19:25:16.763 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
19:25:18.620 AVAST engine scan C:\Windows\system32\drivers
19:25:29.355 AVAST engine scan C:\Users\Alyssa
19:49:22.625 AVAST engine scan C:\ProgramData
19:57:45.513 Scan finished successfully
20:05:38.511 Disk 0 MBR has been saved successfully to "C:\Users\Alyssa\Desktop\MBR.dat"
20:05:38.511 The log file has been saved successfully to "C:\Users\Alyssa\Desktop\aswMBR.txt"

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 15 February 2012 - 09:48 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

Click Scan
On completion of the scan, click the FIX button,
There is a slight pause after clicking the 'Fix' button.
Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
Save the log as before and post in your next reply.

Gringo

<-- Don't worry every little bit helps.

#11 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 16 February 2012 - 10:10 PM

Hello Gringo. I reran aswMBR. It came up with the same results as before. When it finished scanning, I clicked on Fix. It did not do what I expected -- it displayed a few more lines then "Rebooting" then it rebooted automatically. It rebooted cleanly and quickly. I ran the scan again so I could get a log to send. The log is below. I clicked Fix again to see the lines before "Rebooting". They were:

Infection fixed successfully
Moved C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\consrv.dll
Moved C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\Desktop.ini
Moved C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\Desktop.ini
Rebooting...

As you can see from the log (from the second scan today), it found the first 3 infections again.

Anyway, here's the log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 20:00:14
-----------------------------
20:00:14.506 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:14.506 Number of processors: 2 586 0x603
20:00:14.506 ComputerName: MAINHOME UserName: Alyssa
20:00:16.034 Initialize success
20:00:21.246 AVAST engine defs: 12021501
20:00:33.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
20:00:33.180 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
20:00:33.195 Disk 0 MBR read successfully
20:00:33.195 Disk 0 MBR scan
20:00:33.211 Disk 0 Windows 7 default MBR code
20:00:33.211 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
20:00:33.227 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
20:00:33.242 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593994 MB offset 33761280
20:00:33.258 Service scanning
20:00:36.924 Modules scanning
20:00:36.924 Disk 0 trace - called modules:
20:00:36.939 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
20:00:36.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f9410]
20:00:37.470 3 CLASSPNP.SYS[fffff8800198543f] -> nt!IofCallDriver -> [0xfffffa8004195410]
20:00:37.470 5 ACPI.sys[fffff88000fb37a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800427e9c0]
20:00:41.666 AVAST engine scan C:\Windows
20:00:45.597 AVAST engine scan C:\Windows\system32
20:00:53.366 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:02:04.659 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
20:02:06.126 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
20:02:58.838 AVAST engine scan C:\Windows\system32\drivers
20:03:08.463 AVAST engine scan C:\Users\Alyssa
20:17:18.011 File: C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
20:17:18.089 File: C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
20:17:18.136 File: C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:17:18.151 File: C:\Users\Alyssa\AppData\Local\Temp\~Quarantine.aswMBR\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
20:21:57.704 AVAST engine scan C:\ProgramData
20:28:46.394 Scan finished successfully
20:31:27.137 Disk 0 MBR has been saved successfully to "C:\Users\Alyssa\Desktop\MBR.dat"
20:31:27.137 The log file has been saved successfully to "C:\Users\Alyssa\Desktop\aswMBR_2.txt"

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 16 February 2012 - 10:12 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

<-- Don't worry every little bit helps.

#13 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 17 February 2012 - 12:09 AM

Hello Gringo,

I ran Farbar with no problems. Here is the log:

Scan result of Farbar Recovery Scan Tool Version: 15-02-2012
Ran by SYSTEM at 2012-02-16 23:08:40
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-04-03] (CANON INC.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [326560 2011-05-13] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [273528 2011-08-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1667072 2008-09-23] (D-Link)
HKLM-x32\...\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Alyssa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-06-10] (Google Inc.)
HKU\Alyssa\...\Run: [DrvMon.exe] C:\Windows\system32\DrvMon.exe [x]
HKU\Alyssa\...\Policies\system: [disableregistrytools] 0
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS3; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [153792 2007-03-20] (Adobe Systems Incorporated)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2011-02-07] (Macrovision Europe Ltd.)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
2 fsdfwd; C:\Windows\System32\TVALG.dll [6656 2009-07-13] (Oak Technology Inc.)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [238328 2009-10-09] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
3 jswpsapi; C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [954368 2008-05-18] (Atheros Communications, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2010-01-15] (Nero AG)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
2 NetTcpPortSharing32; C:\Windows\system32\ws2help32.exe [x]

========================== Drivers (Whitelisted) =============

3 A5AGU; C:\Windows\System32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [26624 2008-05-14] (Atheros Communications, Inc.)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339744 2009-07-30] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\DRIVERS\nvstor64.sys [241696 2009-08-04] (NVIDIA Corporation)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [256512 2010-07-08] (Novatel Wireless Inc)
3 NWUSBCDFIL64; C:\Windows\System32\DRIVERS\NwUsbCdFil64.sys [25600 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBModem_000; C:\Windows\System32\DRIVERS\nwusbmdm_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBPort2_000; C:\Windows\System32\DRIVERS\nwusbser2_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBPort_000; C:\Windows\System32\DRIVERS\nwusbser_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWVNDIS; C:\Windows\System32\DRIVERS\NWVNdis.sys [471552 2010-07-08] (Novatel Wireless, Inc.)
1 rcggdtnm; \??\C:\Windows\system32\drivers\rcggdtnm.sys [48464 2012-02-16] (Microsoft Corporation)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [19968 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 riikpxoz; \??\C:\Windows\system32\drivers\riikpxoz.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: fsdfwd

============ One Month Created Files and Folders ==============

2012-02-16 20:00 - 2012-02-16 20:00 - 1381729 ____A C:\Users\Alyssa\Downloads\FRST64.exe
2012-02-16 19:56 - 2012-02-16 19:56 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rcggdtnm.sys
2012-02-16 17:31 - 2012-02-16 17:31 - 0002731 ____A C:\Users\Alyssa\Desktop\aswMBR_2.txt
2012-02-15 17:05 - 2012-02-16 17:31 - 0000512 ____A C:\Users\Alyssa\Desktop\MBR.dat
2012-02-15 17:05 - 2012-02-15 17:05 - 0002424 ____A C:\Users\Alyssa\Desktop\aswMBR.txt
2012-02-15 15:09 - 2012-02-15 04:15 - 4733440 ____A (AVAST Software) C:\Users\Alyssa\Desktop\aswMBR.exe
2012-02-15 15:08 - 2012-02-15 15:08 - 0037792 ____A C:\Users\Alyssa\Desktop\TDSSkillerlog.txt
2012-02-15 15:05 - 2012-02-15 15:08 - 0075668 ____A C:\TDSSKiller.2.7.12.0_15.02.2012_18.05.05_log.txt
2012-02-15 15:04 - 2012-02-15 04:13 - 2061360 ____A (Kaspersky Lab ZAO) C:\Users\Alyssa\Desktop\tdsskiller.exe
2012-02-14 18:02 - 2012-02-14 18:02 - 0026268 ____A C:\Users\Alyssa\Desktop\Combofixlog_3.txt
2012-02-14 18:01 - 2012-02-14 18:01 - 0026268 ____A C:\ComboFix.txt
2012-02-14 17:55 - 2012-02-14 17:55 - 0000000 __ASH C:\Windows\System32\config\components.tmp.LOG2
2012-02-14 17:55 - 2012-02-14 17:55 - 0000000 __ASH C:\Windows\System32\config\components.tmp.LOG1
2012-02-14 17:41 - 2012-02-14 21:22 - 0000000 ___SD C:\ComboFix
2012-02-13 18:37 - 2012-02-13 18:37 - 0058556 ____A C:\Users\Alyssa\Desktop\Combofixlog_2.txt
2012-02-12 20:32 - 2012-02-12 20:32 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rvxhbdfv.sys
2012-02-12 20:06 - 2012-02-14 21:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-12 20:02 - 2012-02-12 20:02 - 0019039 ____A C:\Users\Alyssa\Desktop\Combofixlog.txt
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-12 19:45 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-12 19:45 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-12 19:45 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-12 19:45 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-12 19:45 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-12 19:45 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-12 19:45 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-12 19:45 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-12 19:44 - 2012-02-14 21:22 - 0000000 ____D C:\Windows\ERDNT
2012-02-12 19:33 - 2012-02-14 21:22 - 0000000 ____D C:\Qoobox
2012-02-12 19:28 - 2012-02-12 14:39 - 4402282 ____R (Swearware) C:\Users\Alyssa\Desktop\ComboFix.exe
2012-02-11 19:58 - 2012-02-11 19:58 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ghjfpiys.sys
2012-02-11 19:48 - 2012-02-11 19:48 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rxbbkgtx.sys
2012-02-11 19:39 - 2012-02-11 19:39 - 0125326 ____A C:\Users\Alyssa\Desktop\Attach.txt
2012-02-11 19:37 - 2012-02-11 19:37 - 0026931 ____A C:\Users\Alyssa\Desktop\DDS.txt
2012-02-11 19:33 - 2012-02-11 19:33 - 0000474 ____A C:\Users\Alyssa\Desktop\defogger_disable.log
2012-02-11 19:33 - 2012-02-11 19:33 - 0000000 ____A C:\Users\Alyssa\defogger_reenable
2012-02-11 19:26 - 2012-02-11 19:26 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ldizpaji.sys
2012-02-11 19:17 - 2012-02-11 19:17 - 0607260 ____R (Swearware) C:\Users\Alyssa\Desktop\dds.scr
2012-02-11 19:15 - 2012-02-11 19:15 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ulzbjvxi.sys
2012-02-11 19:15 - 2012-02-11 19:15 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qjjedrmh.sys
2012-02-11 19:14 - 2012-02-11 19:14 - 0050477 ____A C:\Users\Alyssa\Desktop\Defogger.exe
2012-02-11 19:14 - 2012-02-11 19:14 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tqhyqqji.sys
2012-02-11 19:05 - 2012-02-11 19:05 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\oblnhmqr.sys
2012-02-11 18:49 - 2012-02-11 19:31 - 0000809 ____A C:\Users\Alyssa\Desktop\Topic.txt
2012-02-05 15:44 - 2012-02-05 15:44 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{62FA8B7B-8A34-48EB-8A36-A993ABB7FCC7}
2012-02-05 07:10 - 2012-02-05 22:17 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-05 07:09 - 2012-02-05 07:09 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-05 07:08 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-02-05 07:08 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-02-05 07:08 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-02-05 07:08 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-02-05 07:08 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-02-05 07:08 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-02-05 07:08 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-02-05 07:08 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-02-05 07:08 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-02-05 07:08 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-02-05 07:08 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-02-05 07:08 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-02-05 07:08 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-02-05 07:08 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-02-05 07:06 - 2012-02-16 18:45 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-03 18:19 - 2012-02-03 18:19 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whzucpnq.sys
2012-02-02 13:24 - 2012-02-02 13:24 - 0345484 ____A C:\Users\Alyssa\Desktop\42.odt
2012-01-29 15:13 - 2012-01-29 15:13 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{8143463B-58A1-4CCF-B9A6-231A341E0D24}
2012-01-29 12:34 - 2012-01-29 12:34 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{612B2FC9-CF25-4479-AB0B-8CDF1FA8FB2B}
2012-01-23 13:05 - 2012-01-23 13:05 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{2612A0D3-B88E-4F36-B366-13BA914A01EB}
2012-01-23 12:49 - 2012-01-23 12:49 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{798B916C-4061-4CCA-8C82-FB5F31DA8071}
2012-01-23 12:42 - 2012-01-23 12:42 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{9B510CED-1AA3-4253-A17B-6684CB407AC8}
2012-01-22 10:02 - 2012-01-22 10:02 - 0000000 ____D C:\Users\Alyssa\Desktop\WMMPM
2012-01-20 16:05 - 2012-01-20 16:05 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{4FC9C2C2-AD41-48BD-975F-C14B2731E21B}
2012-01-20 16:04 - 2012-01-20 16:04 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{9A9D73BD-E555-4F6B-843B-32C5DED39934}
2012-01-20 03:32 - 2012-01-20 03:32 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{AB395A7C-7F94-456D-86F2-780B5245B344}
2012-01-20 03:31 - 2012-01-20 03:31 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{EFCF8D3D-F78D-4FBD-9FAD-5B436FEA50A7}
2012-01-20 03:31 - 2012-01-20 03:31 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{4E945F3F-4508-49BE-8634-61A4A08F75A2}
2012-01-20 03:30 - 2012-01-20 03:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{F4E3213D-F004-47DE-897A-F2C07594EAB0}
2012-01-20 02:31 - 2012-01-20 02:31 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A543CF97-DFFB-4267-8F5F-0D8FA2F6D2BD}
2012-01-20 02:30 - 2012-01-20 02:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{D50E82AA-02D6-407B-BEDC-7A7078E1B53A}
2012-01-20 02:27 - 2012-01-20 02:27 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A64135F9-D842-4C6D-BE72-F5418E02575A}
2012-01-20 02:23 - 2012-01-20 02:23 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{143EE26F-8338-495C-8079-585B0BBDC1BC}
2012-01-19 18:41 - 2012-01-19 18:41 - 0016913 ____A C:\Users\Alyssa\Desktop\Untitled 1.odt
2012-01-19 01:59 - 2012-01-19 01:59 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A72B9CDA-5B55-475A-A879-C985378CB1C5}
2012-01-18 19:02 - 2012-01-18 19:02 - 0000000 ____D C:\Users\Alyssa\Documents\Freemake
2012-01-18 18:59 - 2012-01-03 12:23 - 8830360 ____A C:\Users\Alyssa\Desktop\04 Smooth Criminal.m4a
2012-01-18 18:58 - 2012-01-17 16:39 - 6554029 ____A C:\Users\Alyssa\Desktop\04 River Flows In You.m4a
2012-01-18 14:32 - 2012-01-18 14:32 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1CFC248B-4A2A-44A9-B591-59B1B2271A59}
2012-01-18 02:17 - 2012-01-18 02:17 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{3836D2F2-42FD-4CBF-9932-4F3ED7C26B67}
2012-01-18 02:14 - 2012-01-18 02:14 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{69CD6095-001A-431B-93F9-182569766131}
2012-01-17 17:46 - 2012-01-17 17:52 - 0114939 ____A C:\Users\Alyssa\Desktop\web.jpg

