Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2011 Redirect Virus!


  • This topic is locked This topic is locked
32 replies to this topic

#1 vortilad

vortilad

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 September 2011 - 11:35 PM

For about a month now I've had the virus that keeps redirecting me to other sites that will most likely give me a worst virus. Just looking for some help!

Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Lee at 22:55:10 on 2011-09-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1532 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Logitech\Vid\Vid.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode
uRun: [Google Update] "C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54} : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\2375942554131353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\3384F6573756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\97D636160226F61627460227F6F6D6 : DhcpNameServer = 68.94.157.1 68.94.156.1
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\C696E6B6379737 : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\C696E6B6379737F5F475F55303232343 : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 97.64.183.164 97.64.209.37
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k6u342o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lee\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lee\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-9 366640]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 228408]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-12 03:42:38 -------- d-s---w- C:\ComboFix
2011-09-11 20:56:01 -------- d-----w- C:\Users\Lee\AppData\Local\{FC5F334A-B83A-414D-9A96-169D6C3E4C7A}
2011-08-29 17:35:22 -------- d-----w- C:\Users\Lee\AppData\Local\{2735B6C2-EC43-4233-9D99-B74CA24A104B}
2011-08-27 01:35:07 -------- d-----w- C:\b70fcd687d6bc6c1ac5758b2136e3a7b
2011-08-23 23:21:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 23:21:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-19 05:16:55 -------- d-----w- C:\Users\Lee\AppData\Local\{09CF14B4-2EFB-479E-BAA8-E95C1B6CA7A9}
2011-08-18 05:56:51 -------- d-----w- C:\Windows\Favorites
2011-08-18 05:36:41 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2011-08-18 05:36:41 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2011-08-18 05:36:41 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2011-08-18 05:10:48 304128 ----a-w- C:\Windows\ZeusIsUninst.Exe
2011-08-18 05:08:40 -------- d-----w- C:\Sierra
2011-08-18 05:08:40 -------- d-----w- C:\Program Files (x86)\Sierra On-Line
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-28 23:00:26 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
.
============= FINISH: 23:04:42.74 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:42 AM

Posted 18 September 2011 - 11:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418569 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 20 September 2011 - 08:06 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 vortilad

vortilad
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 21 September 2011 - 03:03 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Lee at 2:50:22 on 2011-09-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1847 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Logitech\Vid\Vid.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode
uRun: [Google Update] "C:\Users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54} : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\2375942554131353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\3384F6573756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\97D636160226F61627460227F6F6D6 : DhcpNameServer = 68.94.157.1 68.94.156.1
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\C696E6B6379737 : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}\C696E6B6379737F5F475F55303232343 : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 97.64.183.164 97.64.209.37
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [!BingBar] "C:\Program Files (x86)\Microsoft\BingBar\MUExe\7.0.822.0\BingBarSetup-Partner.EXE" /C:"BBSetup.exe cabLocation=.\BingBarPartnerConfig.cab ismu=2"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k6u342o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Lee\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lee\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-9 366640]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 228408]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-12 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-16 04:47:08 -------- d-----w- C:\Users\Lee\AppData\Local\Facebook
2011-09-12 03:42:38 -------- d-s---w- C:\ComboFix
2011-09-11 20:56:01 -------- d-----w- C:\Users\Lee\AppData\Local\{FC5F334A-B83A-414D-9A96-169D6C3E4C7A}
2011-08-29 17:35:22 -------- d-----w- C:\Users\Lee\AppData\Local\{2735B6C2-EC43-4233-9D99-B74CA24A104B}
2011-08-27 01:35:07 -------- d-----w- C:\b70fcd687d6bc6c1ac5758b2136e3a7b
2011-08-23 23:21:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 23:21:09 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-08-22 04:31:49 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2011-08-22 04:31:49 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2011-08-22 04:31:49 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-28 23:00:26 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 3:02:22.65 ===============

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 21 September 2011 - 04:06 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 vortilad

vortilad
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 23 September 2011 - 12:45 PM

ComboFix 11-09-22.04 - Lee 09/23/2011 2:28.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1705 [GMT -5:00]
Running from: c:\users\Lee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lee\AppData\Local\ApplicationHistory
c:\users\Lee\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Lee\AppData\Local\ApplicationHistory\TurbineInvoker.exe.f5c5ef67.ini
c:\users\Lee\AppData\Local\ApplicationHistory\TurbineLauncher.exe.247941db.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 08:03 . 2011-09-23 08:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-23 08:03 . 2011-09-23 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-23 08:03 . 2011-09-23 08:03 -------- d-----w- c:\users\Mcx1-LEE-PC\AppData\Local\temp
