Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection: Smitfraud-C.gp -- C:\Windows\svchost.exe


  • This topic is locked This topic is locked
30 replies to this topic

#1 mikmic

mikmic

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 30 August 2011 - 07:46 PM

Initial error was: "winrscmde stopped working and was closed." I noticed a process in Task Manager for SVCHost.exe with the same description. I found that this svchost.exe process is running from C:\Windows\svchost.exe which is the wrong location for this file.

Spybot labels this malware as Smitfraud-C.gp

I am unable to delete this file, even in safemode. It recreates itself within seconds of move, delete, rename or replacement of the file.

I have run HyjackThis but am not able to determine the source of the recreation.

Thank you for any help!

-=-=-=-=-


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Administrator at 20:00:25 on 2011-08-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2225 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\powrprof32.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\AuthFWGP32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
-netsvcs
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{261C0B7A-04D0-40E5-B074-2E8C3B9527ED} : DhcpNameServer = 209.18.47.61 209.18.47.62
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56323
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee64.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npagee.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npagee64.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-10 1153368]
R2 SENS32;System Event Notification Service ;C:\Windows\System32\powrprof32.exe [2011-7-14 813568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-7 79360]
S3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-3-9 1036104]
S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2007-10-19 182296]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-30 06:22:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2011-08-30 06:16:29 -------- d-----w- C:\$RECYCLE.BIN
2011-08-30 06:08:31 98816 ----a-w- C:\Windows\sed.exe
2011-08-30 06:08:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-30 06:08:31 256000 ----a-w- C:\Windows\PEV.exe
2011-08-30 06:08:31 208896 ----a-w- C:\Windows\MBR.exe
2011-08-30 06:08:17 4189688 ------r- C:\Windows\ComboFix.exe
2011-08-30 05:09:24 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-30 05:09:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-30 00:48:53 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-08-30 00:08:45 -------- d-----w- C:\ProgramData\PMB Files
2011-08-29 23:38:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-29 20:24:08 -------- d-----w- C:\Riot Games
2011-08-29 15:44:33 20480 ----a-w- C:\Windows\svchost.exe
2011-08-26 00:43:06 -------- d-----w- C:\Program Files\iPod
2011-08-26 00:43:05 -------- d-----w- C:\Program Files\iTunes
2011-08-26 00:43:05 -------- d-----w- C:\Program Files (x86)\iTunes
2011-08-24 18:46:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 18:46:54 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-09 19:45:22 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-08-09 19:45:22 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-08-09 19:45:20 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-08-09 19:45:18 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-09 19:45:17 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-09 19:45:13 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-06 16:51:29 -------- d-----w- C:\Program Files\Citrix
2011-08-02 23:45:21 -------- d-----w- C:\Users\Administrator\AppData\Local\PMB Files
.
==================== Find3M ====================
.
2011-08-24 04:10:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-14 04:03:28 813568 ----a-w- C:\Windows\SysWow64\powrprof32.exe
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:03:33.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 04 September 2011 - 06:24 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===


Please post the logs and let me know what problem persists.

#3 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 05 September 2011 - 09:15 AM

Hello and thanks for your help with this issue. I have performed the steps listed above. The file C:\windows\svchost.exe which was listed as deleted by Combofix.exe is still in the same location, and still constantly reappearing after deletion.

The error "winrscmde stopped working and was closed" still pops up constantly.

Below are the logs requested.