============ 3 Months Modified Files and Folders =============

2012-02-16 23:08 - 2012-02-16 23:08 - 0000000 ____D C:\FRST
2012-02-16 20:03 - 2010-08-04 08:55 - 1553439 ____A C:\Windows\WindowsUpdate.log
2012-02-16 20:01 - 2009-07-13 21:13 - 0732638 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-16 20:00 - 2012-02-16 20:00 - 1381729 ____A C:\Users\Alyssa\Downloads\FRST64.exe
2012-02-16 19:56 - 2012-02-16 19:56 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rcggdtnm.sys
2012-02-16 19:17 - 2010-12-29 18:00 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-16 19:17 - 2010-12-29 18:00 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-16 18:45 - 2012-02-05 07:06 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-16 18:20 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-16 18:20 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-16 18:13 - 2010-08-04 08:52 - 3019399168 __ASH C:\hiberfil.sys
2012-02-16 18:13 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-16 18:13 - 2009-07-13 20:51 - 0115232 ____A C:\Windows\setupact.log
2012-02-16 17:31 - 2012-02-16 17:31 - 0002731 ____A C:\Users\Alyssa\Desktop\aswMBR_2.txt
2012-02-16 17:31 - 2012-02-15 17:05 - 0000512 ____A C:\Users\Alyssa\Desktop\MBR.dat
2012-02-15 19:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-02-15 17:05 - 2012-02-15 17:05 - 0002424 ____A C:\Users\Alyssa\Desktop\aswMBR.txt
2012-02-15 15:08 - 2012-02-15 15:08 - 0037792 ____A C:\Users\Alyssa\Desktop\TDSSkillerlog.txt
2012-02-15 15:08 - 2012-02-15 15:05 - 0075668 ____A C:\TDSSKiller.2.7.12.0_15.02.2012_18.05.05_log.txt
2012-02-15 04:15 - 2012-02-15 15:09 - 4733440 ____A (AVAST Software) C:\Users\Alyssa\Desktop\aswMBR.exe
2012-02-15 04:13 - 2012-02-15 15:04 - 2061360 ____A (Kaspersky Lab ZAO) C:\Users\Alyssa\Desktop\tdsskiller.exe
2012-02-14 21:22 - 2012-02-14 17:41 - 0000000 ___SD C:\ComboFix
2012-02-14 21:22 - 2012-02-12 20:06 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-14 21:22 - 2012-02-12 19:44 - 0000000 ____D C:\Windows\ERDNT
2012-02-14 21:22 - 2012-02-12 19:33 - 0000000 ____D C:\Qoobox
2012-02-14 21:22 - 2011-04-23 05:30 - 0000000 ____D C:\Users\All Users\Real
2012-02-14 21:22 - 2011-04-23 05:30 - 0000000 ____D C:\ProgramData\Real
2012-02-14 21:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-14 19:26 - 2011-03-05 20:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-14 18:27 - 2011-09-04 20:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-14 18:23 - 2010-12-27 15:03 - 0000000 ____D C:\users\Alyssa
2012-02-14 18:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-14 18:02 - 2012-02-14 18:02 - 0026268 ____A C:\Users\Alyssa\Desktop\Combofixlog_3.txt
2012-02-14 18:01 - 2012-02-14 18:01 - 0026268 ____A C:\ComboFix.txt
2012-02-14 17:55 - 2012-02-14 17:55 - 0000000 __ASH C:\Windows\System32\config\components.tmp.LOG2
2012-02-14 17:55 - 2012-02-14 17:55 - 0000000 __ASH C:\Windows\System32\config\components.tmp.LOG1
2012-02-14 17:55 - 2009-07-13 18:34 - 64253952 ____A C:\Windows\System32\config\software.bak
2012-02-14 17:55 - 2009-07-13 18:34 - 36962304 ____A C:\Windows\System32\config\components.bak
2012-02-14 17:55 - 2009-07-13 18:34 - 17301504 ____A C:\Windows\System32\config\system.bak
2012-02-14 17:55 - 2009-07-13 18:34 - 0233472 ____A C:\Windows\System32\config\default.bak
2012-02-14 17:55 - 2009-07-13 18:34 - 0131072 ____A C:\Windows\System32\config\sam.bak
2012-02-14 17:55 - 2009-07-13 18:34 - 0028672 ____A C:\Windows\System32\config\security.bak
2012-02-13 22:17 - 2011-02-13 09:31 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-02-13 22:17 - 2011-02-13 09:31 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-02-13 22:17 - 2011-02-07 16:54 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-02-13 22:17 - 2011-02-07 16:54 - 0000000 ____D C:\ProgramData\FLEXnet
2012-02-13 18:37 - 2012-02-13 18:37 - 0058556 ____A C:\Users\Alyssa\Desktop\Combofixlog_2.txt
2012-02-12 22:24 - 2011-09-04 19:45 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-12 22:24 - 2011-09-04 19:45 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-12 20:32 - 2012-02-12 20:32 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rvxhbdfv.sys
2012-02-12 20:02 - 2012-02-12 20:02 - 0019039 ____A C:\Users\Alyssa\Desktop\Combofixlog.txt
2012-02-12 20:01 - 2011-04-19 06:37 - 0000000 ____D C:\users\Addison
2012-02-12 20:01 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-12 19:56 - 2010-06-10 09:39 - 0257390 ____A C:\Windows\PFRO.log
2012-02-12 19:56 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-12 19:55 - 2012-02-12 19:55 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-12 19:44 - 2011-01-28 17:18 - 0001945 ____A C:\Windows\epplauncher.mif
2012-02-12 14:39 - 2012-02-12 19:28 - 4402282 ____R (Swearware) C:\Users\Alyssa\Desktop\ComboFix.exe
2012-02-11 19:58 - 2012-02-11 19:58 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ghjfpiys.sys
2012-02-11 19:48 - 2012-02-11 19:48 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rxbbkgtx.sys
2012-02-11 19:39 - 2012-02-11 19:39 - 0125326 ____A C:\Users\Alyssa\Desktop\Attach.txt
2012-02-11 19:37 - 2012-02-11 19:37 - 0026931 ____A C:\Users\Alyssa\Desktop\DDS.txt
2012-02-11 19:33 - 2012-02-11 19:33 - 0000474 ____A C:\Users\Alyssa\Desktop\defogger_disable.log
2012-02-11 19:33 - 2012-02-11 19:33 - 0000000 ____A C:\Users\Alyssa\defogger_reenable
2012-02-11 19:31 - 2012-02-11 18:49 - 0000809 ____A C:\Users\Alyssa\Desktop\Topic.txt
2012-02-11 19:26 - 2012-02-11 19:26 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ldizpaji.sys
2012-02-11 19:17 - 2012-02-11 19:17 - 0607260 ____R (Swearware) C:\Users\Alyssa\Desktop\dds.scr
2012-02-11 19:15 - 2012-02-11 19:15 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ulzbjvxi.sys
2012-02-11 19:15 - 2012-02-11 19:15 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qjjedrmh.sys
2012-02-11 19:14 - 2012-02-11 19:14 - 0050477 ____A C:\Users\Alyssa\Desktop\Defogger.exe
2012-02-11 19:14 - 2012-02-11 19:14 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tqhyqqji.sys
2012-02-11 19:05 - 2012-02-11 19:05 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\oblnhmqr.sys
2012-02-05 22:18 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-02-05 22:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-05 22:18 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-05 22:17 - 2012-02-05 07:10 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-05 22:17 - 2011-12-19 18:38 - 0000000 ____D C:\Users\Alyssa\AppData\Roaming\IrfanView
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-02-05 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-05 15:44 - 2012-02-05 15:44 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{62FA8B7B-8A34-48EB-8A36-A993ABB7FCC7}
2012-02-05 14:57 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-05 10:03 - 2011-01-27 15:53 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-05 07:43 - 2012-01-07 17:53 - 0007594 ____A C:\Users\Alyssa\AppData\Local\Resmon.ResmonCfg
2012-02-05 07:30 - 2010-12-27 15:04 - 0000174 __ASH C:\Users\Alyssa\Start Menu\Programs\Startup\desktop.ini
2012-02-05 07:30 - 2010-12-27 15:04 - 0000174 __ASH C:\Users\Alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-05 07:26 - 2009-07-13 20:45 - 2222768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-05 07:18 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-02-05 07:18 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-02-05 07:09 - 2012-02-05 07:09 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-03 21:10 - 2011-09-04 18:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 21:08 - 2011-01-19 17:21 - 0000000 ____D C:\Users\Alyssa\Desktop\Emmaline
2012-02-03 18:19 - 2012-02-03 18:19 - 0048464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whzucpnq.sys
2012-02-02 13:24 - 2012-02-02 13:24 - 0345484 ____A C:\Users\Alyssa\Desktop\42.odt
2012-01-29 15:14 - 2011-01-15 20:33 - 0000000 ____D C:\Users\Alyssa\AppData\Local\CrashDumps
2012-01-29 15:13 - 2012-01-29 15:13 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{8143463B-58A1-4CCF-B9A6-231A341E0D24}
2012-01-29 12:34 - 2012-01-29 12:34 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{612B2FC9-CF25-4479-AB0B-8CDF1FA8FB2B}
2012-01-29 02:10 - 2011-01-01 12:48 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-23 13:05 - 2012-01-23 13:05 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{2612A0D3-B88E-4F36-B366-13BA914A01EB}
2012-01-23 12:49 - 2012-01-23 12:49 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{798B916C-4061-4CCA-8C82-FB5F31DA8071}
2012-01-23 12:42 - 2012-01-23 12:42 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{9B510CED-1AA3-4253-A17B-6684CB407AC8}
2012-01-22 10:02 - 2012-01-22 10:02 - 0000000 ____D C:\Users\Alyssa\Desktop\WMMPM
2012-01-21 12:41 - 2011-08-29 18:41 - 0000000 ____D C:\Users\Alyssa\AppData\Local\Canon Easy-PhotoPrint EX
2012-01-21 12:41 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-20 16:05 - 2012-01-20 16:05 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{4FC9C2C2-AD41-48BD-975F-C14B2731E21B}