2011-09-23 08:03 . 2011-09-23 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 08:00 . 2011-09-21 08:00 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-16 04:47 . 2011-09-16 04:47 -------- d-----w- c:\users\Lee\AppData\Local\Facebook
2011-08-27 01:35 . 2011-08-27 01:36 -------- d-----w- C:\b70fcd687d6bc6c1ac5758b2136e3a7b
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 04:31 . 2011-08-18 05:36 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-08-22 04:31 . 2011-08-18 05:36 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-08-22 04:31 . 2011-08-18 05:36 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-07-22 05:42 . 2011-08-10 08:01 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 08:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 08:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 08:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-10 05:19 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 05:19 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 05:19 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 05:19 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 05:19 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 05:19 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 05:19 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 05:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 05:19 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 05:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 05:19 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 05:19 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 05:19 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 05:19 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 05:19 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 05:19 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 05:19 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 05:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 05:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-23 23:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-23 23:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-10 05:19 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-07 00:52 . 2011-08-09 16:35 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-28 23:00 . 2011-06-28 23:00 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-09_20.34.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-24 06:41 . 2009-02-24 06:41 73728 c:\windows\twain_32\BrMfSc09b\Common\BrStiIf.dll
+ 2008-07-09 09:16 . 2008-07-09 09:16 81920 c:\windows\twain_32\BrMfSc09b\Common\BrScnFlt.dll
+ 2009-02-24 06:41 . 2009-02-24 06:41 90112 c:\windows\twain_32\BrMfSc09b\Common\BrScnDev.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:04 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:04 81920 c:\windows\SysWOW64\odbccr32.dll
+ 2011-08-10 08:01 . 2011-07-22 02:44 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-06-17 08:03 . 2011-04-22 23:26 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-10 08:00 . 2011-07-22 02:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-04-08 18:46 . 2011-04-08 18:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-08-10 08:00 . 2011-07-22 02:46 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-04-08 18:46 . 2011-04-08 18:46 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-08-21 13:18 . 2011-08-18 16:54 51448 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-23 08:10 65360 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-26 14:38 . 2011-09-23 08:10 20094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3260367747-3519056791-2037069027-1000_UserData.bin
+ 2009-04-24 07:21 . 2009-04-24 07:21 66560 c:\windows\system32\spool\drivers\x64\3\bril06a.dll
+ 2011-08-10 08:01 . 2011-07-22 05:32 96256 c:\windows\system32\mshtmled.dll
- 2011-06-17 08:03 . 2011-04-23 01:19 96256 c:\windows\system32\mshtmled.dll
+ 2011-08-10 08:00 . 2011-07-22 05:34 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-04-08 18:46 . 2011-04-08 18:46 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-08-10 08:00 . 2011-07-22 05:34 85504 c:\windows\system32\jsproxy.dll
- 2011-04-08 18:46 . 2011-04-08 18:46 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2011-08-23 17:21 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-08-09 16:23 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-04-24 07:21 . 2009-04-24 07:21 66560 c:\windows\system32\DriverStore\FileRepository\brpri05a.inf_amd64_neutral_6afae6e101743f88\bril06a.dll
+ 2009-02-24 06:41 . 2009-02-24 06:41 73728 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrStiIf.dll
+ 2008-07-09 09:16 . 2008-07-09 09:16 81920 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrScnFlt.dll
+ 2009-02-24 06:41 . 2009-02-24 06:41 90112 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrScnDev.dll
+ 2009-02-24 06:37 . 2009-02-24 06:37 50176 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\amd64\BrUsi09a.dll
+ 2009-07-14 00:35 . 2009-07-14 00:35 41984 c:\windows\system32\drivers\usbscan.sys
+ 2009-02-24 06:37 . 2009-02-24 06:37 50176 c:\windows\system32\BrUsi09a.dll
+ 2011-08-23 23:21 . 2011-07-09 05:16 49664 c:\windows\servicing\GC64\tzupd.exe
- 2010-02-24 17:25 . 2010-02-02 08:39 49664 c:\windows\servicing\GC64\tzupd.exe
- 2009-07-14 04:46 . 2011-07-16 19:53 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-09-22 16:51 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-04-06 21:48 . 2011-04-06 21:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2011-04-13 03:16 . 2011-04-13 03:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
- 2010-03-18 19:27 . 2010-03-18 19:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-04-12 20:11 . 2011-04-12 20:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-28 14:36 . 2011-06-28 14:36 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-18 08:10 . 2011-09-18 08:10 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-18 08:10 . 2011-09-18 08:10 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-13 22:15 . 2011-09-13 22:15 25088 c:\windows\Installer\139e9fe.msi
+ 2011-09-18 20:33 . 2011-09-18 20:33 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\ed59e15a2a29d02c59dc383215cc85fc\System.Xml.Serialization.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\1a9bcef8abe20b3c0d53c535d680350f\System.Windows.Presentation.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\0ee56d53077b281408cbf186e80ab175\System.Web.ApplicationServices.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\d53f3bf7a26f69ae3ad77f6732ebf9cf\System.AddIn.Contract.ni.dll