==========================
Combofix = C:\Combofix.txt
==========================


ComboFix 11-09-04.03 - Administrator 09/05/2011 0:19.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2372 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AuthFWGP32.exe
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{60279810-e041-4c4a-8e94-2ab474dc98df}
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{60279810-e041-4c4a-8e94-2ab474dc98df}\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{60279810-e041-4c4a-8e94-2ab474dc98df}\chrome\xulcache.jar
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{60279810-e041-4c4a-8e94-2ab474dc98df}\defaults\preferences\xulcache.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{60279810-e041-4c4a-8e94-2ab474dc98df}\install.rdf
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 04:28 . 2011-09-05 04:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 03:25 . 2011-09-05 03:25 453632 ----a-w- c:\windows\SysWow64\AuthFWGP32.dll
2011-09-04 06:31 . 2011-09-04 06:31 -------- d-----w- c:\programdata\Apple Computer
2011-08-30 09:21 . 2011-08-30 09:21 -------- d-----w- c:\programdata\Lavasoft
2011-08-30 06:22 . 2011-09-05 04:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-30 06:08 . 2011-08-30 05:45 4189688 ------r- c:\windows\ComboFix.exe
2011-08-30 05:09 . 2011-08-30 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-30 05:09 . 2011-07-19 09:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-30 05:09 . 2011-07-19 09:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-30 04:05 . 2011-08-30 04:05 -------- d-----w- c:\programdata\Apple
2011-08-30 00:48 . 2011-08-30 00:48 -------- d-----w- c:\program files (x86)\Microsoft
2011-08-30 00:08 . 2011-09-05 03:15 -------- d-----w- c:\programdata\PMB Files
2011-08-30 00:08 . 2011-08-30 00:08 -------- d-----w- c:\programdata\Logitech
2011-08-29 23:38 . 2011-08-30 00:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-29 20:24 . 2011-08-29 20:24 -------- d-----w- C:\Riot Games
2011-08-29 15:44 . 2009-10-09 21:56 20480 ----a-w- c:\windows\svchost.exe
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files\iPod
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files\iTunes
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files (x86)\iTunes
2011-08-24 18:46 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 18:46 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-09 19:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 19:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-09 19:45 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 19:45 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 19:45 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 19:45 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-06 16:51 . 2011-08-06 16:51 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 04:10 . 2011-05-25 00:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-14 04:03 . 2011-07-14 04:03 813568 ----a-w- c:\windows\SysWow64\powrprof32.exe
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-10 23:58 . 2011-06-10 23:58 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-10 23:58 . 2011-06-10 23:58 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-10 23:58 . 2011-06-10 23:58 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-10 23:58 . 2011-06-10 23:58 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-10 23:58 . 2011-06-10 23:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-10 23:58 . 2011-06-10 23:58 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-10 23:58 . 2011-06-10 23:58 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-10 23:58 . 2011-06-10 23:58 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-10 23:58 . 2011-06-10 23:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-10 23:58 . 2011-06-10 23:58 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-10 23:58 . 2011-06-10 23:58 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-10 23:58 . 2011-06-10 23:58 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-10 23:58 . 2011-06-10 23:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-10 23:58 . 2011-06-10 23:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-10 23:58 . 2011-06-10 23:58 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-10 23:58 . 2011-06-10 23:58 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-10 23:58 . 2011-06-10 23:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-10 23:58 . 2011-06-10 23:58 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-10 23:58 . 2011-06-10 23:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-10 23:58 . 2011-06-10 23:58 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-10 23:58 . 2011-06-10 23:58 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-10 23:58 . 2011-06-10 23:58 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-10 23:58 . 2011-06-10 23:58 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-10 23:58 . 2011-06-10 23:58 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-10 23:58 . 2011-06-10 23:58 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-10 23:58 . 2011-06-10 23:58 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-10 23:58 . 2011-06-10 23:58 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 23:58 . 2011-06-10 23:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-10 23:58 . 2011-06-10 23:58 448512 ----a-w- c:\windows\system32\html.iec
2011-06-10 23:58 . 2011-06-10 23:58 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-10 23:58 . 2011-06-10 23:58 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-10 23:58 . 2011-06-10 23:58 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-10 23:58 . 2011-06-10 23:58 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-10 23:58 . 2011-06-10 23:58 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-10 23:58 . 2011-06-10 23:58 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-10 23:58 . 2011-06-10 23:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-30_06.16.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-08-30 01:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-03 03:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-03 03:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-08-30 01:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-03 03:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-08-30 01:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-05 04:36 54108 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-09-05 04:36 72410 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-26 19:05 . 2011-09-05 04:36 18664 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1391375188-340967920-528662790-500_UserData.bin
+ 2011-04-06 20:48 . 2011-04-06 20:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
- 2011-04-13 02:16 . 2011-04-13 02:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-08-10 07:05 . 2011-08-10 07:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5e66ba90ab2f24317ca76582f3ea3948\UIAutomationProvider.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c42639bd8c7c7855c4d11be1f0ccdf97\System.Windows.Presentation.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\3be20b4f9e9df41aaea426041f4f410a\System.Web.ApplicationServices.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3bea7a34d24b4dc1e3925b0b9bc9d45b\System.ServiceModel.Channels.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\882adb9ad5e9b434ef926193f595e757\System.AddIn.Contract.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7ee890ba3e1869ab04930948df453d3f\Microsoft.VisualC.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll
- 2011-08-10 07:09 . 2011-08-10 07:09 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\09f46722269da16f1a6d1abbb580d7ed\Microsoft.VisualC.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\09f46722269da16f1a6d1abbb580d7ed\Microsoft.VisualC.ni.dll
- 2011-08-10 07:09 . 2011-08-10 07:09 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\957ce139305f26be16614e23afa899a7\Accessibility.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\957ce139305f26be16614e23afa899a7\Accessibility.ni.dll
- 2011-08-10 07:24 . 2011-08-10 07:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a6485a160959fbed092dc2ddbed3509e\UIAutomationProvider.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a6485a160959fbed092dc2ddbed3509e\UIAutomationProvider.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b350a5cb539f16b07028cfa6483ee886\PresentationFontCache.ni.exe
- 2011-08-10 07:40 . 2011-08-10 07:40 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b350a5cb539f16b07028cfa6483ee886\PresentationFontCache.ni.exe
- 2011-08-10 07:40 . 2011-08-10 07:40 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\4a2a3e502cc441c97350acf5c3dacc4e\PresentationCFFRasterizer.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\4a2a3e502cc441c97350acf5c3dacc4e\PresentationCFFRasterizer.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\78704655584ce2fd27a6c39573f6f36a\napcrypt.ni.dll
- 2011-08-10 07:24 . 2011-08-10 07:24 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\78704655584ce2fd27a6c39573f6f36a\napcrypt.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\018450526569962d4bb24564143c50f6\Microsoft.WSMan.Runtime.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\018450526569962d4bb24564143c50f6\Microsoft.WSMan.Runtime.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\748a5063c67235044f516d4c2c5f090a\Microsoft.Vsa.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\748a5063c67235044f516d4c2c5f090a\Microsoft.Vsa.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll
- 2011-08-10 07:22 . 2011-08-10 07:22 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\09f4fc8e36b2012a5f3cb0a9d23b9e20\Microsoft.Build.Framework.ni.dll
- 2011-08-10 07:23 . 2011-08-10 07:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\09f4fc8e36b2012a5f3cb0a9d23b9e20\Microsoft.Build.Framework.ni.dll
- 2011-08-10 07:23 . 2011-08-10 07:23 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\b7dc08f390f95b199da497bba999b5dc\ehiUserXp.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\b7dc08f390f95b199da497bba999b5dc\ehiUserXp.ni.dll
- 2011-08-10 07:23 . 2011-08-10 07:23 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\710e9691861b597505a63f2b29e4d7d2\dfsvc.ni.exe
+ 2011-09-05 04:11 . 2011-09-05 04:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\710e9691861b597505a63f2b29e4d7d2\dfsvc.ni.exe
- 2011-08-10 07:22 . 2011-08-10 07:22 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
+ 2011-09-05 04:34 . 2011-09-05 04:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-30 06:16 . 2011-08-30 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 04:34 . 2011-09-05 04:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-30 06:16 . 2011-08-30 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-05 04:27 . 2011-09-05 04:27 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1a890e72269abe36365d861bca8fca70\System.Xml.Serialization.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\e335cdfdb3e46fb0f75cb2ce83dabf48\dfsvc.ni.exe
+ 2009-10-16 10:45 . 2011-09-03 03:37 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-10-16 10:45 . 2011-08-30 01:08 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 12:46 . 2011-09-05 04:02 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-05 04:02 103964 c:\windows\system32\perfc009.dat
- 2010-05-14 22:50 . 2011-08-30 05:14 254496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-14 22:50 . 2011-09-05 04:28 254496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-06 20:48 . 2011-04-06 20:48 236880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
- 2011-04-13 02:16 . 2011-04-13 02:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-04-06 21:45 . 2011-04-06 21:45 260448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
- 2010-03-18 18:27 . 2010-03-18 18:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 916312 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 191840 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-05-17 13:27 . 2011-05-17 13:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 915800 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpftxt_x86.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1b8d986036465b9f0db4fbaf8876ad72\WindowsFormsIntegration.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7b9037ad1952bc81a382b2fcddd8320a\UIAutomationTypes.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\08b935a4ef1b64faec4e9739db313298\UIAutomationClient.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0f5813c19bc6dc46e87c6beafb97d525\System.Xml.Linq.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8681ad3f75515a261e7980d01ac5fa2e\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5314989a2066877016eaac44f927092c\System.Transactions.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\b784695a620842be9b660769dd43c898\System.ServiceProcess.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8671670b07fb8597048ef4aae0a5ede4\System.ServiceModel.Routing.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e8452df7471e5ba24ca642b4c4e1ef37\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bbc34aac73481fc04fe9b7aff9927437\System.Runtime.Remoting.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\0db265c571d2baf9c46511b9955fa7c4\System.Net.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\5539ada158b0520c68ab8cbaa6dab8b2\System.Messaging.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\89a46fc2fa698580fd2fa81df5cd020a\System.Management.Instrumentation.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e022b746f10ca855a632ff405f7f1259\System.IO.Log.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\a6518b3baf1d987d831c5fc1b295306d\System.IdentityModel.Selectors.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a0ced4a2cbd6aa8f9cf2a28b641e0300\System.Dynamic.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8227f92f9e71e619b541050995617717\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6ec8651192262a0732c9c187486e9fb9\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\1652ce31226964496c1d5b5b4f69277e\System.Device.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\5b1934fc32b50e5a42a64999d0b27112\System.Data.DataSetExtensions.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\7a2a83b1625f100331691f44b6e9c3ab\System.Configuration.Install.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\eb22b58fc80ef55a2879bd6f121e9989\System.ComponentModel.Composition.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a3084fbf0204cd93a9d1e8722774f0b7\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\6254a35e295c52224f7bdc9e5ac9c81f\System.AddIn.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b905c99ccccb248a7653fabe4b55b09\System.Activities.DurableInstancing.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\51bdfe23e8b22bbed5fabfed9371b5b0\SMSvcHost.ni.exe
+ 2011-09-05 04:25 . 2011-09-05 04:25 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef32e2d63c908a8e4b21b30b2debcd03\SMDiagnostics.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ac6b30fb021fe513bc7f5eb98874ab98\PresentationFramework.Royale.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ab273e4606367562d98caf792f366523\PresentationFramework.Classic.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\08ffd91342eb8f789914456a3a0d29dd\PresentationFramework.Luna.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\43eb12b6198092efc2b8a030ace2e3f2\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\da0ae911ee95f4e67660e8e584ca8e7b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8bd0bb7822eb2d50cb4c1a82a7f934e8\CustomMarshalers.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b433e4de6804ce087c2c5827efc8feff\System.Transactions.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b433e4de6804ce087c2c5827efc8feff\System.Transactions.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\9191aa60b79eda0c7df35784e1986195\System.Security.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\9191aa60b79eda0c7df35784e1986195\System.Security.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.Wrapper.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\c392ae5019176660dd3e81503ede7bb4\ComSvcConfig.ni.exe
- 2011-08-10 07:41 . 2011-08-10 07:41 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\c392ae5019176660dd3e81503ede7bb4\ComSvcConfig.ni.exe
+ 2011-09-05 04:27 . 2011-09-05 04:27 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\b8a793412f4ae385b0e6bc97f2afc1ff\BDATunePIA.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\b8a793412f4ae385b0e6bc97f2afc1ff\BDATunePIA.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4393f39e7dcd910521a93a5a588fa1c5\WsatConfig.ni.exe
+ 2011-09-05 04:25 . 2011-09-05 04:25 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4393f39e7dcd910521a93a5a588fa1c5\WsatConfig.ni.exe
+ 2011-09-05 04:25 . 2011-09-05 04:25 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\64e6bc21d6554252e53e87c04a70a04d\WindowsFormsIntegration.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\64e6bc21d6554252e53e87c04a70a04d\WindowsFormsIntegration.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\96031e87be161842765531e37a996df6\UIAutomationTypes.ni.dll
- 2011-08-10 07:24 . 2011-08-10 07:24 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\96031e87be161842765531e37a996df6\UIAutomationTypes.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ec050b2f1ddc5f3023e9bc7375f90a1d\UIAutomationClient.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ec050b2f1ddc5f3023e9bc7375f90a1d\UIAutomationClient.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8db6e879e71858d2995390526368262e\TaskScheduler.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8db6e879e71858d2995390526368262e\TaskScheduler.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3ea90d05680ed6259ccb21f12cce70fb\System.Web.RegularExpressions.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3ea90d05680ed6259ccb21f12cce70fb\System.Web.RegularExpressions.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a62d68943088191659432dbe33669f2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a62d68943088191659432dbe33669f2\System.Runtime.Serialization.Formatters.Soap.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6db17e040b1104fa9a9760c88c67b862\System.Messaging.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6db17e040b1104fa9a9760c88c67b862\System.Messaging.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\06bcbb2f0b2de5bc7ebc92f7c2028181\System.IO.Log.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\06bcbb2f0b2de5bc7ebc92f7c2028181\System.IO.Log.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2ba816b41a3f13685fd28d2ad50970ec\System.IdentityModel.Selectors.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2ba816b41a3f13685fd28d2ad50970ec\System.IdentityModel.Selectors.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\29cbe2999c5c4d9b16ce0942323075fc\System.Drawing.Design.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\29cbe2999c5c4d9b16ce0942323075fc\System.Drawing.Design.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\10dea0183eb6ff30200d910dc34b872b\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\10dea0183eb6ff30200d910dc34b872b\System.DirectoryServices.Protocols.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c3cfe8388734152100ff476350fb3ddb\System.Configuration.Install.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c3cfe8388734152100ff476350fb3ddb\System.Configuration.Install.ni.dll
- 2011-08-10 07:25 . 2011-08-10 07:25 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\7879c86ded9fabda3e3285420ab3a406\sysglobl.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\7879c86ded9fabda3e3285420ab3a406\sysglobl.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\878ab210235309095edcd2565987503e\SMSvcHost.ni.exe
- 2011-08-10 07:40 . 2011-08-10 07:40 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\878ab210235309095edcd2565987503e\SMSvcHost.ni.exe
+ 2011-09-05 04:11 . 2011-09-05 04:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\c0e48084525f817b13d79d7d2dec52cc\ServiceModelReg.ni.exe
- 2011-08-10 07:40 . 2011-08-10 07:40 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\c0e48084525f817b13d79d7d2dec52cc\ServiceModelReg.ni.exe
+ 2011-09-05 04:24 . 2011-09-05 04:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a51a17cc3195c47d97be3f387f86c462\PresentationFramework.Luna.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a51a17cc3195c47d97be3f387f86c462\PresentationFramework.Luna.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4aa958d331158aa1c46b80468c842a34\PresentationFramework.Classic.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4aa958d331158aa1c46b80468c842a34\PresentationFramework.Classic.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0159274c97a3fa4d942e6b4e321b6a54\PresentationFramework.Royale.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0159274c97a3fa4d942e6b4e321b6a54\PresentationFramework.Royale.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\6849e7e884c97c0b8c9601539c0e093f\napsnap.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\6849e7e884c97c0b8c9601539c0e093f\napsnap.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\abace0d3ea5d15d57cac11c1bbcd0952\napinit.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\abace0d3ea5d15d57cac11c1bbcd0952\napinit.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\4dad5608f35eaa140c6eae43f1f2ea6c\naphlpr.ni.dll