2012-01-20 16:04 - 2012-01-20 16:04 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{9A9D73BD-E555-4F6B-843B-32C5DED39934}
2012-01-20 03:32 - 2012-01-20 03:32 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{AB395A7C-7F94-456D-86F2-780B5245B344}
2012-01-20 03:31 - 2012-01-20 03:31 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{EFCF8D3D-F78D-4FBD-9FAD-5B436FEA50A7}
2012-01-20 03:31 - 2012-01-20 03:31 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{4E945F3F-4508-49BE-8634-61A4A08F75A2}
2012-01-20 03:30 - 2012-01-20 03:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{F4E3213D-F004-47DE-897A-F2C07594EAB0}
2012-01-20 02:31 - 2012-01-20 02:31 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A543CF97-DFFB-4267-8F5F-0D8FA2F6D2BD}
2012-01-20 02:30 - 2012-01-20 02:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{D50E82AA-02D6-407B-BEDC-7A7078E1B53A}
2012-01-20 02:27 - 2012-01-20 02:27 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A64135F9-D842-4C6D-BE72-F5418E02575A}
2012-01-20 02:23 - 2012-01-20 02:23 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{143EE26F-8338-495C-8079-585B0BBDC1BC}
2012-01-19 18:41 - 2012-01-19 18:41 - 0016913 ____A C:\Users\Alyssa\Desktop\Untitled 1.odt
2012-01-19 01:59 - 2012-01-19 01:59 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A72B9CDA-5B55-475A-A879-C985378CB1C5}
2012-01-18 19:02 - 2012-01-18 19:02 - 0000000 ____D C:\Users\Alyssa\Documents\Freemake
2012-01-18 14:32 - 2012-01-18 14:32 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1CFC248B-4A2A-44A9-B591-59B1B2271A59}
2012-01-18 03:26 - 2011-03-28 14:16 - 0000000 ____D C:\Users\Alyssa\Desktop\Sarah
2012-01-18 02:17 - 2012-01-18 02:17 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{3836D2F2-42FD-4CBF-9932-4F3ED7C26B67}
2012-01-18 02:14 - 2012-01-18 02:14 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{69CD6095-001A-431B-93F9-182569766131}
2012-01-17 18:23 - 2012-01-16 13:13 - 1672033 ____A C:\Users\Alyssa\Desktop\Whales.odt
2012-01-17 18:23 - 2012-01-07 11:33 - 0020798 ____A C:\Users\Alyssa\Desktop\whale 1.odt
2012-01-17 17:52 - 2012-01-17 17:46 - 0114939 ____A C:\Users\Alyssa\Desktop\web.jpg
2012-01-17 16:39 - 2012-01-18 18:58 - 6554029 ____A C:\Users\Alyssa\Desktop\04 River Flows In You.m4a
2012-01-16 14:57 - 2012-01-16 14:57 - 0000136 ____A C:\Users\Alyssa\Desktop\Hearts.lnk
2012-01-16 06:59 - 2011-06-13 08:12 - 0000000 ____D C:\Users\Alyssa\Desktop\Family Games
2012-01-15 09:19 - 2012-01-15 09:19 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{AFECE2DE-E665-460D-85D6-498C0D2C1AB5}
2012-01-15 09:15 - 2012-01-15 09:15 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{773C981B-4781-4F08-9C55-2F996E523C3A}
2012-01-15 09:10 - 2012-01-15 09:10 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{83D9AE40-4382-4D02-9063-2C6B70520246}
2012-01-14 14:17 - 2012-01-14 14:17 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{3A07CBC0-AD9C-4F95-8435-4474E87E90EC}
2012-01-14 12:47 - 2011-10-15 06:57 - 0000000 ____D C:\Users\Alyssa\Desktop\School
2012-01-14 12:46 - 2011-12-31 12:30 - 0000000 ____D C:\Users\Alyssa\Desktop\2011SS
2012-01-13 17:14 - 2011-01-28 17:18 - 0749732 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-13 17:13 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-01-13 17:11 - 2012-01-13 17:09 - 10165440 ____A (Microsoft Corporation) C:\Users\Alyssa\Downloads\mseinstall.exe
2012-01-13 16:03 - 2012-01-13 16:03 - 0021778 ____A C:\Users\Alyssa\Downloads\Duck temp..wlmp
2012-01-13 14:35 - 2012-01-13 14:35 - 0026349 ____A C:\Users\Alyssa\Desktop\All_County_Letter_LHS_CO_2012.odt
2012-01-13 02:45 - 2010-12-27 18:22 - 0000000 ____D C:\Users\Alyssa\AppData\Local\Windows Live
2012-01-13 02:44 - 2012-01-13 02:44 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{23517236-B95B-44C4-987F-AA643E550D9D}
2012-01-13 02:44 - 2012-01-13 02:44 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{0A13951D-1208-4F3B-A6DC-2C933378B93A}
2012-01-13 02:08 - 2012-01-13 02:08 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{E6EE4A7D-27FC-4037-95F0-96851355BA02}
2012-01-13 02:03 - 2012-01-13 02:03 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{7336A9D6-6819-4C8B-AB58-711C1ADB1B7B}
2012-01-12 15:58 - 2012-01-12 15:58 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{61E829BB-4C3C-4DA7-9468-6774A2C74B35}
2012-01-11 03:34 - 2012-01-11 03:34 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1F914A3F-B3D8-47B1-BC60-1B9380DCE630}
2012-01-11 03:30 - 2012-01-11 03:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{504352C8-3987-43A0-B6F8-A2DC93AA29C6}
2012-01-11 03:26 - 2012-01-11 03:26 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{F18C45BC-2A1D-4BBC-8E83-C916035C4868}
2012-01-11 03:21 - 2012-01-11 03:21 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{F92B0FBD-B912-46D0-B5D5-3714968DAC02}
2012-01-11 02:41 - 2012-01-11 02:41 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{059B187E-10AD-4B58-BBB4-97B11EFA87A0}
2012-01-11 02:20 - 2012-01-11 02:20 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{9AB72BCB-322E-422F-B921-5C39DA948BD5}
2012-01-11 02:06 - 2012-01-11 02:06 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1F4642C3-E112-4A99-8569-0058DD68E1CB}
2012-01-10 18:39 - 2010-12-27 16:05 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-10 01:57 - 2012-01-10 01:57 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{140B9C5E-0B50-46C9-9893-F3559BE5B31A}
2012-01-08 15:32 - 2012-01-08 15:32 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{E8BE1AA1-24CB-427C-86F9-7897C35BCDDF}
2012-01-08 10:50 - 2012-01-08 10:50 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{3F48CDA8-843A-4D37-946A-C680F0E7173F}
2012-01-08 10:39 - 2012-01-08 10:39 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{2BA63BB6-394B-4686-ABF6-3AA5D4EC9009}
2012-01-08 10:29 - 2012-01-08 10:29 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{B894244B-1207-4ADC-82B0-3F5F335D408A}
2012-01-08 10:28 - 2012-01-08 10:28 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{07E909BC-8421-4522-B404-3982E9D7EE5E}
2012-01-08 07:34 - 2012-01-08 07:34 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{9DF733C8-95DB-499A-8CBF-DAE4D2817782}
2012-01-08 07:30 - 2012-01-08 07:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{ED9F961A-B7F5-43C5-ACB6-D84C5A14B9E1}
2012-01-07 19:46 - 2012-01-07 19:46 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{8A100BD4-6C3A-44FB-B81E-B3A6C01ED24B}
2012-01-07 19:13 - 2012-01-07 19:13 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A4F4AFBE-4AAF-4AED-A5F4-D2310AEB1C22}
2012-01-07 17:59 - 2011-09-04 19:45 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-01-07 12:16 - 2012-01-07 12:16 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{15F9A775-2BF9-4E8A-A19F-020360C02838}
2012-01-07 12:13 - 2012-01-07 12:13 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{244703D4-F70C-41ED-8399-6C304EECFE0D}
2012-01-07 11:02 - 2011-12-19 15:32 - 0012597 ____A C:\Users\Alyssa\Desktop\aLICE.odt
2012-01-07 10:06 - 2012-01-07 10:06 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{6F6C4DB4-C0AB-4857-AF0E-4AD12EDE26DE}
2012-01-07 09:48 - 2012-01-07 09:48 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{BDDD1EBB-5F64-4C3F-BD38-45D203020D4C}
2012-01-07 09:42 - 2012-01-07 09:42 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{551B73E6-3877-4634-98F7-43493F723601}
2012-01-07 09:42 - 2012-01-07 09:42 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{100AB9F2-2FF3-40CA-99D9-AF1FD337F2AA}
2012-01-07 09:36 - 2012-01-07 09:36 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{ABB09DC9-4EE7-4709-8528-D1C523644E50}
2012-01-07 09:30 - 2012-01-07 09:30 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{D3B37760-8B46-419F-8D25-D606AB8CA13C}
2012-01-07 09:26 - 2012-01-07 09:26 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{5C4CCE0C-DCFA-4645-9861-2B62FEE25AF3}
2012-01-07 09:22 - 2012-01-07 09:22 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{4D1BD393-A4CD-4125-9B38-02030CFA58D1}
2012-01-07 09:18 - 2012-01-07 09:18 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{11751C5C-ADBC-4345-B482-43135B438C97}
2012-01-07 08:48 - 2012-01-07 08:48 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{824A339E-D510-4D29-8F85-B41687163759}
2012-01-07 08:36 - 2012-01-07 08:36 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{30F96CF8-7222-42BE-A0B2-53CA78891475}
2012-01-07 08:19 - 2012-01-07 08:19 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A1964322-C742-4030-9C3C-5BBEC93DB6E2}
2012-01-06 19:11 - 2012-01-06 19:11 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{FB25C706-A547-4589-8002-D57B6CB77E34}
2012-01-06 19:11 - 2012-01-06 19:11 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{AD89672F-A400-4827-B124-1CD24F959439}
2012-01-05 15:05 - 2012-01-05 15:05 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{E8DCAE70-A887-41C4-B0C8-41D9970DB689}