+ 2011-09-18 20:17 . 2011-09-18 20:17 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\fbc331d848cf65928cc84de68eba079f\Microsoft.VisualC.ni.dll
+ 2011-09-18 20:14 . 2011-09-18 20:14 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\c551f53c6da4e594269e79636aef9f62\dfsvc.ni.exe
+ 2011-09-18 20:14 . 2011-09-18 20:14 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\28f42eb8dddc9fd54d468171a8d2461d\Accessibility.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5e66ba90ab2f24317ca76582f3ea3948\UIAutomationProvider.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c42639bd8c7c7855c4d11be1f0ccdf97\System.Windows.Presentation.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\3be20b4f9e9df41aaea426041f4f410a\System.Web.ApplicationServices.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3bea7a34d24b4dc1e3925b0b9bc9d45b\System.ServiceModel.Channels.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\882adb9ad5e9b434ef926193f595e757\System.AddIn.Contract.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7ee890ba3e1869ab04930948df453d3f\Microsoft.VisualC.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\944c9dc8fd21a51f368d6c5bae75e13f\System.Windows.Presentation.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c613bae3551f4b186644ac27fa21aa0\System.Web.DynamicData.Design.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\fa32bbf907ae4e463f423da7bd564d58\PresentationFontCache.ni.exe
+ 2011-08-10 08:30 . 2011-08-10 08:30 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\a2e905d32dfe6fffd542c88fc2ced3a7\PresentationCFFRasterizer.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\4a48927338c55384ec3ba7aaad3f6a70\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d16737b6ba495b99e11bfd558a0075c7\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\7686187777462acda89d70a138eebd90\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\75888105363ea9330b8b6f0dd2f32003\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\245912df0fcaab01c4d25464bfc9a1cb\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ee8d2c93da3d975230a53e375c1f16b1\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\39cd4cd856d9bf640d47a52726891def\LoadMxf.ni.exe
+ 2011-08-10 08:39 . 2011-08-10 08:39 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\443bc33ed93196a0dd0ed91feb2f861b\ehiTVMSMusic.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\dbc02eb4f3cd69584290db8fe6916dae\WindowsLiveWriter.ni.exe
+ 2011-08-10 08:33 . 2011-08-10 08:33 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef7c329b4ccb90b433c8c093f3633c0c\WindowsLive.Writer.Passport.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\9f75cf0ba85fc0f07265b6a4739145b0\System.Windows.Presentation.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\307dcd6df5b1b2d6138047f9066a9cd7\System.Web.DynamicData.Design.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4d2110a932ebbda7edbeaf03e5bbdce0\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\ca08eeec54fe8ed940e27b81293a0079\PresentationFontCache.ni.exe
+ 2011-08-10 08:26 . 2011-08-10 08:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8395f4672c4fe938a6db7dfa19dd1bf4\PresentationCFFRasterizer.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\2fa8711fcbe4f277edbbdaf5ef75eae8\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d7ee37204954317e04a434f10660270e\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\78515d457e19db2b3cf2b593dece6362\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3e9e7a37106f143b6931fab60839392c\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\338d94115e3e841a5bbf05409db54cfa\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\12cd3d14ddb9d0785f659434c3ba69d5\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\19abbb37d3d1469e7234fcd4950b7f2a\Microsoft.Vsa.ni.dll
+ 2010-01-26 17:59 . 2011-09-05 23:43 3656 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-09-23 08:08 . 2011-09-23 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-09 20:32 . 2011-08-09 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-23 08:08 . 2011-09-23 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-09 20:32 . 2011-08-09 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-18 20:29 . 2011-09-18 20:29 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1a890e72269abe36365d861bca8fca70\System.Xml.Serialization.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\e335cdfdb3e46fb0f75cb2ce83dabf48\dfsvc.ni.exe
+ 2011-08-18 05:10 . 1998-01-23 17:22 304128 c:\windows\ZeusIsUninst.Exe
+ 2009-02-24 15:43 . 2009-02-24 15:43 106496 c:\windows\twain_32\BrMfSc09b\Lang\BrTwdLng.dll
+ 2009-02-24 06:38 . 2009-02-24 06:38 155648 c:\windows\twain_32\BrMfSc09b\Common\BrTwdsUi.dll
+ 2009-02-24 06:38 . 2009-02-24 06:38 172032 c:\windows\twain_32\BrMfSc09b\Common\BrTwds.dll
+ 2011-08-10 05:19 . 2011-06-16 04:35 180224 c:\windows\SysWOW64\xmllite.dll
- 2009-07-14 00:20 . 2009-07-14 01:16 180224 c:\windows\SysWOW64\xmllite.dll
- 2011-04-08 18:46 . 2011-04-08 18:46 231936 c:\windows\SysWOW64\url.dll
+ 2011-08-10 08:01 . 2011-07-22 02:47 231936 c:\windows\SysWOW64\url.dll
- 2009-07-14 00:11 . 2009-07-14 01:16 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2011-08-10 05:19 . 2011-06-15 09:04 163840 c:\windows\SysWOW64\odbctrac.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 319488 c:\windows\SysWOW64\odbcjt32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:04 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:04 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-08-10 08:00 . 2011-07-22 02:45 716800 c:\windows\SysWOW64\jscript.dll
- 2011-06-17 08:03 . 2011-04-22 23:26 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-09-04 00:03 . 2011-05-04 09:52 157472 c:\windows\SysWOW64\javaws.exe
- 2011-04-28 04:06 . 2010-09-15 09:50 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-09-04 00:03 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\javaw.exe
- 2011-04-28 04:06 . 2010-09-15 09:50 145184 c:\windows\SysWOW64\java.exe
+ 2011-09-04 00:03 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\java.exe
+ 2011-09-15 02:22 . 2011-07-27 04:30 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2011-08-10 08:01 . 2011-07-22 02:43 176640 c:\windows\SysWOW64\ieui.dll