- 2011-08-10 07:24 . 2011-08-10 07:24 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\4dad5608f35eaa140c6eae43f1f2ea6c\naphlpr.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\2c18cdf3808acb8ecb484b9f2940f0b3\MMCFxCommon.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\2c18cdf3808acb8ecb484b9f2940f0b3\MMCFxCommon.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\c3b4602f861bbf8a77d16be1a16017b7\Microsoft.WSMan.Management.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\c3b4602f861bbf8a77d16be1a16017b7\Microsoft.WSMan.Management.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cf693d9799ee92ab0dc4ad51719842f9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cf693d9799ee92ab0dc4ad51719842f9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7de5db00e81689537057130e3fa9d5b\Microsoft.PowerShell.Commands.Management.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7de5db00e81689537057130e3fa9d5b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 728576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\88c598a0d82917b01380d3c9450e2691\Microsoft.PowerShell.GraphicalHost.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83306689d48575a50d4d84b27a63146b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83306689d48575a50d4d84b27a63146b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c32a2335dc8481175cbef33ee90c8dd\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c32a2335dc8481175cbef33ee90c8dd\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\767b4b96bb9ae9630bcb460fab12d2b0\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\767b4b96bb9ae9630bcb460fab12d2b0\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb189e9d53d02b3d63c3828c0463cc12\Microsoft.MediaCenter.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb189e9d53d02b3d63c3828c0463cc12\Microsoft.MediaCenter.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6ef5be72dab25ea6491e4a6891aa1457\Microsoft.ManagementConsole.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6ef5be72dab25ea6491e4a6891aa1457\Microsoft.ManagementConsole.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b316d7ba730f523a2ec12d9c5f4b73b6\Microsoft.Build.Utilities.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b316d7ba730f523a2ec12d9c5f4b73b6\Microsoft.Build.Utilities.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e9af947dc6d2428c521ac653b21b8668\Microsoft.Build.Engine.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e9af947dc6d2428c521ac653b21b8668\Microsoft.Build.Engine.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\ce072aeecd1c5d0ae54fd0fce46f52e0\EventViewer.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\ce072aeecd1c5d0ae54fd0fce46f52e0\EventViewer.ni.dll
- 2011-08-10 07:23 . 2011-08-10 07:23 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\9e98d7dcfeb34bbf6d2ea0e711b3ae4f\ehiExtens.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\9e98d7dcfeb34bbf6d2ea0e711b3ae4f\ehiExtens.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\b54654928cb5eabb468d19a32ae75d32\ehExtHost32.ni.exe
+ 2011-09-05 04:11 . 2011-09-05 04:11 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\b54654928cb5eabb468d19a32ae75d32\ehExtHost32.ni.exe
+ 2011-09-05 04:11 . 2011-09-05 04:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\798dad8e1b1dae489aa30b4341bcdba7\CustomMarshalers.ni.dll
- 2011-08-10 07:23 . 2011-08-10 07:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\798dad8e1b1dae489aa30b4341bcdba7\CustomMarshalers.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\147a04caf482e4d4082582a7698883e4\ComSvcConfig.ni.exe
- 2011-08-10 07:39 . 2011-08-10 07:39 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\147a04caf482e4d4082582a7698883e4\ComSvcConfig.ni.exe
+ 2011-04-06 21:45 . 2011-04-06 21:45 1221464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpftxt_v0400.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 1221464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpftxt_v0400.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 21:45 . 2011-04-06 21:45 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 1368920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 6428520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-06 21:45 . 2011-04-06 21:45 3824480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2011-04-06 21:45 . 2011-04-06 21:45 3235656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
+ 2011-04-06 20:48 . 2011-04-06 20:48 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 6097256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 3116376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 1354584 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
- 2011-04-13 02:16 . 2011-04-13 02:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 1454416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 1514840 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 1511240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-05-17 14:08 . 2011-05-17 14:08 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2011-04-13 02:16 . 2011-04-13 02:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 2261832 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2011-04-06 20:48 . 2011-04-06 20:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2011-04-06 20:48 . 2011-04-06 20:48 1354584 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-05-17 13:27 . 2011-05-17 13:27 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-05 04:03 . 2011-09-05 04:03 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-08-10 07:05 . 2011-08-10 07:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-05 04:02 . 2011-09-05 04:02 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 1221464 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpftxt_amd64.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_x86.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 2153816 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_amd64.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_amd64.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_amd64.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 3453792 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e6474cae2445440fccb0e62e689e6c22\UIAutomationClientsideProviders.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a216205660fa7dabec6af4a7c52956ee\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\40c543317017c549c3d17d714c3cf1fc\System.Web.Services.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\86d3010efe01e554be5b8cd680fcfe2a\System.Speech.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f37365c0acb4b409a486f3aa4512a03e\System.ServiceModel.Discovery.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a53b7bb4838c656363b29f79f708a0f0\System.ServiceModel.Activities.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\33b886ae33f78b046f90bda3dde2688e\System.Runtime.Serialization.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\5c659e2195f712d6638b8536da384cda\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0751e44f42a603bfe153a4bbd124f62f\System.Printing.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e1acefba94c07ca77d751b68bc3e33d3\System.IdentityModel.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\be3d47a08a8e4118e75e31a402259409\System.DirectoryServices.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\864c2fd53f879fcd5f9b335cf49a66b4\System.Deployment.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\80bdabbd69127228408b96ca23460389\System.Data.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ec8c58572e78fa5fc63bb8b29ed7481a\System.Data.SqlXml.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\04f451f2d493483696f852bdce8c36e0\System.Data.Services.Client.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8a671058b35f625fb958ff2228fbc9cf\System.Data.Linq.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c527fa8c447a9edfeb14eeaf4af0a742\System.Activities.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\5be7a4e9c92dff127c74c0d744b3f523\System.Activities.Presentation.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\1871f74f0a94ec1d26071dcc872d4189\System.Activities.Core.Presentation.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\5d8782e167084ab1fced20b86cfb26e2\ReachFramework.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de59faecd59acbc6caabecbd8efbbb50\PresentationUI.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce05202cabbee87cda0b3df2e56a6b20\Microsoft.VisualBasic.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\899c60052ad7e741dc444017cc907ca8\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0adf14e7c198b3e2a634e53a23ddad7b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4376863f8deba766befd5d8e41316a91\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2ceaa7403e2bdea36367a0a67d972f03\Microsoft.JScript.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\55726d96df2a370794eb1a18253c4647\System.Xml.ni.dll
- 2011-08-10 07:36 . 2011-08-10 07:36 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\55726d96df2a370794eb1a18253c4647\System.Xml.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ccb9d0e917993cef0ecfebfcbcb08a5f\System.Web.Services.ni.dll
- 2011-08-10 07:42 . 2011-08-10 07:42 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ccb9d0e917993cef0ecfebfcbcb08a5f\System.Web.Services.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1417e3a586572bba058fc1b147932ed5\System.Runtime.Remoting.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1417e3a586572bba058fc1b147932ed5\System.Runtime.Remoting.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.ni.dll
- 2011-08-10 07:36 . 2011-08-10 07:36 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ece8747d21e40443e5c2228818711917\System.Drawing.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ece8747d21e40443e5c2228818711917\System.Drawing.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e08075670461b361f7ab19764a2a65f0\System.DirectoryServices.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e08075670461b361f7ab19764a2a65f0\System.DirectoryServices.ni.dll
- 2011-08-10 07:36 . 2011-08-10 07:36 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\44fbadec39cc1727a2eb1952bfa34f8a\System.Data.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\44fbadec39cc1727a2eb1952bfa34f8a\System.Data.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d432627b67fa9a643f11a2ca01beaf32\System.Data.SqlXml.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d432627b67fa9a643f11a2ca01beaf32\System.Data.SqlXml.ni.dll
+ 2011-09-05 04:04 . 2011-09-05 04:04 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll
- 2011-08-10 07:35 . 2011-08-10 07:35 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\2d8a18ff1b0b4029fcea093444920fd2\System.Configuration.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\2d8a18ff1b0b4029fcea093444920fd2\System.Configuration.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e0b47647df7bf34058ed16ae08b5d36f\UIAutomationClientsideProviders.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e0b47647df7bf34058ed16ae08b5d36f\UIAutomationClientsideProviders.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
+ 2011-09-05 04:06 . 2011-09-05 04:06 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\0a68b4ec7c418cbe25f02f0f0dc43666\System.Workflow.Runtime.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5734cc1ce5f85aca912fd92584f3b3a7\System.Workflow.ComponentModel.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5734cc1ce5f85aca912fd92584f3b3a7\System.Workflow.ComponentModel.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32aeeece2a23ac0ef310b99c941b6d39\System.Workflow.Activities.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32aeeece2a23ac0ef310b99c941b6d39\System.Workflow.Activities.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d7f692ee424e8847828383ddbbf278eb\System.Web.Mobile.ni.dll
+ 2011-09-05 04:25 . 2011-09-05 04:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d7f692ee424e8847828383ddbbf278eb\System.Web.Mobile.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\4fe82e4b4223298eae15d094a32f9298\System.Speech.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\4fe82e4b4223298eae15d094a32f9298\System.Speech.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\92bcdd721183b527543af031f307d31f\System.Printing.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\92bcdd721183b527543af031f307d31f\System.Printing.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8e2ea4d70513035f74a9604fa511754b\System.Management.Automation.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8e2ea4d70513035f74a9604fa511754b\System.Management.Automation.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e7a30fe59a12045d837f4ebaf83fc222\System.DirectoryServices.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e7a30fe59a12045d837f4ebaf83fc222\System.DirectoryServices.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc9e5e32218f8a3d2f21d89511335713\System.Deployment.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc9e5e32218f8a3d2f21d89511335713\System.Deployment.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
+ 2011-09-05 04:10 . 2011-09-05 04:10 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\9ecfa46a2c92f6493f030b02966f0ced\System.Data.OracleClient.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\9ecfa46a2c92f6493f030b02966f0ced\System.Data.OracleClient.ni.dll
+ 2011-09-05 04:06 . 2011-09-05 04:06 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\045ff9d980dcb3ffeac2a0868161215e\System.Core.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\045ff9d980dcb3ffeac2a0868161215e\System.Core.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b0d7aa182cb0028c92896d58ef4529da\ReachFramework.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b0d7aa182cb0028c92896d58ef4529da\ReachFramework.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7d6eba2dd1fabc7539b153845b95afa9\PresentationUI.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7d6eba2dd1fabc7539b153845b95afa9\PresentationUI.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7ad481b1a2b26bd253f0befb765b2cf1\PresentationBuildTasks.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7ad481b1a2b26bd253f0befb765b2cf1\PresentationBuildTasks.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\25fc1b1a3f51770139156021ba97251f\Narrator.ni.exe
- 2011-08-10 07:40 . 2011-08-10 07:40 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\25fc1b1a3f51770139156021ba97251f\Narrator.ni.exe
+ 2011-09-05 04:24 . 2011-09-05 04:24 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\3398454f934691efb9798bb493d2f440\MMCEx.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\3398454f934691efb9798bb493d2f440\MMCEx.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\5c89b0298570e4d1a8443ccb7aca4a1e\MIGUIControls.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\5c89b0298570e4d1a8443ccb7aca4a1e\MIGUIControls.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\031dada967314b31703307bd10697079\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\031dada967314b31703307bd10697079\Microsoft.Transactions.Bridge.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b008b1b107c6ccdb8ab234437713b3fa\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b008b1b107c6ccdb8ab234437713b3fa\Microsoft.PowerShell.GPowerShell.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\602fed46db569c67500d5d6b00abaeeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\602fed46db569c67500d5d6b00abaeeb\Microsoft.PowerShell.Commands.Utility.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d659bc7dce6e73b36f5bb6ed60caccf\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d659bc7dce6e73b36f5bb6ed60caccf\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ddf5b45effdcc461ade1bebf18397ed\Microsoft.MediaCenter.UI.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ddf5b45effdcc461ade1bebf18397ed\Microsoft.MediaCenter.UI.ni.dll
- 2011-08-10 07:40 . 2011-08-10 07:40 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f7c07195d1967d7cc102fa4e8a8b9251\Microsoft.JScript.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f7c07195d1967d7cc102fa4e8a8b9251\Microsoft.JScript.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\6f69588091b002fc0e8fc5682daf77af\Microsoft.Ink.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\6f69588091b002fc0e8fc5682daf77af\Microsoft.Ink.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\251635230ec27ea672ef0bfd1db926c2\Microsoft.Build.Tasks.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\251635230ec27ea672ef0bfd1db926c2\Microsoft.Build.Tasks.ni.dll
- 2006-11-02 12:33 . 2011-08-24 18:46 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2011-09-05 04:33 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2010-05-14 22:50 . 2011-08-30 05:14 18247312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1391375188-340967920-528662790-500-12288.dat
+ 2010-05-14 22:50 . 2011-09-05 04:28 18247312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1391375188-340967920-528662790-500-12288.dat
+ 2011-05-19 03:06 . 2011-05-19 03:06 38672896 c:\windows\Installer\125c16.msp
+ 2011-09-05 04:19 . 2011-09-05 04:19 11010048 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2011-09-05 04:04 . 2011-09-05 04:04 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\5034d5e3f1bf120d9e61e72be6b9b013\System.ni.dll
+ 2011-09-05 04:04 . 2011-09-05 04:04 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\8f7f691aa155c11216387cf3420d9d1b\mscorlib.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll
+ 2011-09-05 04:27 . 2011-09-05 04:27 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\56df5c322f32e926eb46047f65d0a357\System.ServiceModel.ni.dll
+ 2011-09-05 04:26 . 2011-09-05 04:26 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\093195c829c13c7ad35cb3ad43b52b6a\System.Data.Entity.ni.dll
+ 2011-09-05 04:06 . 2011-09-05 04:06 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll
+ 2011-09-05 04:05 . 2011-09-05 04:05 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
+ 2011-09-05 04:04 . 2011-09-05 04:04 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\b008f0ff2d87b56ea30f138e32aec2eb\System.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\b008f0ff2d87b56ea30f138e32aec2eb\System.ni.dll
+ 2011-09-05 04:28 . 2011-09-05 04:28 15225856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\9f87d3f915300b5051f29bf76b3c1874\System.Web.ni.dll
- 2011-08-10 07:41 . 2011-08-10 07:41 15225856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\9f87d3f915300b5051f29bf76b3c1874\System.Web.ni.dll
- 2011-08-10 07:07 . 2011-08-10 07:07 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\ee787c7dd39d956a9fdeddc8b5fde80e\mscorlib.ni.dll
+ 2011-09-05 04:04 . 2011-09-05 04:04 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\ee787c7dd39d956a9fdeddc8b5fde80e\mscorlib.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll
- 2011-08-10 07:39 . 2011-08-10 07:39 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll
- 2011-08-10 07:34 . 2011-08-10 07:34 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7217cd3af229159188896c01174b11f9\System.Design.ni.dll
+ 2011-09-05 04:11 . 2011-09-05 04:11 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7217cd3af229159188896c01174b11f9\System.Design.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll
+ 2011-09-05 04:24 . 2011-09-05 04:24 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll
+ 2011-09-05 04:12 . 2011-09-05 04:12 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll
- 2011-08-10 07:33 . 2011-08-10 07:33 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll
+ 2011-09-05 04:06 . 2011-09-05 04:06 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
- 2011-08-10 07:08 . 2011-08-10 07:08 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\125bf5.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{08860670-DB9A-4998-A376-94C1940D63Af}]
2011-09-05 03:25 453632 ----a-w- c:\windows\SysWOW64\AuthFWGP32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 jxnrzfag;jxnrzfag;c:\windows\system32\drivers\jxnrzfag.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-08 79360]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-13 1036104]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 182296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 408072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 2091016]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 3842056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56323
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0D114130-58E7-42B9-B2DA-09E9C5E3B895}"=hex:51,66,7a,6c,4c,1d,38,12,5e,42,02,
09,d5,16,d7,07,cd,cc,4a,a9,c0,bd,fc,81
"{0F2EEAAC-C821-401C-818B-58FBAA1BB9FE}"=hex:51,66,7a,6c,4c,1d,38,12,c2,e9,3d,
0b,13,86,72,05,fe,9d,1b,bb,af,45,fd,ea
"{0DCA98AD-3EE0-41F3-B853-E73C32158EE7}"=hex:51,66,7a,6c,4c,1d,38,12,c3,9b,d9,
09,d2,70,9d,04,c7,45,a4,7c,37,4b,ca,f3
"{0E8559D6-E8DC-418C-AA6B-57E8ED67AB41}"=hex:51,66,7a,6c,4c,1d,38,12,b8,5a,96,
0a,ee,a6,e2,04,d5,7d,14,a8,e8,39,ef,55
"{08860670-DB9A-4998-A376-94C1940D63AF}"=hex:51,66,7a,6c,4c,1d,38,12,1e,05,95,
0c,a8,95,f6,0c,dc,60,d7,81,91,53,27,bb
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
08,9b,b8,eb,0a,b8,95,b0,17,8f,69,f8,d6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
cb,73,f4,33,0b,a1,77,d6,65,c2,82,cd,bc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,14,
ef,6c,9c,46,06,a2,38,dc,a9,2a,91,10,16
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fb,
ad,53,92,b8,59,a1,ee,4a,e0,ca,4d,f0,1a
"{112469F7-63E3-4915-832F-B77B748E644A}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,76,35,
01,d5,33,7d,01,9e,2c,fd,3b,77,c9,21,5f
"{0F2EEAAC-C821-401C-818B-58FBAA1BB9FE}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,f5,3f,
1f,17,98,74,08,9c,88,12,bb,a9,5c,fc,eb
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:00,71,60,4e,36,31,cc,01
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,76,83,22,39,0a,8c,49,92,3f,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,76,83,22,39,0a,8c,49,92,3f,3d,\
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\powrprof32.exe
c:\programdata\AuthFWGP32.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-09-05 00:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 04:40
ComboFix2.txt 2011-08-30 06:22
.
Pre-Run: 175,378,456,576 bytes free
Post-Run: 175,227,994,112 bytes free
.
- - End Of File - - 3B64824D1D8D5D639BFDD5B53AB73C57