2012-01-05 14:57 - 2012-01-05 14:57 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{0EF2E0B0-C489-4ADF-9068-32D4FCA6486F}
2012-01-05 12:53 - 2012-01-05 12:53 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{570AAC6C-415B-4302-A26E-A03563462F3E}
2012-01-05 02:07 - 2012-01-05 02:07 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{F5F733AD-2FCA-4946-AF58-79B7D62F3BCB}
2012-01-05 01:58 - 2012-01-05 01:58 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{45D3702E-4FCE-4072-BC1D-AE7A5FC9235A}
2012-01-03 14:59 - 2012-01-03 14:59 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{3A1B5E16-2B59-4077-B827-D3B2426C273B}
2012-01-03 14:57 - 2012-01-03 14:57 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{7525DC23-E154-4897-BA3B-888D1ACCB3A4}
2012-01-03 14:54 - 2012-01-03 14:54 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{B86A75FE-0594-4F76-A201-0321643AA36F}
2012-01-03 12:23 - 2012-01-18 18:59 - 8830360 ____A C:\Users\Alyssa\Desktop\04 Smooth Criminal.m4a
2012-01-01 16:50 - 2012-01-01 16:50 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{DCD199E9-1343-4CCA-889E-4AB9580FD4ED}
2011-12-31 20:08 - 2011-12-31 20:08 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{65EB7108-71CC-4FDE-8C79-3D54DC616242}
2011-12-31 20:07 - 2011-12-31 20:07 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1B4E7CED-44CA-4C2E-8B66-300117FE5748}
2011-12-31 20:05 - 2011-12-31 20:05 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{EDD011C4-8B3C-4FF8-B359-8CC38866D0B6}
2011-12-31 19:06 - 2011-12-31 19:06 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{C8B2AC0B-81FB-4D36-A668-17A14A8E25EA}
2011-12-31 18:53 - 2011-12-31 18:53 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{56812FE1-486B-42C6-B39D-029D68EE1641}
2011-12-31 18:17 - 2011-12-31 18:17 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{696611EC-1054-4D4A-91CF-2AA9861EF3C2}
2011-12-31 16:20 - 2011-12-31 16:20 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1275EEF8-68E6-4254-88C7-4E889EEFB7AC}
2011-12-31 16:13 - 2011-12-31 16:13 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{76F38110-9DAB-4811-B9EF-ED1DAC56917A}
2011-12-31 16:06 - 2011-12-31 16:06 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{76A90635-BF98-456E-A457-BEA2F43E1AC5}
2011-12-31 15:42 - 2011-12-31 15:42 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{3D14AF3A-2CD9-4757-8224-C7A13549FFA0}
2011-12-31 15:30 - 2011-12-31 15:26 - 0000000 ____D C:\Users\Alyssa\Desktop\DCIM
2011-12-31 14:24 - 2011-12-31 14:24 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{1CA89D92-3E77-4C39-97E6-6E8DDBDB1354}
2011-12-31 13:53 - 2011-12-31 13:53 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{8FEA085E-5F2D-4F0F-A48C-A50083E3FD94}
2011-12-31 12:51 - 2011-12-24 15:42 - 0007680 ____A C:\Users\Alyssa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-31 12:25 - 2009-07-13 21:08 - 0032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-30 12:04 - 2011-12-30 12:04 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A18A38CD-30B9-4CD8-A69A-C7EC8D887596}
2011-12-29 16:43 - 2011-02-15 10:01 - 0000000 ____D C:\Users\All Users\PopCap Games
2011-12-29 16:43 - 2011-02-15 10:01 - 0000000 ____D C:\ProgramData\PopCap Games
2011-12-29 16:43 - 2011-02-15 10:01 - 0000000 ____D C:\Program Files (x86)\PopCap Games
2011-12-29 13:41 - 2011-12-29 13:41 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{859A7748-6B3A-4C2E-AD2F-6609398549D1}
2011-12-28 05:32 - 2011-06-13 08:11 - 0000000 ____D C:\Users\Alyssa\Desktop\Addison
2011-12-26 16:36 - 2011-12-26 16:36 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{A6E7360D-39F9-4113-9FEB-6CF0C8F3B95B}
2011-12-26 15:25 - 2011-12-26 15:25 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{FF628A13-2BC1-47CE-A2E2-F2CE4FCE3DDA}
2011-12-26 10:05 - 2011-12-26 10:05 - 0000000 ____D C:\Users\Alyssa\AppData\Roaming\PopCapv1003
2011-12-26 10:05 - 2011-12-26 10:05 - 0000000 ____D C:\Users\All Users\SpinTop Games
2011-12-26 10:05 - 2011-12-26 10:05 - 0000000 ____D C:\ProgramData\SpinTop Games
2011-12-26 08:20 - 2011-12-26 08:20 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{115339F3-0C2B-4DE1-9C4B-AF84D9C26602}
2011-12-24 21:51 - 2011-12-24 15:59 - 0481619 ____A C:\Users\Alyssa\Desktop\SHP.odt
2011-12-24 18:29 - 2011-12-24 18:29 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{FAA4522C-872E-499C-9AA8-D02C97F8B9A7}
2011-12-24 18:26 - 2011-12-24 18:26 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{8A2DDAE1-2939-48C1-8185-64F2879CADE2}
2011-12-24 16:42 - 2011-12-24 16:42 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{267A22C9-854F-42A6-A4FE-9211DC4EE6FB}
2011-12-24 16:03 - 2011-12-18 15:27 - 0000000 ____D C:\Users\Alyssa\Desktop\XMas2011
2011-12-24 15:59 - 2011-12-24 15:59 - 0000000 ____A C:\Users\All Users\28731J146.dat
2011-12-24 15:59 - 2011-12-24 15:59 - 0000000 ____A C:\ProgramData\28731J146.dat
2011-12-24 15:43 - 2011-12-24 15:43 - 0009193 ____A C:\Users\Alyssa\Documents\1254.odt
2011-12-24 15:38 - 2011-12-22 18:21 - 4185650 ____A C:\Users\Alyssa\Desktop\Through the Open Door.odg
2011-12-24 09:33 - 2011-12-24 09:33 - 0370581 ____A C:\Users\Alyssa\Documents\goth outfits 1.odg
2011-12-23 18:13 - 2011-12-23 18:13 - 0342324 ____A C:\Users\Alyssa\Desktop\Untitled 1.odg
2011-12-22 14:38 - 2011-12-22 14:38 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{37A5B268-3D15-48BD-A3C7-A13A2D12B148}
2011-12-21 20:14 - 2011-12-21 20:10 - 0000000 ____D C:\Users\Alyssa\Desktop\SECURITY SOFTWARE
2011-12-21 19:58 - 2011-12-21 19:58 - 0000400 ____A C:\rkill.log
2011-12-21 19:55 - 2011-12-21 11:54 - 0011432 __ASH C:\Users\Alyssa\AppData\Local\c2gb74h8fv4sbk
2011-12-21 19:55 - 2011-12-21 11:54 - 0011432 __ASH C:\Users\All Users\c2gb74h8fv4sbk
2011-12-21 19:55 - 2011-12-21 11:54 - 0011432 __ASH C:\ProgramData\c2gb74h8fv4sbk
2011-12-21 19:53 - 2011-12-21 19:57 - 1008141 ____A C:\Users\Alyssa\Desktop\iExplore.exe
2011-12-21 11:54 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-12-19 18:38 - 2011-12-19 18:38 - 0001011 ____A C:\Users\Alyssa\Desktop\IrfanView.lnk
2011-12-19 18:38 - 2011-12-19 18:38 - 0000000 ____D C:\Program Files (x86)\IrfanView
2011-12-19 18:36 - 2011-12-19 18:36 - 1528832 ____A (Irfan Skiljan) C:\Users\Alyssa\Downloads\iview432_setup.exe
2011-12-19 15:23 - 2011-12-19 15:23 - 4146165 ____A C:\Users\Alyssa\Desktop\Grimm2.odt
2011-12-18 14:14 - 2011-12-18 14:14 - 0001263 ____A C:\Users\Public\Desktop\SheetMusicPlusDigitalPrint.lnk
2011-12-18 14:14 - 2011-12-18 14:14 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-12-18 14:14 - 2011-12-18 14:14 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-12-18 14:14 - 2011-12-18 14:14 - 0000000 ____D C:\Users\Alyssa\AppData\Roaming\com.sheetmusicplus.DigitalAirPrint
2011-12-18 14:14 - 2011-12-18 14:14 - 0000000 ____D C:\Program Files (x86)\SheetMusicPlusDigitalPrint
2011-12-18 14:14 - 2010-06-10 09:36 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-12-18 14:13 - 2010-12-27 15:20 - 0000000 ____D C:\Users\Alyssa\AppData\Roaming\Adobe
2011-12-18 14:12 - 2010-12-30 06:52 - 0000000 ____D C:\Users\Alyssa\AppData\Local\Adobe
2011-12-18 10:28 - 2011-12-18 10:28 - 0040259 ____A C:\Users\Alyssa\Desktop\Immortal.jpg
2011-12-10 12:24 - 2011-09-04 18:23 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 14:48 - 2011-12-05 03:38 - 0000000 ____D C:\Users\Alyssa\Desktop\MP
2011-12-06 17:11 - 2011-12-06 17:11 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{CB171715-03AA-48A0-95AE-2F9C3FF05E0F}
2011-12-06 17:11 - 2011-12-06 17:11 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{5B7F0461-A65B-41D8-8EDB-7399508C7672}
2011-11-28 16:51 - 2011-04-23 13:14 - 0000000 ____D C:\Program Files (x86)\Scholastic
2011-11-28 02:11 - 2011-11-28 02:11 - 0000000 ____D C:\Users\Alyssa\AppData\Local\{FF340BC4-7904-4C71-B41E-55D1AED384D0}
2011-11-23 20:52 - 2011-12-15 01:28 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 06:58 - 2012-01-10 12:10 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-10 12:10 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3839.37 MB
Available physical RAM: 3137.38 MB
Total Pagefile: 3837.52 MB
Available Pagefile: 3118.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:580.07 GB) (Free:508.58 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:5.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive l: () (Removable) (Total:1.87 GB) (Free:1.43 GB) FAT
10 Drive m: (VZAccess Manager) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
13 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 1910 MB 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 16 GB 1024 KB
Partition 2 Primary 100 MB 16 GB
Partition 3 Primary 580 GB 16 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E PQSERVICE NTFS Partition 16 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM RESE NTFS Partition 100 MB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C eMachines NTFS Partition 580 GB Healthy