- 2011-06-17 08:03 . 2011-04-22 23:24 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-04-28 04:06 . 2011-05-04 09:52 472808 c:\windows\SysWOW64\deployJava1.dll
- 2011-04-28 04:06 . 2010-09-15 09:50 472808 c:\windows\SysWOW64\deployJava1.dll
+ 2011-08-10 05:19 . 2011-06-16 05:31 199680 c:\windows\system32\xmllite.dll
- 2009-07-14 00:41 . 2009-07-14 01:41 199680 c:\windows\system32\xmllite.dll
+ 2009-12-27 09:13 . 2011-09-18 20:13 293474 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-08-10 08:01 . 2011-07-22 05:35 237056 c:\windows\system32\url.dll
+ 2006-08-31 23:05 . 2006-08-31 23:05 109568 c:\windows\system32\spool\drivers\x64\3\brqikmon.exe
+ 2009-06-25 06:29 . 2009-06-25 06:29 862208 c:\windows\system32\spool\drivers\x64\3\brio06a.dll
+ 2009-07-14 02:36 . 2011-09-23 05:39 633180 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-23 05:39 110782 c:\windows\system32\perfc009.dat
+ 2011-08-10 05:19 . 2011-06-15 09:58 212992 c:\windows\system32\odbctrac.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 212992 c:\windows\system32\odbctrac.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:58 106496 c:\windows\system32\odbccu32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:58 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
+ 2011-08-10 05:19 . 2011-06-15 09:58 163840 c:\windows\system32\odbccp32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 163840 c:\windows\system32\odbccp32.dll
- 2011-06-17 08:03 . 2011-04-23 01:20 818176 c:\windows\system32\jscript.dll
+ 2011-08-10 08:00 . 2011-07-22 05:33 818176 c:\windows\system32\jscript.dll
+ 2011-09-15 02:22 . 2011-07-27 05:31 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2011-06-17 08:03 . 2011-04-23 01:17 248320 c:\windows\system32\ieui.dll
+ 2011-08-10 08:01 . 2011-07-22 05:30 248320 c:\windows\system32\ieui.dll
- 2009-07-14 05:30 . 2011-08-09 16:23 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-08-23 17:21 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-08-23 17:21 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-08-09 16:23 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2006-08-31 23:05 . 2006-08-31 23:05 109568 c:\windows\system32\DriverStore\FileRepository\brpri05a.inf_amd64_neutral_6afae6e101743f88\brqikmon.exe
+ 2009-06-25 06:29 . 2009-06-25 06:29 862208 c:\windows\system32\DriverStore\FileRepository\brpri05a.inf_amd64_neutral_6afae6e101743f88\brio06a.dll
+ 2009-02-24 06:38 . 2009-02-24 06:38 155648 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrTwdsUi.dll
+ 2009-02-24 06:38 . 2009-02-24 06:38 172032 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrTwds.dll
+ 2009-02-24 15:43 . 2009-02-24 15:43 106496 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrTwdLng.dll
+ 2009-08-21 16:53 . 2011-09-12 03:33 440752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-09-23 08:08 491276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-09 20:31 491276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-12 03:33 . 2011-09-12 03:33 492044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-04-06 21:48 . 2011-04-06 21:48 236880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
- 2011-04-13 03:16 . 2011-04-13 03:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-04-06 22:45 . 2011-04-06 22:45 260448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
- 2010-03-18 19:27 . 2010-03-18 19:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-04-12 20:11 . 2011-04-12 20:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 191840 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-05-17 14:27 . 2011-05-17 14:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2011-04-12 20:11 . 2011-04-12 20:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-18 08:10 . 2011-09-18 08:10 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-18 08:10 . 2011-09-18 08:10 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-02-04 00:23 . 1998-01-23 17:22 304128 c:\windows\IsUninst.exe
+ 2011-06-30 17:30 . 2011-06-30 17:30 671744 c:\windows\Installer\5ecca4f.msi
+ 2011-09-04 00:02 . 2011-09-04 00:02 681984 c:\windows\Installer\13b9c6b5.msi
+ 2011-09-18 20:33 . 2011-09-18 20:33 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d3536aadcda3bf1628fd5cb912f0d4df\WindowsFormsIntegration.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\0bbce3d1912c29cdb65f7c7bfdfd8a01\UIAutomationTypes.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\65616f4785226d28371ccf809e213fa6\UIAutomationProvider.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd62d82bb2e0ebe93c68c701a281d204\UIAutomationClient.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\70a6db2664fa1f7e996c58f81f63754d\System.Xml.Linq.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\321d4a33b1363649a45f47f8fbc107c9\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\fbffd4e050d2e397f5b51bcbede33326\System.Transactions.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\41a328f3f1e01dd6d6c45ec27dfb8d12\System.ServiceProcess.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8a3044d7b76d748396c01aec083a1b01\System.ServiceModel.Routing.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4288f4e2ad790e4510344567c092ca68\System.ServiceModel.Channels.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\481e4462ee5dbf73d7f92d14505eabca\System.Security.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ea6aa98aa92eb1c27130599616cd48\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\e01521d8c282ad1e79f9c8334cd4baef\System.Runtime.Remoting.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\0615b26e34fbb01ff661b827e8d80c97\System.Numerics.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\836b59a54e74d2a9350d9dbcbee44e7d\System.Net.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e530f9f49dcc8196f1333f65d9e17a51\System.Messaging.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\ca30070d69a7575b9b3637fde765b533\System.Management.Instrumentation.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\1af1dc859f12d724d15c2f8ac01b7d84\System.IO.Log.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\a236c6b9a7fa2dd99f840ffedb685464\System.IdentityModel.Selectors.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.Wrapper.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\d0cb2f5412272538eead0de22ee232c1\System.Dynamic.ni.dll