==========================
System Check - checkup.txt
==========================

Results of screen317's Security Check version 0.99.18
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 27
Adobe Flash Player 10.3.183.5
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 05 September 2011 - 10:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.




Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\SysWOW64\AuthFWGP32.dll

FireFox::
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56323
FF - prefs.js: network.proxy.type - 0

Driver::
jxnrzfag

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{08860670-DB9A-4998-A376-94C1940D63Af}]


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Lets check further on the C:\Windows\svchost.exe issue.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs and let me know if the issue persists.

#5 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 05 September 2011 - 12:18 PM

I performed the three steps listed above. I did not click fix after running aswMBR, just save log. TDSSKiller did find a root kit. All logs are below.

C:\Windows\svchost.exe is still present, awaiting further instructions before taking any action.

==========================
Combofix = C:\Combofix.txt
==========================

ComboFix 11-09-05.03 - Administrator 09/05/2011 12:28:35.5.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2441 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\AuthFWGP32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\SysWOW64\AuthFWGP32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jxnrzfag
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 16:35 . 2011-07-14 04:03 813568 ----a-w- c:\programdata\AuthFWGP32.exe
2011-09-05 16:34 . 2011-09-05 16:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-05 16:34 . 2011-09-05 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 06:31 . 2011-09-04 06:31 -------- d-----w- c:\programdata\Apple Computer
2011-08-30 09:21 . 2011-08-30 09:21 -------- d-----w- c:\programdata\Lavasoft
2011-08-30 06:08 . 2011-09-05 16:25 4195009 ----a-r- c:\windows\ComboFix.exe
2011-08-30 05:09 . 2011-08-30 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-30 05:09 . 2011-07-19 09:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-30 05:09 . 2011-07-19 09:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-30 04:05 . 2011-08-30 04:05 -------- d-----w- c:\programdata\Apple
2011-08-30 00:48 . 2011-08-30 00:48 -------- d-----w- c:\program files (x86)\Microsoft
2011-08-30 00:08 . 2011-09-05 16:21 -------- d-----w- c:\programdata\PMB Files
2011-08-30 00:08 . 2011-08-30 00:08 -------- d-----w- c:\programdata\Logitech
2011-08-29 23:38 . 2011-08-30 00:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-29 20:24 . 2011-08-29 20:24 -------- d-----w- C:\Riot Games
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files\iPod
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files\iTunes
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files (x86)\iTunes
2011-08-24 18:46 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 18:46 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-09 19:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 19:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-09 19:45 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 19:45 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 19:45 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 19:45 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-06 16:51 . 2011-08-06 16:51 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 04:10 . 2011-05-25 00:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-14 04:03 . 2011-07-14 04:03 813568 ----a-w- c:\windows\SysWow64\powrprof32.exe
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-10 23:58 . 2011-06-10 23:58 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-10 23:58 . 2011-06-10 23:58 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-10 23:58 . 2011-06-10 23:58 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-10 23:58 . 2011-06-10 23:58 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-10 23:58 . 2011-06-10 23:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-10 23:58 . 2011-06-10 23:58 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-10 23:58 . 2011-06-10 23:58 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-10 23:58 . 2011-06-10 23:58 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-10 23:58 . 2011-06-10 23:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-10 23:58 . 2011-06-10 23:58 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-10 23:58 . 2011-06-10 23:58 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-10 23:58 . 2011-06-10 23:58 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-10 23:58 . 2011-06-10 23:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-10 23:58 . 2011-06-10 23:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-10 23:58 . 2011-06-10 23:58 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-10 23:58 . 2011-06-10 23:58 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-10 23:58 . 2011-06-10 23:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-10 23:58 . 2011-06-10 23:58 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-10 23:58 . 2011-06-10 23:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-10 23:58 . 2011-06-10 23:58 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-10 23:58 . 2011-06-10 23:58 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-10 23:58 . 2011-06-10 23:58 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-10 23:58 . 2011-06-10 23:58 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-10 23:58 . 2011-06-10 23:58 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-10 23:58 . 2011-06-10 23:58 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-10 23:58 . 2011-06-10 23:58 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-10 23:58 . 2011-06-10 23:58 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 23:58 . 2011-06-10 23:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-10 23:58 . 2011-06-10 23:58 448512 ----a-w- c:\windows\system32\html.iec
2011-06-10 23:58 . 2011-06-10 23:58 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-10 23:58 . 2011-06-10 23:58 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-10 23:58 . 2011-06-10 23:58 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-10 23:58 . 2011-06-10 23:58 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-10 23:58 . 2011-06-10 23:58 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-10 23:58 . 2011-06-10 23:58 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-10 23:58 . 2011-06-10 23:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-05_04.34.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-09-03 03:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-05 09:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-03 03:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-05 09:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-03 03:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-05 09:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 15:45 . 2011-09-05 16:38 72418 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-26 19:05 . 2011-09-05 16:38 18688 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1391375188-340967920-528662790-500_UserData.bin
+ 2008-07-30 03:49 . 2008-07-30 03:49 87040 c:\windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 43008 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:49 . 2008-07-30 03:49 40960 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 95224 c:\windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 78856 c:\windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 41984 c:\windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 41992 c:\windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 41992 c:\windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:49 . 2008-07-30 03:49 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2011-09-05 04:55 . 2011-09-05 04:55 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\ed59e15a2a29d02c59dc383215cc85fc\System.Xml.Serialization.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\1a9bcef8abe20b3c0d53c535d680350f\System.Windows.Presentation.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\0ee56d53077b281408cbf186e80ab175\System.Web.ApplicationServices.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\d53f3bf7a26f69ae3ad77f6732ebf9cf\System.AddIn.Contract.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\fbc331d848cf65928cc84de68eba079f\Microsoft.VisualC.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\c551f53c6da4e594269e79636aef9f62\dfsvc.ni.exe
+ 2011-09-05 04:50 . 2011-09-05 04:50 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\28f42eb8dddc9fd54d468171a8d2461d\Accessibility.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\00539d6e9bd5e7456bdbc98a47ab995c\System.Windows.Presentation.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\77e310c7ad8dd72ffc2bb041cb8b2844\System.Web.DynamicData.Design.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\5038a4070cfc72e23a191ab4ba38c477\stdole.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\151ac6b026e8ca585e0dfd1ce33e8ecb\PresentationFontCache.ni.exe
+ 2011-09-05 04:49 . 2011-09-05 04:49 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\b81308b591d239f587cc0e113d43fa35\PresentationCFFRasterizer.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\ec097538108aed5ed52aace1e4579f91\Microsoft.WSMan.Runtime.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\8856fca280c8ecf7d1f798ed5a66dff1\ehiExtCOM.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\071f35122c0c83d4791f7d7a5f2ae4a1\ehExtCOM.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\be7de592b7f3c30299328ddff449db59\dfsvc.ni.exe
+ 2011-09-05 07:06 . 2011-09-05 07:06 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3b0d2893e72d3baf1e67bcdb0b8737cf\System.Windows.Presentation.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\f02fc02350dad1da369a9c200b8ef277\System.Web.DynamicData.Design.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\37cff04b1ba772743292372b797c28f6\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\971463f91825692f7cd123b2a3af721b\System.AddIn.Contract.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9c6b098a9a7ee64cc4ff276a7babb0da\Microsoft.Build.Framework.ni.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 43008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 81920 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-09-05 16:36 . 2011-09-05 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-05 04:34 . 2011-09-05 04:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 16:36 . 2011-09-05 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-05 04:34 . 2011-09-05 04:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-30 03:49 . 2008-07-30 03:49 5632 c:\windows\Microsoft.NET\Framework64\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2009-10-16 10:45 . 2011-09-03 03:37 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-16 10:45 . 2011-09-05 09:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 12:46 . 2011-09-05 04:02 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-05 14:07 604264 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-09-05 04:02 103964 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-09-05 14:07 103964 c:\windows\system32\perfc009.dat
+ 2010-05-14 22:50 . 2011-09-05 16:35 254496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-14 22:50 . 2011-09-05 04:28 254496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-07-30 03:49 . 2008-07-30 03:49 283144 c:\windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe
+ 2008-07-30 03:49 . 2008-07-30 03:49 729088 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:47 . 2008-07-30 03:47 225490 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:49 . 2008-07-30 03:49 233976 c:\windows\Microsoft.NET\Framework64\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:49 . 2008-07-30 03:49 168448 c:\windows\Microsoft.NET\Framework64\v3.5\1033\cscompui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-12-13 14:02 . 2008-12-13 14:02 802816 c:\windows\Installer\86abbf.msp
+ 2011-09-05 04:55 . 2011-09-05 04:55 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d3536aadcda3bf1628fd5cb912f0d4df\WindowsFormsIntegration.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\0bbce3d1912c29cdb65f7c7bfdfd8a01\UIAutomationTypes.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\65616f4785226d28371ccf809e213fa6\UIAutomationProvider.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd62d82bb2e0ebe93c68c701a281d204\UIAutomationClient.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\70a6db2664fa1f7e996c58f81f63754d\System.Xml.Linq.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\321d4a33b1363649a45f47f8fbc107c9\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\fbffd4e050d2e397f5b51bcbede33326\System.Transactions.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\41a328f3f1e01dd6d6c45ec27dfb8d12\System.ServiceProcess.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8a3044d7b76d748396c01aec083a1b01\System.ServiceModel.Routing.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4288f4e2ad790e4510344567c092ca68\System.ServiceModel.Channels.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\481e4462ee5dbf73d7f92d14505eabca\System.Security.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ea6aa98aa92eb1c27130599616cd48\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\e01521d8c282ad1e79f9c8334cd4baef\System.Runtime.Remoting.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\0615b26e34fbb01ff661b827e8d80c97\System.Numerics.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\836b59a54e74d2a9350d9dbcbee44e7d\System.Net.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e530f9f49dcc8196f1333f65d9e17a51\System.Messaging.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\ca30070d69a7575b9b3637fde765b533\System.Management.Instrumentation.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\1af1dc859f12d724d15c2f8ac01b7d84\System.IO.Log.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\a236c6b9a7fa2dd99f840ffedb685464\System.IdentityModel.Selectors.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.Wrapper.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\d0cb2f5412272538eead0de22ee232c1\System.Dynamic.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\87240375600b6608957d4877632deacd\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\22c569ca3bf7de3f386881fdaaefcf5c\System.Device.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\848a93911e91183c5833abac3c19b8c7\System.Data.DataSetExtensions.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\9ef51cbff9a0a281683413ff85bdc67e\System.Configuration.Install.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e5886d887164c57e7bbcff9eace93aff\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a618c2c8cd6669a1f562d583de816049\System.AddIn.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c06a32f20b3a8c40bb9ee4caaa7f791f\System.Activities.DurableInstancing.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\898051ff62d86ecbb43c730672a5ce01\SMSvcHost.ni.exe
+ 2011-09-05 04:52 . 2011-09-05 04:52 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\2b6fb4f3fe65c3384cd588c84d5f426a\SMDiagnostics.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e7d3ae8b894e645f195435b0d0cca3d5\PresentationFramework.Luna.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9faf962dcc325fbdecde08f2b4b4de12\PresentationFramework.Classic.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\89a56671c51182608a36ddabf7f11579\PresentationFramework.Aero.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1144c8dd74e20a85a56ea12af48cc763\PresentationFramework.Royale.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\78dbb63ddb830c7b67915373a26a64cb\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2c6b57b8d66eb686e39af125a7b9cd3f\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4b8193e798a848470e64c71f71a230a4\CustomMarshalers.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\5f6a5d0fd18e43b62272d501e4cecc4b\WsatConfig.ni.exe
+ 2011-09-05 04:50 . 2011-09-05 04:50 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f055886146673a35518ee749c53f0417\WindowsFormsIntegration.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\4587969f21341220dc17747f280477b2\UIAutomationTypes.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\ff10a07c2b72a66edbe6f45f91d17769\UIAutomationProvider.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\9ec639af32b36d056d5044de48a51fbf\UIAutomationClient.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\0ee32f3917dd39d4a7f4e52314b9157e\TaskScheduler.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\483ebadfe1f658e95b87a934cdd6cf8e\System.Xml.Linq.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\d9d826b4fd018549cd3a168f1f6d5b2a\System.Web.Routing.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\f2602c5bcb6c2065db8329f1f7f32ae1\System.Web.RegularExpressions.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a10e7f0563cc1dac037b3d87b9220337\System.Web.Entity.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\32a96bbcb70b3c6e9713c904c79a3df6\System.Web.Entity.Design.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\91c0ec3d4c6700d3db1627c1c53c81f0\System.Web.DynamicData.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\22e583697dbb5510101fab4aa5d18254\System.Web.Abstractions.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\fb509de55bc82e23c862dcd0a8823eb8\System.ServiceProcess.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0d1187c395060f06d84e4c398e7729e2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\2505633b5679bba3e3da53db79616c62\System.Net.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\32d484a0a6db3c92f0e593a958dc265a\System.Messaging.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\a445650911635ffcedceaa5759e96c83\System.Management.Instrumentation.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\b4d997aeba03b77e5d09f9eabd3e7ffb\System.IO.Log.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\e327689326341f4d7656ff743c939838\System.IdentityModel.Selectors.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\1049a906d8aeb09b7cf608ed4670b48a\System.Drawing.Design.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\495ff50306c8f7ca33e6407b4660ade5\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\b68168596944761a8a1613929f26ecd8\System.Data.Services.Design.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\376e4579a8a9a6075b329e4414db7e30\System.Data.DataSetExtensions.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\41852b2f76b9a3883be55cd39268339b\System.Configuration.Install.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\3684f5079f82b87759efed87ecb52c11\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\4e4ecc6b61f0e2a39ddfdae3ada992b0\System.AddIn.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\eebfb193348c4ee09fde0f55897153ef\System.AddIn.Contract.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\88aeb9f3b7d6a8124f470a41a904d42a\sysglobl.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\c2ae3ebf99c837d022aaafafc6cd04fd\SMSvcHost.ni.exe
+ 2011-09-05 04:46 . 2011-09-05 04:46 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\37cadb80dab6954ac815ad5530032508\SMDiagnostics.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\383e793a6af09df130b14f96138aaa54\ServiceModelReg.ni.exe
+ 2011-09-05 04:49 . 2011-09-05 04:49 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c2b971104c296416bb15eb458ec5f7c9\PresentationFramework.Aero.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a9367ed6263e99440976427a650a86bc\PresentationFramework.Classic.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a46418abae39bda36af970a351a8cd23\PresentationFramework.Luna.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5571660610f416a16f101e9dc615328d\PresentationFramework.Royale.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\64af7da17fc9439d2c8f23d34feb260b\napsnap.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\336c6eca608a2bd0f07760aa73fc1dca\napinit.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\e1b9bb0c83dd8cac30d87fdfd7166756\naphlpr.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fa472bf1f8f24c6ed281ed4dcd9d6571\napcrypt.ni.dll
+ 2011-09-05 07:03 . 2011-09-05 07:03 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\3fed3dfbbe1d477a86b5c5685e98bee1\MSBuild.ni.exe