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 31 KB

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 L FAT Removable 1910 MB Healthy

==========================================================

Last Boot: 2012-02-15 18:29

======================= End Of Log ==========================

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,571
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 17 February 2012 - 12:19 AM

Hello

I want you to run this fix and once it is complet I want you to go back into windows and run combofix - if it asks to update allow it

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

 
2 fsdfwd; C:\Windows\System32\TVALG.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\TVALG.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

<-- Don't worry every little bit helps.

#15 dpeck

New Member

Group: Members
Posts: 12
Joined: 11-February 12

Posted 18 February 2012 - 10:09 AM

Hello Gringo,

I ran the fix for Farbar. The log is below. After that, I rebooted and tried running ComboFix. It was out of date so I downloaded the latest version and ran it. While it was running it listed a bunch of files it could not find, but it seemed to run OK. The ComboFix log is below. All reboots have been quick and clean so far.

Thank you.

Fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-02-2012
Ran by SYSTEM at 2012-02-18 08:36:23 R:1
Running from L:\

==============================================

fsdfwd service deleted successfully.
C:\Windows\System32\TVALG.dll moved successfully.

==== End of Fixlog ====

ComboFix log:

ComboFix 12-02-17.02 - Alyssa 02/18/2012 8:56.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2768 [GMT -5:00]
Running from: c:\users\Alyssa\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TEMP
c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\system32\consrv.dll
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-17 07:08 . 2012-02-17 07:09 -------- d-----w- C:\FRST
2012-02-17 02:53 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 02:53 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 02:53 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 02:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 02:53 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 02:53 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 02:53 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 02:53 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 03:26 . 2012-02-15 03:26 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-15 03:26 . 2012-02-15 03:26 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-15 03:26 . 2012-02-15 03:26 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-15 03:26 . 2012-02-15 03:26 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-13 04:32 . 2012-02-13 04:32 48464 ----a-w- c:\windows\system32\drivers\rvxhbdfv.sys
2012-02-12 03:58 . 2012-02-12 03:58 48464 ----a-w- c:\windows\system32\drivers\ghjfpiys.sys
2012-02-12 03:48 . 2012-02-12 03:48 48464 ----a-w- c:\windows\system32\drivers\rxbbkgtx.sys
2012-02-12 03:26 . 2012-02-12 03:26 48464 ----a-w- c:\windows\system32\drivers\ldizpaji.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\ulzbjvxi.sys
2012-02-12 03:15 . 2012-02-12 03:15 48464 ----a-w- c:\windows\system32\drivers\qjjedrmh.sys
2012-02-12 03:14 . 2012-02-12 03:14 48464 ----a-w- c:\windows\system32\drivers\tqhyqqji.sys
2012-02-12 03:05 . 2012-02-12 03:05 48464 ----a-w- c:\windows\system32\drivers\oblnhmqr.sys
2012-02-05 15:10 . 2012-02-06 06:17 -------- d-----w- c:\windows\system32\SPReview
2012-02-05 15:09 . 2012-02-05 15:09 -------- d-----w- c:\windows\system32\EventProviders
2012-02-05 15:06 . 2012-02-17 05:17 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 02:19 . 2012-02-04 02:19 48464 ----a-w- c:\windows\system32\drivers\whzucpnq.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 15:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-05 15:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-29 10:10 . 2011-01-01 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-09-05 02:23 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 19:57 . 2010-12-23 19:57 1937408 ----a-w- c:\program files (x86)\ThumbsUp.dll
2010-12-23 19:57 . 2010-12-23 19:57 12120064 ----a-w- c:\program files (x86)\SketchUp.exe
2010-12-23 19:55 . 2010-12-23 19:55 2236416 ----a-w- c:\program files (x86)\SkpWriter.dll
2010-12-23 19:51 . 2010-12-23 19:51 2359296 ----a-w- c:\program files (x86)\xerces-c_2_6.dll
2010-12-23 19:51 . 2010-12-23 19:51 892998 ----a-w- c:\program files (x86)\msvcrt-ruby18.dll
2010-12-23 19:51 . 2010-12-23 19:51 339968 ----a-w- c:\program files (x86)\mpiwin32.dll
2010-12-23 19:51 . 2010-12-23 19:51 2752512 ----a-w- c:\program files (x86)\gdal16.dll
2010-12-23 19:51 . 2010-12-23 19:51 986112 ----a-w- c:\program files (x86)\dbghelp.dll
2010-12-23 19:51 . 2010-12-23 19:51 31384 ----a-w- c:\program files (x86)\SpatialIndex_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 94872 ----a-w- c:\program files (x86)\DD_Br_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 8172184 ----a-w- c:\program files (x86)\DD_Db_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 709272 ----a-w- c:\program files (x86)\DD_AcisBuilder_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 701080 ----a-w- c:\program files (x86)\DD_Gi_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 61440 ----a-w- c:\program files (x86)\BugSplatRc.dll
2010-12-23 19:51 . 2010-12-23 19:51 565912 ----a-w- c:\program files (x86)\DD_Root_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 307864 ----a-w- c:\program files (x86)\DD_BrepRenderer_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 283288 ----a-w- c:\program files (x86)\DD_DbRoot_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 264328 ----a-w- c:\program files (x86)\BsSndRpt.exe
2010-12-23 19:51 . 2010-12-23 19:51 227408 ----a-w- c:\program files (x86)\BugSplat.dll
2010-12-23 19:51 . 2010-12-23 19:51 14488 ----a-w- c:\program files (x86)\DD_Alloc_3.02_8.dll
2010-12-23 19:51 . 2010-12-23 19:51 119448 ----a-w- c:\program files (x86)\ModelerGeometry_3.02_8.drx
2010-12-23 19:51 . 2010-12-23 19:51 1057432 ----a-w- c:\program files (x86)\DD_Ge_3.02_8.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-13_03.56.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-15 09:31 . 2011-11-05 04:31 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 67072 c:\windows\SysWOW64\mshtmled.dll
- 2011-12-15 09:31 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-17 02:52 . 2011-12-16 07:54 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-12-15 09:31 . 2011-11-05 04:30 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-12-21 23:48 . 2012-01-18 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-21 23:48 . 2012-02-16 01:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-22 04:07 . 2012-02-15 02:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2011-12-22 04:07 . 2012-01-18 00:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-02-15 23:15 . 2012-02-16 01:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021520120216\index.dat
+ 2012-02-15 02:36 . 2012-02-15 02:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021420120215\index.dat
+ 2011-12-22 00:07 . 2012-02-16 00:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-22 00:07 . 2012-01-18 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-06-10 17:17 . 2012-02-17 08:30 48530 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-18 13:39 45848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-27 23:04 . 2012-02-18 13:39 20114 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3142322181-2191948835-3067763791-1000_UserData.bin
+ 2012-02-17 02:52 . 2011-12-16 08:45 97280 c:\windows\system32\mshtmled.dll
- 2011-12-15 09:31 . 2011-11-05 05:38 97280 c:\windows\system32\mshtmled.dll
- 2011-12-15 09:31 . 2011-11-05 05:41 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-17 02:52 . 2011-12-16 08:47 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2012-01-20 12:57 . 2012-02-13 03:18 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-01-20 12:57 . 2012-02-15 02:04 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-02-17 02:52 . 2011-12-16 08:45 64512 c:\windows\system32\jsproxy.dll
- 2011-12-15 09:31 . 2011-11-05 05:37 64512 c:\windows\system32\jsproxy.dll
+ 2010-12-27 23:00 . 2012-02-17 08:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:00 . 2012-02-13 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 23:00 . 2012-02-17 08:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-27 23:00 . 2012-02-13 03:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-13 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 08:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-18 13:44 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-27 23:06 . 2012-02-13 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 23:06 . 2012-02-18 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 23:06 . 2012-02-13 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 23:06 . 2012-02-18 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-17 02:57 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-02-17 02:57 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2012-01-06 00:12 . 2012-01-06 00:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-06 00:12 . 2012-01-06 00:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-06 00:11 . 2012-01-06 00:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-06 00:11 . 2012-01-06 00:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-12-28 00:04 . 2011-10-13 02:59 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-28 00:04 . 2012-02-17 08:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\42d44cc48edbf4d5b19af6d6afc6cd62\System.Windows.Presentation.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\5c5a54c265c044f359659e6eeff29171\System.Web.ApplicationServices.ni.dll
+ 2012-02-17 08:21 . 2012-02-17 08:21 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\5febe9c0db17256605a3c0b906d124a3\System.Windows.Presentation.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\d948214592e9ee62eefecfc06ac37690\System.Web.ApplicationServices.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\361744396ee71dcc435c93226a8a6754\System.ServiceModel.Channels.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\265f654b8eed2ac1e42d225a30433c37\System.Windows.Presentation.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\62889e05923a83fa32400e7f3b28f9c6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\c1577aa4e5874f1debc9a63343e5a0d7\PresentationFontCache.ni.exe
+ 2012-02-17 08:33 . 2012-02-17 08:33 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\697c9c4ec947a0a5e21bc9e4c6471b74\PresentationCFFRasterizer.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\2d80e48139b13bf06e85c0c1db06bc20\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\df5c0dac9e7db175acc8a9755942f87f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8a9356f77bd1d1155202f59119ee57c9\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8260ae5a7d4a7e7cd907c958858da284\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4e53199f22c13aa3e4bc6f063da0aee7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\371120a0816ba5ce909b8e1341da376f\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0f361440d7cbda4bf5b44bfbd4623812\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-17 08:31 . 2012-02-17 08:31 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e6aabbfb38a14559712fdf51064ff3a1\Microsoft.VisualC.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\8cd347067dbe1ec5a79c9d261d2d75d9\LoadMxf.ni.exe
+ 2012-02-17 08:40 . 2012-02-17 08:40 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe
+ 2012-02-17 08:33 . 2012-02-17 08:33 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\d301e1d96d4f39f15482db09206f1fb1\Accessibility.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\4de43eb5ea803d03e734fe747eec8205\WindowsLiveWriter.ni.exe
+ 2012-02-17 08:45 . 2012-02-17 08:45 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7a27d81eb9342b58be88203da8a6001\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\df6e2f050af3e7a7676650240ef9d7e5\System.Windows.Presentation.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e66fcffbc602b284e20b6c49f4ac64b6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2463cb2600fc129e38f67974f3553368\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bef92fc6725738f2a261600dab88cd66\PresentationFontCache.ni.exe
+ 2012-02-17 08:37 . 2012-02-17 08:37 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\dcdbd6714f689d7be2a15fe8ed1bc095\PresentationCFFRasterizer.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\a38f8e60cdbca2d158d8daaea9577934\napcrypt.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\7834abeef71f9188bb9d9253d8f807ab\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ef668f1802501935d634458ef637f5e7\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ed12245481e36d8cc238876bd79b1e6c\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a66c7d26f61bb8e12960441a77159102\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62e68252fc137a55d2d39fe0d5093599\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\61a8d567fe6450b5b77584b0044a6979\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\52785c0dca46f1e08b5cf9299fba9ae0\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\183073b14873e3b18951879ae4a8b425\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\824d2cc6a8193a2458ce90e579c8b8f5\Microsoft.Vsa.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\3cb6023aa6ab962babcee9c0ec8991de\Microsoft.VisualC.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aac5bc888c15c2630ea22e517e4e19f8\Microsoft.Build.Framework.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4ee55572f0f54a71e24fe3fec094968b\Microsoft.Build.Framework.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\e6e4bd9a47848b93cd2dd8a688968741\ehiUserXp.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe
+ 2012-02-17 08:37 . 2012-02-17 08:37 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
+ 2010-12-30 04:04 . 2012-02-14 02:38 4026 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-13 03:56 . 2012-02-13 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-18 14:03 . 2012-02-18 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 02:52 . 2011-12-16 07:54 981504 c:\windows\SysWOW64\wininet.dll
- 2011-12-15 09:31 . 2011-11-05 04:35 981504 c:\windows\SysWOW64\wininet.dll
+ 2012-02-17 02:52 . 2011-12-16 07:54 132096 c:\windows\SysWOW64\url.dll
- 2011-12-15 09:31 . 2011-11-05 04:34 132096 c:\windows\SysWOW64\url.dll