+ 2011-09-18 20:31 . 2011-09-18 20:31 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\87240375600b6608957d4877632deacd\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-18 20:31 . 2011-09-18 20:31 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\22c569ca3bf7de3f386881fdaaefcf5c\System.Device.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\848a93911e91183c5833abac3c19b8c7\System.Data.DataSetExtensions.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\9ef51cbff9a0a281683413ff85bdc67e\System.Configuration.Install.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e5886d887164c57e7bbcff9eace93aff\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a618c2c8cd6669a1f562d583de816049\System.AddIn.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c06a32f20b3a8c40bb9ee4caaa7f791f\System.Activities.DurableInstancing.ni.dll
+ 2011-09-18 20:14 . 2011-09-18 20:14 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\898051ff62d86ecbb43c730672a5ce01\SMSvcHost.ni.exe
+ 2011-09-18 20:19 . 2011-09-18 20:19 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\2b6fb4f3fe65c3384cd588c84d5f426a\SMDiagnostics.ni.dll
+ 2011-09-18 20:18 . 2011-09-18 20:18 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e7d3ae8b894e645f195435b0d0cca3d5\PresentationFramework.Luna.ni.dll
+ 2011-09-18 20:18 . 2011-09-18 20:18 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9faf962dcc325fbdecde08f2b4b4de12\PresentationFramework.Classic.ni.dll
+ 2011-09-18 20:18 . 2011-09-18 20:18 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\89a56671c51182608a36ddabf7f11579\PresentationFramework.Aero.ni.dll
+ 2011-09-18 20:18 . 2011-09-18 20:18 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1144c8dd74e20a85a56ea12af48cc763\PresentationFramework.Royale.ni.dll
+ 2011-09-18 20:17 . 2011-09-18 20:17 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\78dbb63ddb830c7b67915373a26a64cb\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2c6b57b8d66eb686e39af125a7b9cd3f\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-18 20:14 . 2011-09-18 20:14 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4b8193e798a848470e64c71f71a230a4\CustomMarshalers.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1b8d986036465b9f0db4fbaf8876ad72\WindowsFormsIntegration.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7b9037ad1952bc81a382b2fcddd8320a\UIAutomationTypes.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\08b935a4ef1b64faec4e9739db313298\UIAutomationClient.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0f5813c19bc6dc46e87c6beafb97d525\System.Xml.Linq.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8681ad3f75515a261e7980d01ac5fa2e\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5314989a2066877016eaac44f927092c\System.Transactions.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\b784695a620842be9b660769dd43c898\System.ServiceProcess.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8671670b07fb8597048ef4aae0a5ede4\System.ServiceModel.Routing.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e8452df7471e5ba24ca642b4c4e1ef37\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bbc34aac73481fc04fe9b7aff9927437\System.Runtime.Remoting.ni.dll
+ 2011-09-18 08:07 . 2011-09-18 08:07 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\0db265c571d2baf9c46511b9955fa7c4\System.Net.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\5539ada158b0520c68ab8cbaa6dab8b2\System.Messaging.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\89a46fc2fa698580fd2fa81df5cd020a\System.Management.Instrumentation.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e022b746f10ca855a632ff405f7f1259\System.IO.Log.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\a6518b3baf1d987d831c5fc1b295306d\System.IdentityModel.Selectors.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.Wrapper.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a0ced4a2cbd6aa8f9cf2a28b641e0300\System.Dynamic.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8227f92f9e71e619b541050995617717\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6ec8651192262a0732c9c187486e9fb9\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\1652ce31226964496c1d5b5b4f69277e\System.Device.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\5b1934fc32b50e5a42a64999d0b27112\System.Data.DataSetExtensions.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\7a2a83b1625f100331691f44b6e9c3ab\System.Configuration.Install.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\eb22b58fc80ef55a2879bd6f121e9989\System.ComponentModel.Composition.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a3084fbf0204cd93a9d1e8722774f0b7\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\6254a35e295c52224f7bdc9e5ac9c81f\System.AddIn.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b905c99ccccb248a7653fabe4b55b09\System.Activities.DurableInstancing.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\51bdfe23e8b22bbed5fabfed9371b5b0\SMSvcHost.ni.exe
+ 2011-09-18 20:26 . 2011-09-18 20:26 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef32e2d63c908a8e4b21b30b2debcd03\SMDiagnostics.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ac6b30fb021fe513bc7f5eb98874ab98\PresentationFramework.Royale.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ab273e4606367562d98caf792f366523\PresentationFramework.Classic.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\08ffd91342eb8f789914456a3a0d29dd\PresentationFramework.Luna.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\43eb12b6198092efc2b8a030ace2e3f2\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\da0ae911ee95f4e67660e8e584ca8e7b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8bd0bb7822eb2d50cb4c1a82a7f934e8\CustomMarshalers.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\4158151b141c058dd6d33deb9f656cf5\WsatConfig.ni.exe