+ 2011-09-05 04:47 . 2011-09-05 04:47 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\407d27837b8ecea3b66bdbd280586e5d\MMCFxCommon.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\a340bab4c167d4ed8abeee6ce5685772\Microsoft.WSMan.Management.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\8378df092aebbb9e875f3daeb073b345\Microsoft.Vsa.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\fed874427d329b3843becb214c2cbb24\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\df75eeffbe8172f901c0f995f9d86205\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b0be0bdc2b41922fc436aaf40fbcc943\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\626377739fe928133c5759b150ff933b\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\201551dfa891ef2533b4f6961f158b53\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\848c9da3e69048629734e47234788a7d\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\643b81852e3d9761f609db2d2d149e6f\Microsoft.MediaCenter.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3009e8d27d0662799fcde4a99cfaa62c\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\7bccb8455ab63acd2fd36dbb6348b77a\Microsoft.ManagementConsole.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f62d326919623ec6e0ab3f835aedb3f5\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\9f583d5c7de9d6469697e822dbabe645\Microsoft.Build.Utilities.ni.dll
+ 2011-09-05 07:03 . 2011-09-05 07:03 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\5cca853a01d7873f5d763de8677b8482\Microsoft.Build.Framework.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\14790d6818b2c3722b3877caf007a418\Microsoft.Build.Framework.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\a65a7ff52cef80cd25d5f7a08be30bde\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\656fee71cea5bce92f762df631ecebeb\Mcx2Dvcs.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\46247732b2fdb4edb0f30f8c25dd14a4\mcupdate.ni.exe
+ 2011-09-05 04:47 . 2011-09-05 04:47 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\933b32ca7ef1bab5c3c846d1e8498b52\mcstoredb.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\f542b6731c25678aa81fafe1e59292e4\mcstore.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\a4a6d5566946a8bf38b3b17446cf1f58\loadmxf.ni.exe
+ 2011-09-05 04:47 . 2011-09-05 04:47 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\a85ee567ab2608b4a0e926600b56b0ab\EventViewer.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\2fcc1a9e9d1562a68bc676f4a9821f38\ehiWUapi.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\14701ef3387cf0a95c98bb1e4ceae0da\ehiwmp.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\00922b3ff2116a38b97469cc4b405573\ehiUserXp.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\ec0aa4c11ed3aefcae02eb38f86231cd\ehiReplay.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\aecbd2f45aa74ee3f57dc277e9d8343f\ehiExtens.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\7f3e720ebf0164673c94202b8e51c119\ehExtHost.ni.exe
+ 2011-09-05 04:47 . 2011-09-05 04:47 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\d9c6f79562e7618065e4e22446500a02\ehepgdat.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\3261cad9c1981ebf952370ebb267f46f\ehCIR.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\44e83cf4ba00700dec4e6d9364daa7b1\CustomMarshalers.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d3e1b40454b27a1f8d6a32654b7e57db\System.Xml.Linq.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\ebe085fa59b43b6c179dcf159348a2c4\System.Web.Routing.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\197446492bef27cd265a35f42ce83ced\System.Web.Extensions.Design.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\49e2688a29ccb44f3ce982cd80dac4a5\System.Web.Entity.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\34edc4c83a6958b6fa707386e51359ea\System.Web.Entity.Design.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\12216d05df1ae01145fd5310a07a62d0\System.Web.DynamicData.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\12da8d5708a0cf1c5c5ae02d1394880a\System.Web.Abstractions.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\7754d47296d9201c1856c41637b8a911\System.Net.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\c652c85e33a636d688b848cd5b39d7c4\System.Management.Instrumentation.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ed84c038dbce9cab34496f5dbd10b12\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bea25c80a05c3ec58f4cfa4f5047dfc3\System.Data.Services.Client.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ac6798f7b52c9ae389574ac01caa520f\System.Data.Services.Design.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\315d103465e4f181b6a1a81edfdd8b70\System.Data.Entity.Design.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\429c6372db169d1867f5892d351a4a14\System.Data.DataSetExtensions.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\0d00826b5faadbfc192c3679e5ab30cf\System.AddIn.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f1f2f55a0427a355d4bfde947a4a1546\MSBuild.ni.exe
+ 2011-09-05 07:05 . 2011-09-05 07:05 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9cf468a79e3c6ef33976415b4854ecc2\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\e9e6ed1e90de7f57500f137fcf429f0b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\ea3acb2fc7a8433efd09d63f6ff5bb5b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 479232 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 491520 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 729088 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 638976 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-09-05 07:00 . 2011-09-05 07:00 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2008-07-30 03:49 . 2008-07-30 03:49 2362872 c:\windows\Microsoft.NET\Framework64\v3.5\vbc.exe
+ 2008-07-30 03:56 . 2008-07-30 03:56 1124352 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:49 . 2008-07-30 03:49 2290680 c:\windows\Microsoft.NET\Framework64\v3.5\csc.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2011-09-05 07:01 . 2011-09-05 07:01 1120256 c:\windows\Installer\86abb1.msi
+ 2011-09-05 04:51 . 2011-09-05 04:51 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\2b21f937d40320cabc3c85c031db88d8\WindowsBase.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d14a6bf514550fdc219f580348599c58\UIAutomationClientsideProviders.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\8e4323f5bfb90be4621456033d8b404b\System.Xml.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\2a3c95561c3de429c3c0e7a53a920c45\System.Xaml.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\b346685f479e27aadce1793789333bfb\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\4ee71342f3eadce770c5b227e0e72015\System.Web.Services.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\7211feffc35222c34e5d6b9e97f1c009\System.Speech.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e449cb587c51f7bec5fcff8964844151\System.ServiceModel.Activities.ni.dll
+ 2011-09-05 04:55 . 2011-09-05 04:55 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5af78d8b92c4a0b7f90dd99a8742c565\System.ServiceModel.Discovery.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\2c3f2f005761a596bf9e7262b76735a3\System.Runtime.Serialization.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\d850328fdb0d5b403f2b4a7752ec43da\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\35bb0262c48890be46a1861b63bed32d\System.Printing.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\73c6deea16d8ee87e65156bb9ef90e0b\System.Management.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\6d8ec822ecf54529d04b1342aef58dd3\System.IdentityModel.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0237eaa2a9c71060227e6d310a887c07\System.Drawing.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\8440779374dcb4d650179a61139684b0\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1b6321bae09adccce41aedcd91fcea9b\System.DirectoryServices.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\f0cadc34a72bbfb06158ee14e3f3b97d\System.Deployment.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\20d5aeb1486af05bd5885e431e8cf531\System.Data.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\84e0e94c07d03148371aad1c9212daba\System.Data.SqlXml.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c66f4672f3f96cac1796475fc53084f7\System.Data.Services.Client.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\f985d985539603a521e6051cbef283d7\System.Data.Linq.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\d17a133036827281e02df99161f83199\System.Configuration.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\87cacc996ae318f4bd1e126f8271b8c1\System.ComponentModel.Composition.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\6f46271408743437680ef855e26ba561\System.Activities.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\b5dc8079f2701e3cf6a139deca5c0982\System.Activities.Presentation.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\bb930355f9bcc3bc388397471ae88492\System.Activities.Core.Presentation.ni.dll
+ 2011-09-05 04:53 . 2011-09-05 04:53 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8df1ec785fb8923566f2ce612f108cee\ReachFramework.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\944136b49e38259ce517a6fe3e71fa4d\PresentationUI.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f35f1a86bb6cdfc3547ff815dddfa629\Microsoft.VisualBasic.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b915c536f129912ec5b50a187d663103\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\7caaf5543210b5383267ef450c2173f7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\41248e69f60429253a19267620bd5dcd\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\a266703ae4763423c8e41fd9e375bf76\Microsoft.JScript.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\db2aa89dbd68dddefe47c70b35c045cf\Microsoft.CSharp.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4481dd92332b45019023338cf615a630\WindowsBase.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\45a7a0e9cfca734aa0aacec24cf58c6a\UIAutomationClientsideProviders.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\0c53724752b6912479128ea7cc02f6f6\System.WorkflowServices.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\fd1e02085a6aecb0dabeaea2db00b1e4\System.Workflow.Runtime.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\64e5f32fafa7178f2cb1a16371969ea2\System.Workflow.ComponentModel.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\cac06ca4c93cbf95921be63b8c09ee44\System.Workflow.Activities.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\5bbe971da5ecbe05c515c6f8c4f4e896\System.Web.Mobile.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\5982cc1baf50005b2755d9dfc760a164\System.Web.Extensions.Design.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 3042816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\00544074de694e312da19b71cb9fba47\System.Web.Extensions.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\4a9449b7e5a9e2cb569b5960f83215bd\System.Speech.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\d5bf740e717e072d898535a051d5c662\System.ServiceModel.Web.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8f2756757122d8e810e54ad9a6a9b934\System.Runtime.Serialization.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\5e6c150a1bfdb5ad172d939f41e4b1d5\System.Printing.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\1ce66c0c7c84321e850250fe7e89a6d7\System.Management.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\2fc69556c19f1018463627e8691bfac2\System.IdentityModel.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\465aaeb3843fddc00825724c467ba928\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\532040f56e2606c200cc8ea93d678fdb\System.Deployment.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\dc74cdf82d4c527716c0876d2a694de4\System.Data.Services.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a5bb5f5edd376d88a883a6c492f6b0b4\System.Data.Services.Client.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\4dbca3549ccd921fe1737fefdeb16e59\System.Data.OracleClient.ni.dll
+ 2011-09-05 07:02 . 2011-09-05 07:02 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\95d92aba141d0560112a6aa34512efe4\System.Data.Linq.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\773aa09083074b4b6ec4412117562ddf\System.Data.Entity.Design.ni.dll
- 2011-09-05 04:04 . 2011-09-05 04:04 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll
+ 2011-09-05 07:02 . 2011-09-05 07:02 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\14ae2040aa87410b5a2f932260423510\ReachFramework.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\de9f5fb58d639cac800701ca9443d21a\PresentationUI.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\05e1fb5e6b68eba9db5e8831b0eaa4f2\PresentationBuildTasks.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\3e805eee7e658fb9d2f94711ea769bb3\Narrator.ni.exe
+ 2011-09-05 04:49 . 2011-09-05 04:49 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\0ef6ee25c2aeab72acbbee9a0207ae76\MMCEx.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\9bf16ef26005c399e46d9ff70c6ba0f2\MIGUIControls.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\9a4e215c8cb20a6638d114e84840e491\Microsoft.VisualBasic.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\7962020dd38abe36bfa49ba3e081cceb\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9bb1e0baeddcd1ff6d4225493f99363a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7977aa15ef526aa517a7d39f1ad1eaa3\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3f6af47aae50d64bf3823fd2d5cb8e7c\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0dea2cad63e23249fc20d63a79047947\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6d3ccbb2ad5726656c7cce38d947462\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\69f3a2caef03aa1802dbf72889d44277\Microsoft.JScript.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\f3e97852244f77a0524e6902b59a7386\Microsoft.Ink.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1682b069fc1fd9a6c81257a16a8af255\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\077f3aa04081b94d8f8e785947d26b5e\Microsoft.Build.Tasks.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8b3186906166d0e1ce1db762ac594598\Microsoft.Build.Engine.ni.dll
+ 2011-09-05 07:03 . 2011-09-05 07:03 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6864d3b75b5cbe1abc7a63fab84493bd\Microsoft.Build.Engine.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\18d26ff1dc354d212e8fe28b2365cab5\ehRecObj.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\0a25c2bbadeb72e06aa2802c467882af\ehiVidCtl.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\520d978bf705fe2387d818ee69e2fe43\ehiProxy.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\406ac64462bcc8db7d2a5364c355de25\ehiPlay.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\1730bf5a48bb393bc6d8bd60f00ce27b\ehepg.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cb4f77127908a815e9288162fa0153d1\System.WorkflowServices.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1b28fd95e1e00429e4b7b4bb1e4c8b9c\System.Web.Extensions.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b7cb3b19dcaa531aba322afa9ea2ce75\System.ServiceModel.Web.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d09008a7155891e7f521ce175cef05ca\System.Data.Services.ni.dll
+ 2011-09-05 07:03 . 2011-09-05 07:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1e810a1e96c671534217557954e7c999\System.Data.Linq.ni.dll
+ 2011-09-05 07:06 . 2011-09-05 07:06 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2e9a7977c1be792554d57c8ecd0e6d87\System.Data.Entity.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cf25827006f4021a68411e023afa3b2c\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-05 07:05 . 2011-09-05 07:05 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e7e696376682ecf6d7a5522757ca790b\Microsoft.Build.Engine.ni.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-09-05 07:01 . 2011-09-05 07:01 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2006-11-02 12:33 . 2011-09-05 16:34 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-09-05 04:33 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-05-14 22:50 . 2011-09-05 16:35 18463088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1391375188-340967920-528662790-500-12288.dat
+ 2011-09-05 16:34 . 2011-09-05 16:34 11010048 c:\windows\ERDNT\subs\schema.dat
- 2011-09-05 04:19 . 2011-09-05 04:19 11010048 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2011-09-05 04:19 . 2011-09-05 16:26 11010048 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2011-09-05 04:53 . 2011-09-05 04:53 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\65c3e4d26ac857162658b81b1efffb19\System.Windows.Forms.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\48ed28e415c976c7adfb2c5ceeaeedb2\System.ServiceModel.ni.dll
+ 2011-09-05 04:54 . 2011-09-05 04:54 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\529f1a1a0f3e9e994eb3356b55924f3c\System.Data.Entity.ni.dll
+ 2011-09-05 04:50 . 2011-09-05 04:50 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\3c24931e3b4e97b6b49c4d459ba8c552\System.Core.ni.dll
+ 2011-09-05 04:52 . 2011-09-05 04:52 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0abeeb299ca73f7afc5312a00e0bf22\PresentationFramework.ni.dll
+ 2011-09-05 04:51 . 2011-09-05 04:51 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\de5aaef4bd369972fea5ba6ff7d3e264\PresentationCore.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\db6376c76598554f7daee0e8accba1e6\System.Windows.Forms.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\e1c770109a7a73190440f600bcf205ee\System.ServiceModel.ni.dll
+ 2011-09-05 04:48 . 2011-09-05 04:48 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\9fc8a6b51c78cdcbb9ac8c1a4fcde9e0\System.Management.Automation.ni.dll
+ 2011-09-05 04:46 . 2011-09-05 04:46 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\65bc655515d76c3b195cbc59cc9c033d\System.Design.ni.dll
+ 2011-09-05 07:04 . 2011-09-05 07:04 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\640116247a8de50592526f7dead06015\System.Data.Entity.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0663fb78a637caeb02ad253e76cdfd80\PresentationFramework.ni.dll
+ 2011-09-05 04:49 . 2011-09-05 04:49 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\fc3d6eb248aee0bbcd2f8c686f73df78\PresentationCore.ni.dll
+ 2011-09-05 04:47 . 2011-09-05 04:47 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\bb249c873f8577188d3922a092b8fa09\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-13 669936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-08 79360]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-13 1036104]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 182296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 408072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 2091016]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 3842056]
"combofix"="c:\combofix\CF20317.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0D114130-58E7-42B9-B2DA-09E9C5E3B895}"=hex:51,66,7a,6c,4c,1d,38,12,5e,42,02,
09,d5,16,d7,07,cd,cc,4a,a9,c0,bd,fc,81
"{0F2EEAAC-C821-401C-818B-58FBAA1BB9FE}"=hex:51,66,7a,6c,4c,1d,38,12,c2,e9,3d,
0b,13,86,72,05,fe,9d,1b,bb,af,45,fd,ea
"{0DCA98AD-3EE0-41F3-B853-E73C32158EE7}"=hex:51,66,7a,6c,4c,1d,38,12,c3,9b,d9,
09,d2,70,9d,04,c7,45,a4,7c,37,4b,ca,f3
"{0E8559D6-E8DC-418C-AA6B-57E8ED67AB41}"=hex:51,66,7a,6c,4c,1d,38,12,b8,5a,96,
0a,ee,a6,e2,04,d5,7d,14,a8,e8,39,ef,55
"{08860670-DB9A-4998-A376-94C1940D63AF}"=hex:51,66,7a,6c,4c,1d,38,12,1e,05,95,
0c,a8,95,f6,0c,dc,60,d7,81,91,53,27,bb
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
08,9b,b8,eb,0a,b8,95,b0,17,8f,69,f8,d6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
cb,73,f4,33,0b,a1,77,d6,65,c2,82,cd,bc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,14,
ef,6c,9c,46,06,a2,38,dc,a9,2a,91,10,16
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fb,
ad,53,92,b8,59,a1,ee,4a,e0,ca,4d,f0,1a
"{112469F7-63E3-4915-832F-B77B748E644A}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,76,35,
01,d5,33,7d,01,9e,2c,fd,3b,77,c9,21,5f
"{0F2EEAAC-C821-401C-818B-58FBAA1BB9FE}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,f5,3f,
1f,17,98,74,08,9c,88,12,bb,a9,5c,fc,eb
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:00,71,60,4e,36,31,cc,01
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,76,83,22,39,0a,8c,49,92,3f,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,76,83,22,39,0a,8c,49,92,3f,3d,\
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\powrprof32.exe
c:\programdata\AuthFWGP32.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-09-05 12:42:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 16:42
ComboFix2.txt 2011-09-05 04:40
ComboFix3.txt 2011-08-30 06:22
.
Pre-Run: 173,847,801,856 bytes free
Post-Run: 173,246,464,000 bytes free
.
- - End Of File - - E5C41256089727D222959F14A73F515B