- 2011-12-15 09:31 . 2011-11-05 04:31 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-12-15 09:31 . 2011-11-11 05:40 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-14 04:54 . 2012-02-12 03:09 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-16 11:47 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-17 02:52 . 2011-12-16 08:47 134144 c:\windows\system32\url.dll
- 2011-12-15 09:31 . 2011-11-05 05:41 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-02-18 13:55 628304 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-13 03:44 628304 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-18 13:55 108482 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-13 03:44 108482 c:\windows\system32\perfc009.dat
- 2011-12-15 09:31 . 2011-11-05 05:38 702464 c:\windows\system32\msfeeds.dll
+ 2012-02-17 02:52 . 2011-12-16 08:45 702464 c:\windows\system32\msfeeds.dll
+ 2012-02-17 02:52 . 2011-12-16 08:45 247808 c:\windows\system32\ieui.dll
- 2011-12-15 09:31 . 2011-11-11 06:49 247808 c:\windows\system32\ieui.dll
- 2009-07-14 05:38 . 2012-02-13 06:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-02-15 05:22 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2012-02-13 03:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-17 08:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-13 03:55 345796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-18 14:02 345796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-04 01:00 . 2012-02-05 19:45 692596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-12288.dat
+ 2011-09-04 01:00 . 2012-02-15 03:29 692596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-12288.dat
+ 2012-02-17 02:57 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-02-17 02:55 . 2011-07-08 22:31 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2011-07-03 01:54 . 2010-11-05 01:56 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2012-02-17 02:57 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-07-03 01:54 . 2010-11-05 01:58 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-02-17 02:55 . 2011-07-08 22:33 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-07-03 01:54 . 2010-11-05 01:57 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-02-17 02:57 . 2011-03-29 22:33 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-02-17 02:55 . 2011-07-08 22:33 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-06 00:11 . 2012-01-06 00:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-06 00:11 . 2012-01-06 00:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6bdb6c455153a223a2180c883ea5a06c\WindowsFormsIntegration.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\8df6331b51fe3ae5b9d0cf8c582d3f84\UIAutomationClient.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\6bc2cf9d31ae7e22349af3ddb1306c96\System.Xml.Linq.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\f9e5fcb862d898327924fcac2ff47c4d\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\5f61f0305f22aed705e0680f58fc5d89\System.Transactions.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\6afb4b90a21aae2e499f577b92102b85\System.ServiceProcess.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bfb5e1c0961fe330c89c043a188cc807\System.ServiceModel.Routing.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\671c48760746239f2dfb0b64a7413624\System.ServiceModel.Channels.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\d8342f4b914e190a9e5c89c7703dd11f\System.Security.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\9426384a1d2d2e815e093a0fe88da585\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\73d3849c909668636452b43f54edb54e\System.Runtime.Remoting.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\21fa922f90a47d10fd11107efff5ea4f\System.Net.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\c07fc2256ec2210bfd7f7abf1639833e\System.Messaging.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\655c314109b3ab211e13b88d0769651b\System.Management.Instrumentation.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\cf1c0c4152c5548179dd3e2870f25cc4\System.IO.Log.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\d8dc2ea040e12c679b5d779370a19e58\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\994e60f26b11755207e9c7ebb9fd688b\System.Dynamic.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\bc62e3c6c42db6e63c18038e9bac5a5c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\5373b5adf6f12ca3ac8806827259a986\System.Device.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\938f42c2d694b3935ca890fee7d0c8a7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\cde466cd9b88dc7857c40ac43bf7632c\System.Configuration.Install.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\081bebeff0574ed1969b05eafab5b342\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\e88489a8cc6a68a7ebb4617d1a20e5e7\System.AddIn.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\ba36345815c2011c3f054ebee01a0569\System.Activities.DurableInstancing.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\70edc7fbf7505880ab1652b35f6e9517\SMSvcHost.ni.exe
+ 2012-02-17 08:13 . 2012-02-17 08:13 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\9d160b8d7c69ce50ac1db59a8fa2bcb5\SMDiagnostics.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\dbb2bb145d0bac0d0615f52739ad2702\PresentationFramework.Aero.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\4d9a6f376f83a6ea5b71a678566ee1de\PresentationFramework.Royale.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3ec560f5f3b643e02b6025363034d624\PresentationFramework.Luna.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1767cdd5d245b5087045d1ad2fbdd8fd\PresentationFramework.Classic.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\10abc6daca21b4d51f5e34abe73cb5cb\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\385ffb17c4890d76682d1d0c81f39e09\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 08:21 . 2012-02-17 08:21 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bfab3d0d973b05366401b15f6ab8febb\WindowsFormsIntegration.ni.dll
+ 2012-02-17 08:21 . 2012-02-17 08:21 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\f4d55487b0e1eae2de72e1d8e14c4781\UIAutomationClient.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b16aace2ac6c7e7d6849f3a683776cd1\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\07db951fbbd939fc70b0b91a8fa83185\System.Transactions.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f9977bade8fa997882aa57b430820765\System.ServiceProcess.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b6b9eeba0eaffb7691e9fd06c4f3dd10\System.ServiceModel.Routing.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\012cb4a4bd973425eac0dbe52cdcc721\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e558d70a5dbc430b5a2904eec156749d\System.Runtime.Remoting.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6ddba0a0ef4a512f8de2b3feacb8bd4a\System.Net.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ae04414918ec66af305d771a18d8b3c\System.Messaging.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b2990e7dd2ce6c1ec99e4f27f766beb0\System.Management.Instrumentation.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3ee79197b362398995eba1a67e83d865\System.IO.Log.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3e177995dd026b939dc8b6769c77e60f\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\746a79ac47809d2658daf85f2b5a2ad9\System.Dynamic.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4946d4a8b1301179885c0621ac7120ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\171d40509eccb741a5a4a0908b41c840\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\eca593b1efb8f28f8204c841d6f875f2\System.Device.ni.dll
+ 2012-02-17 08:19 . 2012-02-17 08:19 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8cec191afd4e0abc87ed7e93f814f1fc\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
+ 2012-02-17 08:19 . 2012-02-17 08:19 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\36c77d53335088d10774054af4dfc034\System.Configuration.Install.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a58dbf4346bc2bd65df689cb6b25326c\System.ComponentModel.Composition.ni.dll
+ 2012-02-17 08:19 . 2012-02-17 08:19 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\3924f7fd82f46e76f3b89b9828c3587c\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\b323b1cd4f7e891c9b2def688895cd37\System.AddIn.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\89c1fb7b7684036e32dafff798d1a744\System.Activities.DurableInstancing.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\2dca989632203f2bc603d76492aff1f3\SMSvcHost.ni.exe
+ 2012-02-17 08:18 . 2012-02-17 08:18 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ed5c98553688c7bd5fa0459ddc629bf\SMDiagnostics.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\870a3f81e3fa889dfd5f63ea813d1bb5\PresentationFramework.Royale.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5bf1ff80129ae0bca17f47ccf3dbc0c4\PresentationFramework.Classic.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\590ab08a24d15cb6891608c80fdebb1a\PresentationFramework.Luna.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f941120c158a98c56b2cd3488c056c6b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4a9409b232987a471b8437cd0a35a3ea\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\600f8ca5fcc54f10623903952fcc10ac\WsatConfig.ni.exe
+ 2012-02-17 08:44 . 2012-02-17 08:44 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ddb96c334583dc79463edcb14ae16c99\WindowsFormsIntegration.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\344ac206baaadddc6f7c5fb8ae189b1a\UIAutomationTypes.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\7a61dc7e8c606d1ed2c703cbeae2f8ef\UIAutomationProvider.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\152b577b846875cb3ac5e2097451daf0\UIAutomationClient.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\fb5fce5cf09733b71a796d1da399f07a\TaskScheduler.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\bc3bbe78635aeacaeea3b310ea5ff002\System.Xml.Linq.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\894b696a87ad47b5e18ac89954813a94\System.Web.Routing.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ed681c0aefa909f528d50d0d7f87b799\System.Web.RegularExpressions.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a6885ee42ea49eb80f1bd18a5252684d\System.Web.Entity.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\88ffeea88ac9ce23de0c5a27a95e773a\System.Web.Entity.Design.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7a311c3305dbbd5cfa2613997608a4ae\System.Web.DynamicData.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e5069f3c90b4413dd2f3dc226c80bc68\System.Web.Abstractions.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\caa6d0e3ec056ab964616da777c2fcb1\System.Transactions.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\872d9ab7e9259b407668c38b6112499e\System.ServiceProcess.ni.dll
+ 2012-02-17 08:32 . 2012-02-17 08:32 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\ffc67ee81b75ac04dfc1fee6a7fef8c5\System.Security.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\bc8c5bdae37a113b2274279ceb94d6d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e238ca4ca02f9309283c98e1a4235bbd\System.Net.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\c340633057ed6b9ffcf2214cb348a1fa\System.Management.Instrumentation.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\c24a84d54ad05618cf6cab545c31b06b\System.IO.Log.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\f1fd4593259aaf5fd2b2e9a7aed2d8cb\System.Drawing.Design.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3c2c8f083f34a3c75e0aa17ef9ac4127\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\be6635364f1af379afff83dd877a4e03\System.Data.Services.Design.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\027959159200e828ccfddaef5f01b3a9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\e71e38d2ca2cd291467d890336f45931\System.Configuration.Install.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\8c954be3f8d070b1364844741ff4b4b1\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\bd9159951d0caa9bf5c90c44fc96661b\System.AddIn.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\edf038eef2dc9f21b13da8bdc046a834\System.AddIn.Contract.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\0ba53d547dabd039b0cfc9ce52fa6c57\sysglobl.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8bfc7a328911ae69686576bd24f4f771\SMSvcHost.ni.exe
+ 2012-02-17 08:39 . 2012-02-17 08:39 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\cc864feeea3e918e3d9790b301bb2004\PresentationFramework.Royale.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ab440c134c4d619f82ba6eab569c8fed\PresentationFramework.Luna.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e79d12dc8bede29dc337dba8d803bfa\PresentationFramework.Aero.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e6121dbd31ce6b51354b38075dc9007\PresentationFramework.Classic.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\9c808282a0cfdc5bafcb43e1778d97d6\napsnap.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\616ce317134d4225fc7eec80f9351855\napinit.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\fd2464358cddfa04f46d55b9153249e3\naphlpr.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\717cc07bafa8f50a6f87be383fa9018b\napcrypt.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a4b5d98bf175a3f10c47f223195c34b0\MSBuild.ni.exe
+ 2012-02-17 08:41 . 2012-02-17 08:41 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\04532b2b5174ca249e01a8b21d0ba6fd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5cd854d075caf8b50de3c803b4303e03\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b2438f632ab1dcbb1cb91c5a1226aaf1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d7f5b39fba028d2f9e2b3a772845a2a6\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\71542ecf96342dc1464fe471852be89a\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bafa5e2dc431bb12108395cf2e18773\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\c467a4d9eeda620e3e7602a9ecf9ae76\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe
+ 2012-02-17 08:40 . 2012-02-17 08:40 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\2ce02776e0f2f1770f4bb77e1f6d7472\MCESidebarCtrl.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe
+ 2012-02-17 08:39 . 2012-02-17 08:39 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-02-17 08:38 . 2012-02-17 08:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\105e77fbca8c5bb29988f3847b0d599f\WsatConfig.ni.exe