+ 2011-08-10 08:45 . 2011-08-10 08:45 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\5c7b7c3020fcf95b12de379a6eaa1b22\WindowsFormsIntegration.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\da2f32acabc639580f8fa270139384e0\UIAutomationClient.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da2d4f56cbd81dbfd411f9277ec21cbf\TaskScheduler.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\08f8191f0880d9af2ce9c9449ceebdef\System.Xml.Linq.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\5062c518813c411600d22e768cdd13c3\System.Web.Routing.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ff799052f4f3962c66da546e1c80a72a\System.Web.RegularExpressions.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\35d0df22bb89a4894c713962f19c1d7f\System.Web.Entity.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\58ef3092e01826e4b40d8dd4f83c7d72\System.Web.Entity.Design.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\10756b89b2a634c52cede0f91f604699\System.Web.DynamicData.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\50996371e98b37a5725be97fa5bbcb1d\System.Web.Abstractions.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\9bffa8b698c20fea7159e8d741fbbcc0\System.Transactions.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\ada1563bb5401c23224f92fb889dd3b0\System.ServiceProcess.ni.dll
+ 2011-08-10 08:28 . 2011-08-10 08:28 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\a8cc4c9d7e89736252e9a6c007a2bc6c\System.Security.ni.dll
+ 2011-08-10 08:30 . 2011-08-10 08:30 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\01d803ac45cb10235986fc0691f39478\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\b81e741e31aa2a05b8d9b07edd0c59eb\System.Net.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\6e32219bb66537ebb9912559d5d39aa9\System.Messaging.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\1effef192a23a41a2d69dbf821e04dfb\System.Management.Instrumentation.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\2970c69ad772c210d7ba7788a4e12bde\System.IO.Log.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\0e1d1a39e438b0b5de02637e11598194\System.IdentityModel.Selectors.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\cbdabc2bd3c01ca7a74e2fa111a1554d\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\696f84834a9b3e611a8bc539d6679c67\System.Drawing.Design.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\2c975a56f5251b08c9b39f5669df823c\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\fa31ea45984c2b14a45dbdbe0ee92747\System.Data.Services.Design.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\ba8af03c069755365835551382db0885\System.Data.DataSetExtensions.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\61dbdc6161bdeec022fff0879167e981\System.Configuration.Install.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\d914029c651ae9a0ac2e0d1ee38ada03\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\60f77bc635e2dc8c9f3bb8972e92e91d\System.AddIn.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\75cf23ee3eaa75dbfbabacec22a5388e\SMSvcHost.ni.exe
+ 2011-08-10 08:38 . 2011-08-10 08:38 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\8a3d61c3b031eab47636d36fcab30b5a\SMDiagnostics.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\edca8014d1697965106444d30a6c620e\PresentationFramework.Aero.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\663635921157c0446658f6790d1f76e9\PresentationFramework.Classic.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\55c4babb0c929d9e972e0a53380d469f\PresentationFramework.Luna.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\46ff3573ca0908e25fdaaeed3cd6df87\PresentationFramework.Royale.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\d456abcf8aaf9979465332fc60328a0c\napsnap.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\a14484678df3c63bf8ab751fb54f2df3\napinit.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\03671b02285b0e8a1de30eb6e2e67306\MSBuild.ni.exe
+ 2011-08-10 08:40 . 2011-08-10 08:40 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\f9632181ef00dcc3d5d84c71b287400a\MMCFxCommon.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\39c08c2456e42165ee3ce58e02ec7c45\Microsoft.WSMan.Management.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\be50c247c49d4d8e415c9337cb337878\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\3d89c77dc76199b3faba527badaa874b\Microsoft.Vsa.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\07e898d54de7226accabf8f98224550a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\e999419144678c9fa989fcab1da943ff\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cd864d1397678ea061b9e81bf5bca681\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\94259e218c254849165b08ed3092357a\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\1c4f1a9516aa5b04199ac6f1c8c878ee\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf98a8c7e9627340cf58ddb0db1362e8\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bc1f71d9e3aef84e52756a10a45483ea\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\96b147457e884fb8ecfa1b6a0a4a4f96\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\44a19151ddb732547947a9bf777f2294\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3a9902709f670c42a1c12b7ac7dffeee\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e24f5e9930918e575fbf6de19e3966b3\Microsoft.ManagementConsole.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\c5f41932566e055efcca0fd207f7197d\Microsoft.Build.Utilities.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\525b58259a895f0313da4a5de37f2883\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\15b8d7b5a75674c80cd490a5cf5bfde6\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\7e89bfc093a517a61972cf292bd56a27\Mcx2Dvcs.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\026cea46ffcca12f203aea8652cae657\mcupdate.ni.exe
+ 2011-08-10 08:39 . 2011-08-10 08:39 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\0fd02b8fd3442bbaefe7eb497cdcc8af\mcstoredb.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\b0c3060490fce4a30d21ccc0f08fc6c9\mcplayerinterop.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\11afd79e2f82355563e4106383e2fef4\mcGlidHostObj.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\e9d9b37abd03c905c01c0642934608a4\MCESidebarCtrl.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\e8d09f37eea79783b2d59a4ba61cd4e3\EventViewer.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\2ce507a95bd67a891d188fdd72d17a99\ehRecObj.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\a7d6ed21a61c9669a8f2fc9921b47383\ehExtHost.ni.exe
+ 2011-08-10 08:38 . 2011-08-10 08:38 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\7bb0dcbbaadc4b1bf478e74f5fd921e5\ehCIR.ni.dll
+ 2011-08-10 08:37 . 2011-08-10 08:37 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\52a0055341e8c61b2d180ff2ddf3fd9a\ComSvcConfig.ni.exe