==========================
aswMBR - aswMBR.txt
==========================

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 12:42:29
-----------------------------
12:42:29.933 OS Version: Windows x64 6.0.6002 Service Pack 2
12:42:29.933 Number of processors: 4 586 0x170A
12:42:29.933 ComputerName: MIKE-PC UserName:
12:42:31.461 Initialize success
12:42:55.921 AVAST engine defs: 11090500
12:44:04.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
12:44:04.407 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
12:44:04.410 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000052
12:44:04.412 Disk 1 Vendor: SAMSUNG_ ZH10 Size: 76293MB BusType: 8
12:44:04.413 Device \Driver\nvstor -> MajorFunction fffffa80063365c0
12:44:06.415 Disk 0 MBR read successfully
12:44:06.417 Disk 0 MBR scan
12:44:06.420 Disk 0 Windows VISTA default MBR code
12:44:06.422 Service scanning
12:44:09.537 Modules scanning
12:44:09.539 Disk 0 trace - called modules:
12:44:09.542 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80063365c0]<<
12:44:09.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f31790]
12:44:09.547 3 CLASSPNP.SYS[fffffa6000dcec33] -> nt!IofCallDriver -> [0xfffffa8004cbe300]
12:44:09.550 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\00000051[0xfffffa8004cbe630]
12:44:09.552 \Driver\nvstor[0xfffffa80062d4450] -> IRP_MJ_CREATE -> 0xfffffa80063365c0
12:44:11.299 AVAST engine scan C:\Windows
12:44:17.349 AVAST engine scan C:\Windows\system32
12:46:30.252 AVAST engine scan C:\Windows\system32\drivers
12:46:45.868 AVAST engine scan C:\Users\Administrator
12:59:19.085 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
13:00:52.654 AVAST engine scan C:\ProgramData
13:00:52.985 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]
13:05:30.488 Scan finished successfully
13:07:10.082 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
13:07:10.085 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"





==========================
TDSSKiller - TDSSKiller.2.5.18.0_05.09.2011_13.07.31_log
==========================