+ 2012-02-17 08:45 . 2012-02-17 08:45 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\86432cfe2c104106b37e8af1e283ca8e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fded83fc83794493d07f56fb49acde7d\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d12d613d70e9778063b276448c47de0d\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c728959f907d52cd35bc26eb4b6637d4\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c4c5d9e2165868bc217972a37a0e617c\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aaca4ce23adcde26a349a89246f99e20\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\911098634599aa7b968e759c319393ee\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7f3a87d5342902e6a5e8b85a3bfb0005\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7eabda61aa46dda442963bf459e88634\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e3f18b8845cfe472d40b718e0dae6bf\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56f21dc452c0a1723b1e327c4e214ef2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\49c81e82d64145f6f5e78c48afdfe566\WindowsLive.Writer.Api.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3804717be266ac7219242dd4d5eebb66\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\337a858556e37fa49fd8673a7c1c79c1\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\00644758e9f12fcb15288fc1e19f149a\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\762b8138e6e24aeb7ab2646b95fd7b03\WindowsLive.Client.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d0972fea9e965a565c3cff76982709db\UIAutomationClient.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ff345d3a2aaafb8a960c3d400e3c11a9\TaskScheduler.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\43e0731fbb58632563909f1fa5dfe063\System.Web.Routing.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\84ee5a23a20b65773686657254ea9831\System.Web.RegularExpressions.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\95f94674ddc4b1224df94bd7ae19c9ef\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4c569a365154300e49ab3450f74c2618\System.Web.Entity.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fb21c5770bc64fc4105787238842f70d\System.Web.Entity.Design.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\785e2ad4125cef423bc367b37fabb71c\System.Web.DynamicData.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\685fb72f0189330eda1d62176fb38996\System.Web.Abstractions.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2273d6ab12c9ae0d52842a84d586b8df\System.Net.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b5930434d0d624701114e014513c9041\System.Management.Instrumentation.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7651951311f9d134e6bc08be7dc9ddc7\System.IO.Log.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\eebb837dbb8e5781e448c72eeda27983\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\344d3289061b28a0f7fb19229f45bb9c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\6a6642467bcccf0345c5e9139e7fd9ae\System.Data.Services.Design.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c1cf8e31da405f07780fa7b0f28cc650\System.Data.Entity.Design.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\71400a36c8621388031e00075f2fc8e9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\47e25ae9163f4624a66f99ede0ea98fe\System.Configuration.Install.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\571bcd3c57411a09469a58c7462a4c8b\sysglobl.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\17b78ffee2144cf38f024e73b131158d\SMSvcHost.ni.exe
+ 2012-02-17 08:45 . 2012-02-17 08:45 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcb09488417e40b6f7f7737f737bbfd\PresentationFramework.Luna.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbd1929fa377b354903e37469838d9a1\PresentationFramework.Classic.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4ff6c887092d4db687441d71e2c812ff\PresentationFramework.Royale.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\62531ec9534c96e83de2bbd4edfd07e8\napsnap.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\bb49eea48fd5f546afc6d5be634d3cb9\napinit.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\6c31aace1d7b39145fe0ef94f1530e8a\naphlpr.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ac4095081957a001a6174c0b9f7f195\MSBuild.ni.exe
+ 2012-02-17 08:46 . 2012-02-17 08:46 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\bd5a72adac7a95585984d5bcce994b71\MMCFxCommon.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\928fb6b2401fffd8cc993578c3a04acd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\481b6ebea3e357f29a4ec0e8193d36d3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eda566c4dc6595779c3c9dfc359575ed\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4f6b6f33d84b7f438c3f3b66f0336d\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\951235283ff1d4a91ffaa92ea8693249\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5f7928a2ffe462f16e25f03be01966e9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2015eca4346e34310e958089b22a9c62\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6386ef67ed70f53fe6424246d256190d\Microsoft.ManagementConsole.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c8e128b5e6ceee852cb1f8c165c2177e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9795da40a8ee0bc54e91792de7422152\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\be7ad749a064283deab76fad38bf2930\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\f42105699650a206e2ae439ac54ad40a\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\886a8c3d4f00567df779318fea56f28a\mcstoredb.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\58ea1059f397ccd13d6a8d94d7be7830\EventViewer.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\9d5219961228fb5236c843ea75c69d39\ehRecObj.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\03fd7c65b1f41d9febe335f4294d96d6\ehiVidCtl.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\832b98f0578e73e8693fea7067c3d2ab\ehiProxy.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\fa383760dc46e586ae40374129164b4e\ehiExtens.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe
+ 2012-02-17 08:45 . 2012-02-17 08:45 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\39ab6b73bdbaac85b90cc561761916f7\ComSvcConfig.ni.exe
+ 2012-02-17 08:45 . 2012-02-17 08:45 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\d89086a63a9d85aa9d719d7088e5ae69\BDATunePIA.ni.dll
+ 2012-02-17 02:52 . 2011-12-16 07:54 1231360 c:\windows\SysWOW64\urlmon.dll
- 2011-12-15 09:31 . 2011-11-05 04:34 1231360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 5997568 c:\windows\SysWOW64\mshtml.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 2073600 c:\windows\SysWOW64\iertutil.dll
- 2011-12-15 09:31 . 2011-11-05 04:30 2073600 c:\windows\SysWOW64\iertutil.dll
+ 2009-07-14 04:54 . 2012-02-16 11:47 3145728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 11:47 5226496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 03:09 5226496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-15 09:31 . 2011-11-05 05:41 1188864 c:\windows\system32\wininet.dll
+ 2012-02-17 02:52 . 2011-12-16 08:47 1188864 c:\windows\system32\wininet.dll
- 2011-12-15 09:31 . 2011-11-05 05:41 1494016 c:\windows\system32\urlmon.dll
+ 2012-02-17 02:52 . 2011-12-16 08:47 1494016 c:\windows\system32\urlmon.dll
+ 2012-02-17 02:52 . 2011-12-16 08:45 9019904 c:\windows\system32\mshtml.dll
+ 2012-02-17 02:52 . 2011-12-16 08:45 2454528 c:\windows\system32\iertutil.dll
- 2011-12-15 09:31 . 2011-11-05 05:37 2454528 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-02-05 15:26 2222768 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-02-17 08:29 2222768 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-13 03:27 7115566 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-17 08:31 7115566 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-01-06 03:02 . 2012-02-12 04:06 3466924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-8192.dat
+ 2011-01-06 03:02 . 2012-02-18 14:02 3466924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3142322181-2191948835-3067763791-1000-8192.dat
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2012-02-17 02:57 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-02-17 02:57 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-02-17 02:53 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-02-17 02:55 . 2011-07-08 22:31 9990992 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-02-17 02:55 . 2011-07-08 22:31 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-02-17 02:57 . 2011-03-29 22:32 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-02-17 02:55 . 2011-07-08 22:31 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2012-02-17 02:57 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-02-17 02:57 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-02-17 02:53 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-17 02:55 . 2011-07-08 22:33 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-02-17 02:55 . 2011-07-08 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 08:07 . 2012-02-17 08:07 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-06 00:11 . 2012-01-06 00:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-06 00:11 . 2012-01-06 00:11 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 08:06 . 2012-02-17 08:06 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-06 00:12 . 2012-01-06 00:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-26 21:36 . 2011-10-26 21:36 2829312 c:\windows\Installer\a805ce.msp
+ 2012-02-17 08:11 . 2012-02-17 08:11 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\9d5feeb6727e222673d5bd89f0620ddd\WindowsBase.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\68f44d619637fac197ee6c8ac9f2aec9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ff247393a6deb90d63811aa88c84dc7e\System.Xml.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e158bd31f13cbc20f6fc7c7f426113d7\System.Xaml.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\843d0370292b7b124f9b9231f87e8e6a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\be0e793afecb54a67a688e4528676e70\System.Web.Services.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\ae3a837b63de8d3f3fc63a7bfc16589a\System.Speech.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\aec154cbfb0eec1497fb89ebd6deb344\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\80b8b6324a73493227b2672b2d6820d3\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\717540eea541a2769a6cf621fd948678\System.Runtime.Serialization.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\dc7fbde064d5710780a6b8f27554dc57\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\31c34917df5f24f1ffdd62bfa23f2fb7\System.Printing.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\15112a35e0e355fc344792e49c41628f\System.Management.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\bffc049b6775c3f6f144917a4387a0be\System.IdentityModel.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0443ad47a6be56beca12a7a13261c8ed\System.Drawing.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d94ef12e883b2354af26f19ec7e25110\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\026c74ff72ba4fce837134953778e755\System.DirectoryServices.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\e8e5fcc8e7eb9ce898be3c22e8902ee4\System.Deployment.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\8d734fe538fe6f226eab465c8d8e3d5c\System.Data.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\83aa1c4f17f57067d3be29e560331349\System.Data.SqlXml.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\6a0bcd0e756819ea795b161d2156e9a8\System.Data.Services.Client.ni.dll
+ 2012-02-17 08:15 . 2012-02-17 08:15 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\1548624d8ec5142825864c5f59be9b49\System.Data.Linq.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2672be84bcad1c772163d15db0e2864e\System.Configuration.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\228bb21cab2c9ce2f69d5e24a9352a3f\System.ComponentModel.Composition.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\36f5aa69b510e3aeb24ef402d12c20e0\System.Activities.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\7be5ac01354a0c03d5587607687de1e1\System.Activities.Presentation.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8d549e47084ec2661c944a1eeb9a2be5\System.Activities.Core.Presentation.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8d8f46afc9b2b65144f29a609f63398e\ReachFramework.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\735f127d0957bacdfe6522f0b8a2dcb0\PresentationUI.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6b82e7a7001a661cb712067b75b7c5ec\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6a21c9b7113a1bd6eddff12e138fc96b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\60ff6c1510fb0e2d70e616650eb7ae47\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2e6537fafd64c81032b0aaebb7d3180a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 08:16 . 2012-02-17 08:16 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f38dbc9d7ebe981a7c22b72dffb4a2af\Microsoft.JScript.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1cf22b5ea0ef63e71b6416a36b656b8a\Microsoft.CSharp.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
+ 2012-02-17 08:21 . 2012-02-17 08:21 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\de58d9a7cb1ebe18d9519943fb351105\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll
+ 2012-02-17 08:21 . 2012-02-17 08:21 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f0d119151e7a4d59698125eb4b4275ee\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4d39c6a77db47caf40787ec818691ded\System.Web.Services.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\572316066654286b4629c0a680a76e1b\System.Speech.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4d1a64fc317c7d5de7321ef42d9443aa\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26150ab602b494d300ae488f81dbef9b\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7aa036e91909e1bc5e1d35b673defab2\System.Runtime.Serialization.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a2011e79b6ef1c5381d110f75685008c\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\dcbff6c9c548b51344cc4ad4893646b2\System.Printing.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38b6bf7d0ee6cea88d785e52e991627c\System.IdentityModel.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94f406f804865ec1ef81acaf426e48ca\System.DirectoryServices.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d612e5ab6df30b2018730c781e979ce8\System.Deployment.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\79ff5fcb68fc0f3dce4571f8fa950a51\System.Data.SqlXml.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\6bbce53ef9b6e8b9204929342f503647\System.Data.Services.Client.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\ae45172466a99ef79ed2ab3ae5ad0ef9\System.Data.Linq.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\3d60413b16725524801275d92249169b\System.Activities.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\bb8932dfd01f4c645f9902fd703cde49\System.Activities.Presentation.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d92c6df050f16ca2610191d283d826bb\System.Activities.Core.Presentation.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6f94955023126311d6aaa840f8852023\ReachFramework.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a593524fad58317c70d237d214a25204\PresentationUI.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\70a16497eb1cc16502203fb15014fd35\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\4de0dca5c413e316f948daad4b5e2d6f\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2308d9bc9e1b4fa300140d447aa34d51\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-17 08:18 . 2012-02-17 08:18 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\38b6c0eb820c7b8ce3efb4bdfb6ba480\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\5beb57c4dedf5103ee84b16d0d269093\Microsoft.JScript.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\bc7e22b7991a4f23c6bb9e83e2241d05\Microsoft.CSharp.ni.dll