+ 2011-08-10 08:37 . 2011-08-10 08:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\ec1e763fd7195ebc18834cf283e8989c\BDATunePIA.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\b72d0c21f3037af142182fff51ca5d35\WsatConfig.ni.exe
+ 2011-08-10 08:33 . 2011-08-10 08:33 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\c72a945d03c5b2c19dcf835e3e60ab2b\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fdc87b3fc40fc5530c28295c7bbb6fba\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e39b03542f80200856812a4ca3499290\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c81f72b743d8e5c54ddddcb79e541aca\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba007888824d279b6baabf6f43060f46\WindowsLive.Writer.Interop.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 780288 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a77e361f877ff4ee1e5a8b6fa5ed5608\WindowsLive.Writer.Controls.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9909ca369ee4aabc8fda3ef328909b8d\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\872a695b7ce3e3acc48ae3b5c7e0eee9\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\762fcd2a2f2a7db88c11f3809f70548b\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 890880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\48e1d97d0f628f2601caf252291c4280\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f3b2bdc30b5a0865a5ac7ddfdeb7e07\WindowsLive.Writer.Api.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2aa30c763e49720c448b8877f071ee9d\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c5b04775ff0a1c583ec1d2d73ca01df\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\1faac181c23d7262bf20889ab992665a\WindowsLive.Client.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\dc851eb6cb72e5c1cd919af309a07023\WindowsFormsIntegration.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ffc7645d5bf2a895984d9897d66bfb15\UIAutomationClient.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\845f1b0de1ea181d8b6c5f6c80ac36c9\TaskScheduler.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\651171a9bae0dcb27a23c892f3330a02\System.Xml.Linq.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d0cd45e286d051133eb0c22c9d9aeb07\System.Web.Routing.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\76828271cbe1d370ec313ad1821a27bb\System.Web.RegularExpressions.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8df481ff9b0ff31f56868f1f1da7125f\System.Web.Extensions.Design.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\1d77a5e95e0c77c5bd6416a3c698794c\System.Web.Entity.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\26e31d7882bf36570241406b949889de\System.Web.Entity.Design.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\bbb609f0cddbe4dfbf8e6a4c59e4b411\System.Web.DynamicData.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b6fe22ac92e53a81d37328e144efc34b\System.Web.Abstractions.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\6b2029e6f8913d6507ec608de3fa605c\System.Transactions.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\45e8faf9163d342297c46813373d8f74\System.ServiceProcess.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\21cc2572fbb5a3a7e0ef085d7bf27eca\System.Security.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\69eae47315bb993ef0d3a92ddb0c8671\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\13c5d50774c47c78278a18e0ac7c34b3\System.Net.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2dcda30cb646a7eaa9e03173b57526f4\System.Messaging.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\7cc7d753f499e27b4bd8a45c3e81c73e\System.Management.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\0d61241c42332d397f7a42c0e347cc93\System.Management.Instrumentation.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0ae07129df7506c92ac916176f2a4cf8\System.IO.Log.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\9433a8d5286f97fa4082a12313970f18\System.IdentityModel.Selectors.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6211b345bc0c618d5669daae118a43a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6211b345bc0c618d5669daae118a43a\System.EnterpriseServices.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0fb34b9054c6a2491e48b8be259a5b43\System.Drawing.Design.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3f27834a4c28383c6fbaed3a974e3478\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\069e0cd93a9f71d4ede4ca76a3fa1fcd\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\fe4d6eab224fe055213f6a450a6712c9\System.Data.Services.Design.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a7695e45449a652a1a5baaba8e8cf5d9\System.Data.Services.Client.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\29a9b4a1d9d69e0c9acd89d437ef7291\System.Data.Entity.Design.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\0e4b38027d790b6493074f97fd4ddf5a\System.Data.DataSetExtensions.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\03cfd2ea8fe3b80eadf81f1a82bed246\System.Configuration.Install.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afbe9ede6d13f027fdcbbdbe16db9ae4\System.AddIn.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c79a3a3a2adcba65af5f2049f02a5c98\SMSvcHost.ni.exe
+ 2011-08-10 08:34 . 2011-08-10 08:34 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\57c319928a4eb8d9a4b88cc089e30080\SMDiagnostics.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f7c9cfd3c76cd34d0057e03c691ab7a1\PresentationFramework.Classic.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bf0fdbe3e86b6b622f53caf11e55780b\PresentationFramework.Royale.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\869dedfb597fd2cee5596e7670154a82\PresentationFramework.Luna.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\027be37665f2247a46e692bedf6b6fec\napsnap.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\cffc28ecac4d7d6f0a5ac3789a538177\napinit.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\863852407790cdca96a5e40ac375a2c5\MSBuild.ni.exe