2011/09/05 13:07:31.0461 2136 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 13:07:31.0668 2136 ================================================================================
2011/09/05 13:07:31.0668 2136 SystemInfo:
2011/09/05 13:07:31.0668 2136
2011/09/05 13:07:31.0669 2136 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/05 13:07:31.0669 2136 Product type: Workstation
2011/09/05 13:07:31.0669 2136 ComputerName: MIKE-PC
2011/09/05 13:07:31.0669 2136 UserName: Administrator
2011/09/05 13:07:31.0669 2136 Windows directory: C:\Windows
2011/09/05 13:07:31.0669 2136 System windows directory: C:\Windows
2011/09/05 13:07:31.0669 2136 Running under WOW64
2011/09/05 13:07:31.0669 2136 Processor architecture: Intel x64
2011/09/05 13:07:31.0669 2136 Number of processors: 4
2011/09/05 13:07:31.0669 2136 Page size: 0x1000
2011/09/05 13:07:31.0669 2136 Boot type: Normal boot
2011/09/05 13:07:31.0669 2136 ================================================================================
2011/09/05 13:07:32.0577 2136 Initialize success
2011/09/05 13:07:39.0569 3672 ================================================================================
2011/09/05 13:07:39.0569 3672 Scan started
2011/09/05 13:07:39.0569 3672 Mode: Manual;
2011/09/05 13:07:39.0569 3672 ================================================================================
2011/09/05 13:07:41.0406 3672 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/09/05 13:07:41.0499 3672 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/09/05 13:07:41.0539 3672 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/09/05 13:07:41.0568 3672 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/09/05 13:07:41.0597 3672 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/09/05 13:07:41.0867 3672 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/09/05 13:07:41.0914 3672 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/09/05 13:07:41.0945 3672 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/09/05 13:07:41.0994 3672 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/09/05 13:07:42.0011 3672 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/09/05 13:07:42.0036 3672 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/09/05 13:07:42.0096 3672 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
2011/09/05 13:07:42.0157 3672 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/09/05 13:07:42.0193 3672 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/09/05 13:07:42.0216 3672 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 13:07:42.0274 3672 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/09/05 13:07:42.0343 3672 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/09/05 13:07:42.0390 3672 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 13:07:42.0407 3672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/05 13:07:42.0423 3672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/09/05 13:07:42.0461 3672 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/09/05 13:07:42.0478 3672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/09/05 13:07:42.0499 3672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/05 13:07:42.0519 3672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/09/05 13:07:42.0537 3672 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/09/05 13:07:42.0567 3672 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 13:07:42.0596 3672 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 13:07:42.0629 3672 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/09/05 13:07:42.0662 3672 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/09/05 13:07:42.0694 3672 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 13:07:42.0709 3672 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/09/05 13:07:42.0729 3672 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/05 13:07:42.0805 3672 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
2011/09/05 13:07:42.0913 3672 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 13:07:43.0153 3672 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/09/05 13:07:43.0224 3672 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 13:07:43.0267 3672 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 13:07:43.0300 3672 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/09/05 13:07:43.0353 3672 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/09/05 13:07:43.0418 3672 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/09/05 13:07:43.0444 3672 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/09/05 13:07:43.0490 3672 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/09/05 13:07:43.0532 3672 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 13:07:43.0570 3672 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 13:07:43.0593 3672 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 13:07:43.0625 3672 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 13:07:43.0651 3672 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 13:07:43.0692 3672 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 13:07:43.0726 3672 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 13:07:43.0749 3672 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/05 13:07:43.0822 3672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/05 13:07:43.0878 3672 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 13:07:43.0955 3672 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/05 13:07:43.0994 3672 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/09/05 13:07:44.0017 3672 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/09/05 13:07:44.0049 3672 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/05 13:07:44.0080 3672 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/09/05 13:07:44.0119 3672 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 13:07:44.0166 3672 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/09/05 13:07:44.0203 3672 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/05 13:07:44.0233 3672 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/09/05 13:07:44.0265 3672 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/09/05 13:07:44.0298 3672 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/09/05 13:07:44.0356 3672 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 13:07:44.0405 3672 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 13:07:44.0467 3672 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/05 13:07:44.0490 3672 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/05 13:07:44.0530 3672 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/09/05 13:07:44.0568 3672 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 13:07:44.0607 3672 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/05 13:07:44.0633 3672 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/09/05 13:07:44.0664 3672 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/09/05 13:07:44.0689 3672 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/05 13:07:44.0728 3672 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/05 13:07:44.0797 3672 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 13:07:44.0823 3672 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/09/05 13:07:44.0864 3672 Lbd (e23ad25e81b043ca66f1c7eed3111dfc) C:\Windows\system32\DRIVERS\Lbd.sys
2011/09/05 13:07:44.0887 3672 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 13:07:44.0906 3672 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/05 13:07:44.0938 3672 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/05 13:07:45.0001 3672 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/05 13:07:45.0024 3672 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/09/05 13:07:45.0092 3672 LVcKap64 (c7039d97dcd940aba7cdf2074de828ca) C:\Windows\system32\DRIVERS\LVcKap64.sys
2011/09/05 13:07:45.0167 3672 LVMVDrv (5ac4cd0e92449213e338cd1cbcb0fb7a) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/09/05 13:07:45.0222 3672 LVPr2M64 (8d53fe6ddd9855189a823c2a6a99a65f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/09/05 13:07:45.0285 3672 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\drivers\LVUSBS64.sys
2011/09/05 13:07:45.0310 3672 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/09/05 13:07:45.0344 3672 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/09/05 13:07:45.0380 3672 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/09/05 13:07:45.0419 3672 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 13:07:45.0434 3672 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/05 13:07:45.0447 3672 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 13:07:45.0464 3672 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 13:07:45.0498 3672 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/09/05 13:07:45.0524 3672 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 13:07:45.0554 3672 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/05 13:07:45.0580 3672 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 13:07:45.0645 3672 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 13:07:45.0729 3672 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 13:07:45.0759 3672 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 13:07:45.0779 3672 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/09/05 13:07:45.0804 3672 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 13:07:45.0839 3672 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 13:07:45.0855 3672 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 13:07:45.0902 3672 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 13:07:45.0924 3672 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 13:07:45.0938 3672 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 13:07:45.0975 3672 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 13:07:46.0021 3672 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/05 13:07:46.0043 3672 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 13:07:46.0090 3672 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/09/05 13:07:46.0100 3672 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/09/05 13:07:46.0150 3672 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 13:07:46.0195 3672 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/09/05 13:07:46.0234 3672 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 13:07:46.0251 3672 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 13:07:46.0303 3672 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 13:07:46.0390 3672 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 13:07:46.0407 3672 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 13:07:46.0537 3672 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 13:07:46.0575 3672 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/09/05 13:07:46.0600 3672 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 13:07:46.0614 3672 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 13:07:46.0659 3672 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 13:07:46.0673 3672 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/09/05 13:07:46.0734 3672 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
2011/09/05 13:07:47.0407 3672 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/05 13:07:47.0704 3672 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 13:07:47.0728 3672 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 13:07:47.0770 3672 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 13:07:47.0864 3672 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/05 13:07:48.0172 3672 P17 (66a2c70da35e8559982ee9d205329e1a) C:\Windows\system32\drivers\P17.sys
2011/09/05 13:07:48.0251 3672 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/09/05 13:07:48.0289 3672 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 13:07:48.0431 3672 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/09/05 13:07:48.0521 3672 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/09/05 13:07:48.0542 3672 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/09/05 13:07:48.0574 3672 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/09/05 13:07:48.0914 3672 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS
2011/09/05 13:07:49.0011 3672 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 13:07:49.0058 3672 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/09/05 13:07:49.0100 3672 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 13:07:49.0140 3672 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/09/05 13:07:49.0188 3672 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/09/05 13:07:49.0211 3672 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 13:07:49.0225 3672 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 13:07:49.0247 3672 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 13:07:49.0285 3672 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 13:07:49.0351 3672 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 13:07:49.0388 3672 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 13:07:49.0407 3672 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 13:07:49.0434 3672 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/09/05 13:07:49.0448 3672 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 13:07:49.0479 3672 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 13:07:49.0527 3672 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 13:07:49.0572 3672 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 13:07:49.0629 3672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 13:07:49.0683 3672 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 13:07:49.0706 3672 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 13:07:49.0738 3672 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/09/05 13:07:49.0779 3672 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/09/05 13:07:49.0805 3672 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 13:07:49.0817 3672 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/05 13:07:49.0841 3672 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/09/05 13:07:49.0865 3672 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/09/05 13:07:49.0889 3672 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/09/05 13:07:49.0934 3672 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 13:07:49.0989 3672 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/09/05 13:07:50.0025 3672 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 13:07:50.0194 3672 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 13:07:50.0263 3672 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 13:07:50.0308 3672 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/05 13:07:50.0341 3672 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/09/05 13:07:50.0359 3672 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/09/05 13:07:50.0381 3672 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/09/05 13:07:50.0730 3672 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 13:07:50.0938 3672 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 13:07:51.0041 3672 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 13:07:51.0090 3672 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 13:07:51.0106 3672 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 13:07:51.0157 3672 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 13:07:51.0229 3672 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/05 13:07:51.0276 3672 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 13:07:51.0321 3672 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/05 13:07:51.0396 3672 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 13:07:51.0545 3672 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/09/05 13:07:51.0761 3672 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 13:07:51.0816 3672 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 13:07:51.0843 3672 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/09/05 13:07:51.0869 3672 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/09/05 13:07:51.0885 3672 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/09/05 13:07:51.0917 3672 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/05 13:07:51.0953 3672 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/09/05 13:07:52.0012 3672 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/09/05 13:07:52.0049 3672 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 13:07:52.0072 3672 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 13:07:52.0113 3672 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 13:07:52.0157 3672 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 13:07:52.0185 3672 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/05 13:07:52.0200 3672 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/09/05 13:07:52.0258 3672 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 13:07:52.0321 3672 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 13:07:52.0375 3672 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 13:07:52.0398 3672 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/09/05 13:07:52.0445 3672 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/09/05 13:07:52.0528 3672 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 13:07:52.0570 3672 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 13:07:52.0601 3672 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 13:07:52.0626 3672 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/09/05 13:07:52.0661 3672 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/09/05 13:07:52.0707 3672 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 13:07:52.0724 3672 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 13:07:52.0749 3672 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/09/05 13:07:52.0780 3672 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 13:07:52.0898 3672 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/05 13:07:52.0975 3672 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/05 13:07:53.0009 3672 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 13:07:53.0056 3672 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 13:07:53.0076 3672 MBR (0x1B8) (48e4fb73037ed2932d5e6bde31e6ee60) \Device\Harddisk0\DR0
2011/09/05 13:07:53.0081 3672 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/05 13:07:53.0084 3672 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk1\DR1
2011/09/05 13:07:53.0094 3672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/09/05 13:07:53.0175 3672 Boot (0x1200) (6e21c7729606b5c27fe432ee5f8228b8) \Device\Harddisk0\DR0\Partition0
2011/09/05 13:07:53.0215 3672 Boot (0x1200) (48b87ede229b5bd49e9ceb5338f5af35) \Device\Harddisk1\DR1\Partition0
2011/09/05 13:07:53.0225 3672 Boot (0x1200) (30696ba883a7af96c0f4cf815bc32a54) \Device\Harddisk2\DR2\Partition0
2011/09/05 13:07:53.0229 3672 ================================================================================
2011/09/05 13:07:53.0229 3672 Scan finished
2011/09/05 13:07:53.0229 3672 ================================================================================
2011/09/05 13:07:53.0235 3224 Detected object count: 1
2011/09/05 13:07:53.0235 3224 Actual detected object count: 1
2011/09/05 13:08:04.0120 3224 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/05 13:08:04.0120 3224 \Device\Harddisk0\DR0 - ok
2011/09/05 13:08:04.0120 3224 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/05 13:08:12.0313 3532 Deinitialize success

Attached Files

  • Attached File  MBR.zip   543bytes   0 downloads

Edited by mikmic, 05 September 2011 - 12:20 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 05 September 2011 - 01:17 PM

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswMBR.exe normally and post the log for my review.


Run the ComboFix tool again and post the log.

Please let me know what problem persists.

#7 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 05 September 2011 - 05:36 PM

I ran aswMBR.exe multiple times. Right after a restart and a second time after saving the log first. It finds the same two things each time:

12:59:19.085 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
13:00:52.985 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]

However the Fix button is greyed out. I did not want to click the Fix MBR button without instruction.

I'm waiting to run Combofix and TDSSKiller until I hear back.

Below is the aswMBR log again as well as the MBR.dat attached.




==========================
aswMBR - aswMBR.txt
==========================



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 12:42:29
-----------------------------
12:42:29.933 OS Version: Windows x64 6.0.6002 Service Pack 2
12:42:29.933 Number of processors: 4 586 0x170A
12:42:29.933 ComputerName: MIKE-PC UserName:
12:42:31.461 Initialize success
12:42:55.921 AVAST engine defs: 11090500
12:44:04.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
12:44:04.407 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
12:44:04.410 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000052
12:44:04.412 Disk 1 Vendor: SAMSUNG_ ZH10 Size: 76293MB BusType: 8
12:44:04.413 Device \Driver\nvstor -> MajorFunction fffffa80063365c0
12:44:06.415 Disk 0 MBR read successfully
12:44:06.417 Disk 0 MBR scan
12:44:06.420 Disk 0 Windows VISTA default MBR code
12:44:06.422 Service scanning
12:44:09.537 Modules scanning
12:44:09.539 Disk 0 trace - called modules:
12:44:09.542 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80063365c0]<<
12:44:09.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f31790]
12:44:09.547 3 CLASSPNP.SYS[fffffa6000dcec33] -> nt!IofCallDriver -> [0xfffffa8004cbe300]
12:44:09.550 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\00000051[0xfffffa8004cbe630]
12:44:09.552 \Driver\nvstor[0xfffffa80062d4450] -> IRP_MJ_CREATE -> 0xfffffa80063365c0
12:44:11.299 AVAST engine scan C:\Windows
12:44:17.349 AVAST engine scan C:\Windows\system32
12:46:30.252 AVAST engine scan C:\Windows\system32\drivers
12:46:45.868 AVAST engine scan C:\Users\Administrator
12:59:19.085 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
13:00:52.654 AVAST engine scan C:\ProgramData
13:00:52.985 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]
13:05:30.488 Scan finished successfully
13:07:10.082 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
13:07:10.085 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 17:17:59
-----------------------------
17:17:59.330 OS Version: Windows x64 6.0.6002 Service Pack 2
17:17:59.330 Number of processors: 4 586 0x170A
17:17:59.331 ComputerName: MIKE-PC UserName:
17:18:00.361 Initialize success
17:18:02.619 AVAST engine defs: 11090500
17:18:05.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
17:18:05.034 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
17:18:05.036 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000052
17:18:05.037 Disk 1 Vendor: SAMSUNG_ ZH10 Size: 76293MB BusType: 8
17:18:07.091 Disk 0 MBR read successfully
17:18:07.093 Disk 0 MBR scan
17:18:07.095 Disk 0 Windows VISTA default MBR code
17:18:07.107 Service scanning
17:18:08.401 Modules scanning
17:18:08.403 Disk 0 trace - called modules:
17:18:08.416 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor.sys
17:18:08.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f73790]
17:18:08.420 3 CLASSPNP.SYS[fffffa600120bc33] -> nt!IofCallDriver -> [0xfffffa8004c697c0]
17:18:08.423 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\00000051[0xfffffa8004c699e0]
17:18:09.455 AVAST engine scan C:\Windows
17:18:43.302 AVAST engine scan C:\Windows\system32
17:22:29.169 AVAST engine scan C:\Windows\system32\drivers
17:23:05.137 AVAST engine scan C:\Users\Administrator
17:36:56.036 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
17:38:05.482 AVAST engine scan C:\ProgramData
17:38:05.793 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]
17:41:34.894 Scan finished successfully
17:42:01.839 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
17:42:01.842 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 18:07:27
-----------------------------
18:07:27.319 OS Version: Windows x64 6.0.6002 Service Pack 2
18:07:27.319 Number of processors: 4 586 0x170A
18:07:27.319 ComputerName: MIKE-PC UserName:
18:07:30.957 Initialize success
18:07:36.677 AVAST engine defs: 11090500
18:08:07.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
18:08:07.863 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
18:08:07.865 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000052
18:08:07.866 Disk 1 Vendor: SAMSUNG_ ZH10 Size: 76293MB BusType: 8
18:08:09.877 Disk 0 MBR read successfully
18:08:09.879 Disk 0 MBR scan
18:08:09.882 Disk 0 Windows VISTA default MBR code
18:08:09.884 Service scanning
18:08:11.793 Modules scanning
18:08:11.795 Disk 0 trace - called modules:
18:08:11.827 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor.sys
18:08:11.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fe2790]
18:08:11.832 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa8004c44040]
18:08:11.835 5 acpi.sys[fffffa60008f6fde] -> nt!IofCallDriver -> \Device\00000051[0xfffffa8004102060]
18:08:12.747 AVAST engine scan C:\Windows
18:08:22.197 AVAST engine scan C:\Windows\system32
18:11:34.300 AVAST engine scan C:\Windows\system32\drivers
18:11:52.853 AVAST engine scan C:\Users\Administrator
18:24:17.214 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
18:25:39.858 AVAST engine scan C:\ProgramData
18:25:40.304 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]
18:31:21.982 Scan finished successfully
18:31:29.947 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:31:29.949 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   543bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 06 September 2011 - 08:26 AM

First boot to Safe Mode.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03
===

Delete the files in bold if found. Note that they are reported by the AVAST engine scan. (p.s. aswMBR is a tool from AVAST)

12:59:19.085 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
13:00:52.985 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]

Restart the computer.

Let me know if the files are gone.

Please run aswMBR normally post the log.

If the files are still shown I will take it up with the experts.

Would like to know also if your have any issues with this computer.

#9 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 06 September 2011 - 02:11 PM

Hello.

I booted to Safe Mode (without networking). I deleted both of the following files:

12:59:19.085 File: C:\Users\Administrator\Desktop\backups\backup-20110830-020151-951.dll **INFECTED** Win32:Dracur-E [Cryp]
13:00:52.985 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]

I emptied the recycle bin after deletion as well. I did not delete C:\Windows\svchost.exe

After reboot the file backup-20110830-020151-951.dll was gone and did not reappear.

The file AuthFWGP32.exe did reappear in the same location.