+ 2012-02-17 08:32 . 2012-02-17 08:32 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\a6d9b6658c7778345cc60fe0d9bb6e64\WindowsBase.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\dac9f71ca1332da2a359e2d07589b7e9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 08:32 . 2012-02-17 08:32 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\e04d9231de2f5d2ababdb425df670e63\System.Xml.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5571a92171f93c8a4806b9f1805f1c56\System.WorkflowServices.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\3b2e60a9cfedffc4c850f1d0ef17e5e1\System.Workflow.Runtime.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\809f0c7c2d0233f086f83b75f6aa9560\System.Workflow.ComponentModel.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f09110bd4c01129e8ef2e345e8b58920\System.Workflow.Activities.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\28c5f5bb725935286936596e3f5f4f38\System.Web.Services.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2b012fd0a270bdac848843047bb93312\System.Web.Mobile.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cf203792167bd243b057b8daf79e0d98\System.Web.Extensions.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\7f261dc1eaa3e4e0b93c44678888dd44\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\a49bc70b640e21c9bcecbd8122203283\System.Speech.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\8ef813ce3f85ea3b3f499d734ac8019e\System.ServiceModel.Web.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\8b193e216f8cf8cd74d7f63cc3ebd2d9\System.Runtime.Remoting.ni.dll
+ 2012-02-17 08:34 . 2012-02-17 08:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\1194371f7bf016fa5f5db6a6003af63e\System.Printing.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c52a4ed4a4d301b51cae24e0d0b28ac\System.Drawing.ni.dll
+ 2012-02-17 08:34 . 2012-02-17 08:34 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cc26a70ca09b5e09736df4f2f4af045a\System.DirectoryServices.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\48a91957a4b86c3bcebec68eb1471def\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6d33e51aa1dd1c4c8ac5bff1c7ad7b4b\System.Deployment.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\bc98c6a47226c05d244f7ffb07b6d6bf\System.Data.ni.dll
+ 2012-02-17 08:32 . 2012-02-17 08:32 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\134d55401aae7ef73c10ad743774127f\System.Data.SqlXml.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\2dd10ff57a987aa347518b0abfcaf8b3\System.Data.Services.ni.dll
+ 2012-02-17 08:44 . 2012-02-17 08:44 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\0177f6ff2b3faf1805b3ba63e0e20ad0\System.Data.Services.Client.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\7892bc65d0be332ab0d4f5dae01d2c3c\System.Data.OracleClient.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\dd28d55dd94fb4d1e4dca6393e4b15a4\System.Data.Linq.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\caf124d5431e8d8aba046e54a8b7dea5\System.Data.Entity.Design.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll
+ 2012-02-17 08:32 . 2012-02-17 08:32 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\da9e586395168489e96323c7cbd635a3\System.Configuration.ni.dll
+ 2012-02-17 08:34 . 2012-02-17 08:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c2b60ec84728f2a0b99f2113ed7eba37\ReachFramework.ni.dll
+ 2012-02-17 08:34 . 2012-02-17 08:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d5b793b7c0429d61e51fe917d1066df8\PresentationUI.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0618574a66f03040f765c43693bf58f6\PresentationBuildTasks.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\24f9a2d494b01bcbc6919f60a278c715\Narrator.ni.exe
+ 2012-02-17 08:42 . 2012-02-17 08:42 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8988116626390eae76ef9e492c0e2894\MMCEx.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\e05059a258a8b75d8981f29ecd9baf72\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ecc930a57b339ba3d126b05b2d756a01\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\713f3cf6037ed7047485c738934f9054\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5e550f8b6414d82551174d1dd0f8f15c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\2ec15928bc76c2a6af54ad507c513cd4\Microsoft.Ink.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll
+ 2012-02-17 08:40 . 2012-02-17 08:40 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fc939bca583ec15bf49ab2e65d2cd24f\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e471299fd6a1f0cea0af6017e6ea0d21\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7a2cac2fc756bac5e6c18d9a4124dafb\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b62656930ae253562ffec26dde0bab3\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c463ccf17b00f16ed8e60a6ba1cb46e5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\99f03be29e7f6de2f4bc278b83f0761b\System.WorkflowServices.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ee22bb1fef89981da77783c69aa1f154\System.Workflow.Runtime.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5fc69203193c26b91b068695b00bcebf\System.Workflow.ComponentModel.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e5bfe89d19b368c5eb64bdf2c3c29d7a\System.Workflow.Activities.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0eada94e6fc22ecdf69ec412fe7df0b9\System.Web.Mobile.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8ae9ee071050afc6dce19f5248817d66\System.Web.Extensions.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8e4b0ae89bdfbe3eac1b79dacef4ef79\System.Speech.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e20ce129c23781d9a8430b63edc3c24e\System.Printing.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f4d8c56c790b998bd1bb971905bfae78\System.Management.Automation.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d7621134717a86f5062dcf80206ab164\System.Data.SqlXml.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5\System.Data.Services.ni.dll
+ 2012-02-17 08:48 . 2012-02-17 08:48 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3763b8ac5fa0a96ad5100a53b10b4449\System.Data.Services.Client.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c3e0c299c00016b5ffb5006bc32dd0db\System.Data.OracleClient.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1fe993f1045190570a2c69cb32f9d62d\System.Data.Linq.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\932542a144496e3a9cb9155270fd4492\System.Data.Entity.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9f09338d4240f6ea19318665fcea008f\ReachFramework.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\10d61b241fbf27d82942eecb454105e1\PresentationUI.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2c547794ac1c167fe24904e6848d5cc\PresentationBuildTasks.ni.dll
+ 2012-02-17 08:47 . 2012-02-17 08:47 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\308236e39e3ad82c6b5bfa2d955735e3\Narrator.ni.exe
+ 2012-02-17 08:46 . 2012-02-17 08:46 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b792eec16fb24a0f73ca20e1551bfcbf\MMCEx.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\44f2bd588202e6bdacf0b867c7011057\MIGUIControls.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86fa49490bc929adf75488903f0dac4b\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\413c3be0ba8ed04984a0bb3044e0c2e0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f66392066352b804d8022664e7bf8de\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\558d4558f0857891cf0d41d818e7b490\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\09cea564f5888335ef97bd104d7e4ea6\Microsoft.JScript.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ca0dacd1a4dc23e5d7bb3e6548282b6b\Microsoft.Ink.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e566cc5fe7ad95b0a9fca152b335b551\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2b23923536c41d0fb8ab658f6c9a95c1\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b8459651fae37b63ab314350a8eff8a\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\103b0155f85ff08fc9940bd0c3aa0128\mcstore.ni.dll
+ 2012-02-17 08:46 . 2012-02-17 08:46 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\c28c1427f0691e070b77b4ad97000e4c\mcepg.ni.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-17 02:53 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-17 02:57 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-07-03 01:55 . 2010-11-05 01:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-07-03 01:55 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-17 02:57 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-17 02:57 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-17 02:55 . 2011-07-08 22:31 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:56 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 02:57 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-17 02:55 . 2011-07-08 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-07-03 01:55 . 2010-11-05 01:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 02:53 . 2012-01-04 08:59 12872704 c:\windows\SysWOW64\shell32.dll
+ 2012-02-17 02:52 . 2011-12-16 07:52 10992128 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2012-02-06 09:57 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-17 08:26 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-02-17 02:53 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2010-12-28 00:05 . 2012-02-17 08:01 54585368 c:\windows\system32\MRT.exe
+ 2012-02-17 02:52 . 2011-12-16 08:45 12263936 c:\windows\system32\ieframe.dll
+ 2012-02-17 08:04 . 2012-02-17 08:04 20333056 c:\windows\Installer\a805c6.msp
+ 2012-02-17 08:07 . 2012-02-17 08:07 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\bbcac65b1d0045229354424a7595e258\System.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\97347a1967260991cca95e94b5ba2d41\System.Windows.Forms.ni.dll
+ 2012-02-17 08:17 . 2012-02-17 08:17 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\49314ff27e3a21bbb1fb675a295f6571\System.ServiceModel.ni.dll
+ 2012-02-17 08:15 . 2012-02-17 08:15 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\78e35b4bf12ee4833ed720a490e958f2\System.Data.Entity.ni.dll
+ 2012-02-17 08:10 . 2012-02-17 08:10 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\fcefa2871c7dc4d397ff8c6f92abf0d5\System.Core.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0dddbe96a81cd6869f9643fa2809d71\PresentationFramework.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\efb6d518bb284cdc29a96068726320c0\PresentationCore.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b711fe4f8f23da12b205be1d231d4e2e\System.ServiceModel.ni.dll
+ 2012-02-17 08:20 . 2012-02-17 08:20 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\0816c3b4ab4f25931be80ef29db36024\System.Data.Entity.ni.dll
+ 2012-02-17 08:09 . 2012-02-17 08:09 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
+ 2012-02-17 08:08 . 2012-02-17 08:08 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
+ 2012-02-17 08:32 . 2012-02-17 08:32 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\d5bc322d03a6628891b1e1232c4815af\System.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\87a79dd88275c7e7536a0476f2ed79aa\System.Windows.Forms.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\3ea6f4cb8bba38f9d66275c36dd8825e\System.Web.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll
+ 2012-02-17 08:42 . 2012-02-17 08:42 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll
+ 2012-02-17 08:35 . 2012-02-17 08:35 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\0ad116b6a293e4fad1add26610df466d\System.Design.ni.dll
+ 2012-02-17 08:43 . 2012-02-17 08:43 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\00b730e56986ad4f378e420fa8606395\System.Data.Entity.ni.dll
+ 2012-02-17 08:34 . 2012-02-17 08:34 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\be975224912fc63f0398ad0c969ba144\PresentationFramework.ni.dll
+ 2012-02-17 08:33 . 2012-02-17 08:33 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0fa603af6ee814498c20f46e00e5f891\PresentationCore.ni.dll
+ 2012-02-17 08:31 . 2012-02-17 08:31 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\1d2d3e57724bcacaea5e41063dc565c1\mscorlib.ni.dll
+ 2012-02-17 08:41 . 2012-02-17 08:41 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
+ 2012-02-17 08:45 . 2012-02-17 08:45 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-05-15 53248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-05-13 326560]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-08-18 273528]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"D-Link RangeBooster G WUA-2340"="c:\program files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 riikpxoz;riikpxoz;c:\windows\system32\drivers\riikpxoz.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\ws2help32.exe [x]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [2008-05-19 954368]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 02:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"combofix"="c:\combofix\CF1659.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsdfwd
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17361210n103p0424v165r4791t236
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Alyssa\AppData\Roaming\Mozilla\Firefox\Profiles\fy3suc50.default\
FF - prefs.js: browser.startup.homepage - aol.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3142322181-2191948835-3067763791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-18 09:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-18 14:08
ComboFix2.txt 2012-02-15 02:01
ComboFix3.txt 2012-02-14 02:37
ComboFix4.txt 2012-02-13 04:01
.
Pre-Run: 545,409,462,272 bytes free
Post-Run: 545,399,652,352 bytes free
.
- - End Of File - - 40488C27DC20DB19D6B45DB4BF2057EF