I ran aswMBR again and it found the same file, as expected. The Fix button was still grayed out.

------
Issues currently experienced on the computer are minimal. I was experiencing slow or delayed webpage opening, no redirection though. As we have gone through these steps the speed has seemed to increase.

I still receive the error "winrscmde stopped working and was closed". It is a small popup error that if closed reappears, but can be minimized and does not seem to affect any other performance. The frequency of this error has lessened since our work. It used to immediately pop up on computer start, now it is either delayed or only opens after website browsing.

No other noticeable issues are present.
------


Here is the log and the MBR.dat zipped and attached.

==========================
aswMBR - aswMBR.txt
==========================


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-06 14:17:07
-----------------------------
14:17:07.592 OS Version: Windows x64 6.0.6002 Service Pack 2
14:17:07.592 Number of processors: 4 586 0x170A
14:17:07.592 ComputerName: MIKE-PC UserName:
14:17:09.304 Initialize success
14:17:12.197 AVAST engine defs: 11090500
14:17:13.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
14:17:13.628 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
14:17:13.629 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000053
14:17:13.631 Disk 1 Vendor: SAMSUNG_ ZH10 Size: 76293MB BusType: 8
14:17:15.676 Disk 0 MBR read successfully
14:17:15.678 Disk 0 MBR scan
14:17:15.680 Disk 0 Windows VISTA default MBR code
14:17:15.682 Service scanning
14:17:18.212 Modules scanning
14:17:18.214 Disk 0 trace - called modules:
14:17:18.268 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor.sys
14:17:18.270 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fad790]
14:17:18.272 3 CLASSPNP.SYS[fffffa6000dd3c33] -> nt!IofCallDriver -> [0xfffffa8004c1c040]
14:17:18.275 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\00000052[0xfffffa8004c1f060]
14:17:19.312 AVAST engine scan C:\Windows
14:17:32.120 AVAST engine scan C:\Windows\system32
14:19:54.753 AVAST engine scan C:\Windows\system32\drivers
14:20:20.641 AVAST engine scan C:\Users\Administrator
14:32:15.655 AVAST engine scan C:\ProgramData
14:32:16.088 File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]
14:36:57.236 Scan finished successfully
14:56:37.626 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
14:56:37.629 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR22.txt"

Attached Files

  • Attached File  MBR.zip   543bytes   0 downloads

Edited by mikmic, 06 September 2011 - 02:13 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 06 September 2011 - 07:32 PM

Now run the aswMBR.exe tool. Select the FixMBR button.

Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run the aswMBR again in normal mode and post the log.

Please let me know what problem persists.

#11 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 08 September 2011 - 10:12 AM

Work has been busy the past couple days so I haven't gotten a chance to run the above steps. Hopefully I can work on it tonight, if not it will be Friday evening. Thanks.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 08 September 2011 - 12:18 PM

Understood, no problems.

#13 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 09 September 2011 - 09:54 PM

Not sure if I am doing something wrong but I can't get the steps followed as you asked.

I've run aswMBR with normal boot and safe mode. I click the Fix MBR button but never get to Infection fixed successfully.

After a very short time I get the message Disk 0 Windows 600 MBR fixed successfully. I've let it sit for 30-45 minutes but never have anything else happen in the window.

I've tried running Scan afterwards, both directly and after a reboot, but Fix is still grayed out each time.

Each time Save Log displays the same information:

File: C:\ProgramData\AuthFWGP32.exe **INFECTED** Win32:Downloader-IPN [Trj]


Thanks for any advice, or instruction if I am doing something wrong.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 10 September 2011 - 10:38 AM

I'm checking with the experts.

Please run the ComboFix tool again and post the log.

#15 mikmic

mikmic
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 10 September 2011 - 01:07 PM

An added note, the error message popup winrscmde stopped working and was closed has stopped happening, at least it hasn't in about a day or two.

Here is the ComboFix.txt log file:


==========================
Combofix = C:\Combofix.txt
==========================


ComboFix 11-09-10.02 - Administrator 09/10/2011 13:52:29.6.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2644 [GMT -4:00]
Running from: c:\windows\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AuthFWGP32.exe
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{17a74b09-3562-4655-828f-57928b60fa47}
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{17a74b09-3562-4655-828f-57928b60fa47}\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{17a74b09-3562-4655-828f-57928b60fa47}\chrome\xulcache.jar
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{17a74b09-3562-4655-828f-57928b60fa47}\defaults\preferences\xulcache.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{17a74b09-3562-4655-828f-57928b60fa47}\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{b1915943-b02c-499c-8303-95ec06b6eb0f}
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{b1915943-b02c-499c-8303-95ec06b6eb0f}\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{b1915943-b02c-499c-8303-95ec06b6eb0f}\chrome\xulcache.jar
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{b1915943-b02c-499c-8303-95ec06b6eb0f}\defaults\preferences\xulcache.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\extensions\{b1915943-b02c-499c-8303-95ec06b6eb0f}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-10 17:58 . 2011-09-10 18:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-10 17:58 . 2011-09-10 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 17:08 . 2011-09-05 17:08 453632 ----a-w- c:\windows\SysWow64\AuthFWGP32.dll
2011-09-04 06:31 . 2011-09-04 06:31 -------- d-----w- c:\programdata\Apple Computer
2011-08-30 09:21 . 2011-08-30 09:21 -------- d-----w- c:\programdata\Lavasoft
2011-08-30 06:08 . 2011-09-10 17:50 4201474 ------r- c:\windows\ComboFix.exe
2011-08-30 05:09 . 2011-08-30 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-30 05:09 . 2011-07-19 09:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-30 05:09 . 2011-07-19 09:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-30 04:05 . 2011-08-30 04:05 -------- d-----w- c:\programdata\Apple
2011-08-30 00:48 . 2011-08-30 00:48 -------- d-----w- c:\program files (x86)\Microsoft
2011-08-30 00:08 . 2011-09-10 07:27 -------- d-----w- c:\programdata\PMB Files
2011-08-30 00:08 . 2011-08-30 00:08 -------- d-----w- c:\programdata\Logitech
2011-08-29 23:38 . 2011-08-30 00:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-29 20:24 . 2011-08-29 20:24 -------- d-----w- C:\Riot Games
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files\iPod
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files\iTunes
2011-08-26 00:43 . 2011-08-26 00:43 -------- d-----w- c:\program files (x86)\iTunes
2011-08-24 18:46 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 18:46 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 04:10 . 2011-05-25 00:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42 . 2011-08-10 07:08 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 07:08 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 07:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 07:08 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 07:08 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 07:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-14 04:03 . 2011-07-14 04:03 813568 ----a-w- c:\windows\SysWow64\powrprof32.exe
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-06 15:49 . 2011-08-09 19:45 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-20 08:45 . 2011-08-09 19:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:14 . 2011-08-09 19:45 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:16 . 2011-08-09 19:45 451072 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-05_16.37.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-09-05 09:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-10 02:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-05 09:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-10 02:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-10 02:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-05 09:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-10 18:01 54628 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-09-10 18:02 72418 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 15:45 . 2011-09-05 16:38 72418 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-26 19:05 . 2011-09-10 18:02 18998 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1391375188-340967920-528662790-500_UserData.bin
+ 2011-09-10 18:00 . 2011-09-10 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-05 16:36 . 2011-09-05 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-10 18:00 . 2011-09-10 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-05 16:36 . 2011-09-05 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-16 10:45 . 2011-09-05 09:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-16 10:45 . 2011-09-10 02:03 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 12:46 . 2011-09-10 01:09 604264 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-09-05 14:07 604264 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-09-05 14:07 103964 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-09-10 01:09 103964 c:\windows\system32\perfc009.dat
+ 2010-05-14 22:50 . 2011-09-10 17:58 254496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-14 22:50 . 2011-09-05 16:35 254496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-03-20 15:53 . 2009-03-20 15:53 183808 c:\windows\Installer\fd1df9.msp
+ 2011-09-05 22:28 . 2011-09-05 22:28 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\514928967cafc8e4a7671f68ce4eb43a\System.Web.Entity.ni.dll
+ 2011-09-05 22:28 . 2011-09-05 22:28 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\b27836d6560a49750d21920693d19627\System.Web.Entity.Design.ni.dll
+ 2011-09-05 22:28 . 2011-09-05 22:28 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e5ebefe6b81d9c789c8749521676f29a\System.Web.DynamicData.ni.dll
+ 2011-09-05 22:26 . 2011-09-05 22:26 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1abc99e2fa94ca63c9b44ebcb074b031\System.Web.Extensions.Design.ni.dll
+ 2011-09-05 22:26 . 2011-09-05 22:26 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\464aac8b3b4a36ee4a850f7c2e4366f5\System.Web.Entity.ni.dll
+ 2011-09-05 22:26 . 2011-09-05 22:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7727fb0db7028e636f30f7ff9f908113\System.Web.Entity.Design.ni.dll
+ 2011-09-05 22:26 . 2011-09-05 22:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\eb60d9a30d018828f5dbe7f39e047030\System.Web.DynamicData.ni.dll
+ 2010-09-24 01:13 . 2010-09-24 01:13 1484800 c:\windows\Installer\fd1e02.msp
+ 2011-09-05 22:28 . 2011-09-05 22:28 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e445fe44a510709916e47395b31937c2\System.Web.Extensions.Design.ni.dll
+ 2011-09-05 22:27 . 2011-09-05 22:27 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c7c6e99c36e181c5505986fa8b07146a\System.Web.Extensions.ni.dll
+ 2011-09-05 22:27 . 2011-09-05 22:27 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\ba8d54452dfef1e8c77b7ad958261d16\System.ServiceModel.Web.ni.dll
+ 2011-09-05 22:26 . 2011-09-05 22:26 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\684d0ef675fd640a30bdf94ad4911bb5\System.Web.Extensions.ni.dll
+ 2011-09-05 22:26 . 2011-09-05 22:26 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\18be706a5ab335aaceb714f528901fe1\System.ServiceModel.Web.ni.dll
- 2011-09-05 07:01 . 2011-09-05 07:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-09-05 21:45 . 2011-09-05 21:45 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2006-11-02 12:33 . 2011-09-10 00:07 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-09-05 16:34 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-05-14 22:50 . 2011-09-10 17:59 19123320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1391375188-340967920-528662790-500-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{08860670-DB9A-4998-A376-94C1940D63Af}]
2011-09-05 17:08 453632 ----a-w- c:\windows\SysWOW64\AuthFWGP32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-13 669936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-08 79360]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-13 1036104]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 182296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 408072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 2091016]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 3842056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gfnocbmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0D114130-58E7-42B9-B2DA-09E9C5E3B895}"=hex:51,66,7a,6c,4c,1d,38,12,5e,42,02,
09,d5,16,d7,07,cd,cc,4a,a9,c0,bd,fc,81
"{0F2EEAAC-C821-401C-818B-58FBAA1BB9FE}"=hex:51,66,7a,6c,4c,1d,38,12,c2,e9,3d,
0b,13,86,72,05,fe,9d,1b,bb,af,45,fd,ea
"{0DCA98AD-3EE0-41F3-B853-E73C32158EE7}"=hex:51,66,7a,6c,4c,1d,38,12,c3,9b,d9,
09,d2,70,9d,04,c7,45,a4,7c,37,4b,ca,f3
"{0E8559D6-E8DC-418C-AA6B-57E8ED67AB41}"=hex:51,66,7a,6c,4c,1d,38,12,b8,5a,96,
0a,ee,a6,e2,04,d5,7d,14,a8,e8,39,ef,55
"{08860670-DB9A-4998-A376-94C1940D63AF}"=hex:51,66,7a,6c,4c,1d,38,12,1e,05,95,
0c,a8,95,f6,0c,dc,60,d7,81,91,53,27,bb
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
08,9b,b8,eb,0a,b8,95,b0,17,8f,69,f8,d6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
cb,73,f4,33,0b,a1,77,d6,65,c2,82,cd,bc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,14,
ef,6c,9c,46,06,a2,38,dc,a9,2a,91,10,16
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fb,
ad,53,92,b8,59,a1,ee,4a,e0,ca,4d,f0,1a
"{112469F7-63E3-4915-832F-B77B748E644A}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,76,35,
01,d5,33,7d,01,9e,2c,fd,3b,77,c9,21,5f
"{0F2EEAAC-C821-401C-818B-58FBAA1BB9FE}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,f5,3f,
1f,17,98,74,08,9c,88,12,bb,a9,5c,fc,eb
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:00,71,60,4e,36,31,cc,01
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,76,83,22,39,0a,8c,49,92,3f,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,76,83,22,39,0a,8c,49,92,3f,3d,\
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DAT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1391375188-340967920-528662790-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\powrprof32.exe
c:\programdata\AuthFWGP32.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-09-10 14:04:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 18:04
ComboFix2.txt 2011-09-05 16:42
ComboFix3.txt 2011-09-05 04:40
ComboFix4.txt 2011-08-30 06:22
.
Pre-Run: 165,841,879,040 bytes free
Post-Run: 165,858,836,480 bytes free
.
- - End Of File - - E2AC4840A04BBAFA72FA04933D4602C2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users