+ 2011-08-10 08:34 . 2011-08-10 08:34 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\bfcbb038eb540368cf91cb785b4e74a9\MMCFxCommon.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ef93fc42b7f855ba07c2972aee82e972\Microsoft.WSMan.Management.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\489e5c5c07e61fe0a6db36b0245ac9de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c8aacab869322819bfd2b72b96e1da5d\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c01792ec79d8c350e8e7477ea1d4e964\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b805ab118d2755efa3a8031d827df3c1\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a5bd4f2a9d1af46f7f6ea5a198b6c667\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\19bd3fde782403455990051003f49e19\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\a3d958313e322c004f1ad3e994a0a127\Microsoft.ManagementConsole.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ace06fd93fe247102bf3b63f04ea16ca\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0e48de2140b975e6572c53390f21623e\Microsoft.Build.Utilities.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ac60ac0d4ba0e598a51221a65981e4a6\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\f87c4995a17d8d65765343056866771d\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\9a7b64e3097c607b5b46df9c4c2d6d28\mcstoredb.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\515abbf5c187cb9d69ece6c2b9852376\EventViewer.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\ebd79e8ffb8496b93bf7b145d318ef97\ehRecObj.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\4773b088d37d9931685ca805a7bca926\ehExtHost32.ni.exe
+ 2011-08-10 08:33 . 2011-08-10 08:33 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a70e095567b99ddf7041397a4d57dac1\ComSvcConfig.ni.exe
+ 2011-08-10 08:33 . 2011-08-10 08:33 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\f51db67ff1b743bc8af302e359ff3550\BDATunePIA.ni.dll
+ 2009-02-24 06:40 . 2009-02-24 06:40 1478656 c:\windows\twain_32\BrMfSc09b\Common\BrTwdScn.dll
+ 2011-08-10 08:00 . 2011-07-22 02:49 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-08-10 05:19 . 2011-06-23 04:38 3902336 c:\windows\SysWOW64\ntoskrnl.exe
+ 2011-08-10 05:19 . 2011-06-23 04:38 3957120 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2011-08-10 05:19 . 2011-07-16 04:30 1048576 c:\windows\SysWOW64\kernel32.dll
+ 2011-08-10 08:01 . 2011-07-22 02:44 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-08-10 08:00 . 2011-07-22 02:51 9704448 c:\windows\SysWOW64\ieframe.dll
+ 2011-08-10 08:00 . 2011-07-22 05:36 1344512 c:\windows\system32\urlmon.dll
+ 2009-06-25 06:29 . 2009-06-25 06:29 1245184 c:\windows\system32\spool\drivers\x64\3\briu06a.dll
+ 2011-08-10 05:19 . 2011-06-23 05:29 5507968 c:\windows\system32\ntoskrnl.exe
+ 2011-08-10 05:19 . 2011-07-16 05:21 1162240 c:\windows\system32\kernel32.dll
- 2011-07-13 01:47 . 2011-05-14 07:36 1162240 c:\windows\system32\kernel32.dll
+ 2011-08-10 08:01 . 2011-07-22 05:33 2143232 c:\windows\system32\iertutil.dll
+ 2009-06-25 06:29 . 2009-06-25 06:29 1245184 c:\windows\system32\DriverStore\FileRepository\brpri05a.inf_amd64_neutral_6afae6e101743f88\briu06a.dll
+ 2009-02-24 06:40 . 2009-02-24 06:40 1478656 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\BrTwdScn.dll
+ 2009-04-07 08:02 . 2009-04-07 08:02 1560576 c:\windows\system32\DriverStore\FileRepository\brimi05a.inf_amd64_neutral_4dceef487c5af764\amd64\BrWia09b.dll
- 2011-06-15 23:05 . 2011-04-25 05:32 1896832 c:\windows\system32\drivers\tcpip.sys
+ 2011-08-10 05:19 . 2011-06-21 06:27 1896832 c:\windows\system32\drivers\tcpip.sys
+ 2009-04-07 08:02 . 2009-04-07 08:02 1560576 c:\windows\system32\BrWia09b.dll
- 2009-07-14 04:45 . 2011-07-13 06:16 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-09-16 02:40 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-03 04:55 . 2011-09-23 08:08 5913644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3260367747-3519056791-2037069027-1000-8192.dat
- 2010-03-18 19:27 . 2010-03-18 19:27 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 22:45 . 2011-04-06 22:45 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 1368920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 6428520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-06 22:45 . 2011-04-06 22:45 3824480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2011-04-06 22:45 . 2011-04-06 22:45 3235656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
+ 2011-04-06 21:48 . 2011-04-06 21:48 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 6097256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll
+ 2011-04-28 13:48 . 2011-04-28 13:48 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-03-23 03:01 . 2011-03-23 03:01 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 3116376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 1354584 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll
- 2011-04-13 03:16 . 2011-04-13 03:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 1454416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 1514840 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 1511240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-05-17 15:08 . 2011-05-17 15:08 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2011-04-13 03:16 . 2011-04-13 03:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-08-10 05:19 . 2011-05-04 22:29 3178496 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2011-06-28 06:01 . 2011-01-20 00:42 3178496 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 2261832 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2011-04-06 21:48 . 2011-04-06 21:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2011-04-28 13:48 . 2011-04-28 13:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-03-23 03:01 . 2011-03-23 03:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2011-04-06 21:48 . 2011-04-06 21:48 1354584 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
- 2011-04-12 20:11 . 2011-04-12 20:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-04-12 20:11 . 2011-04-12 20:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-05-17 14:27 . 2011-05-17 14:27 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-08-10 05:19 . 2011-05-04 22:34 3178496 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-06-28 06:01 . 2011-01-19 23:32 3178496 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

Here is the second half.

+ 2011-09-18 08:11 . 2011-09-18 08:11 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-28 14:37 . 2011-06-28 14:37 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-18 08:10 . 2011-09-18 08:10 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-28 14:36 . 2011-06-28 14:36 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-18 08:11 . 2011-09-18 08:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-07-08 00:40 . 2011-07-08 00:40 4745728 c:\windows\Installer\b2ec.msi
+ 2011-09-01 01:10 . 2011-09-01 01:10 3502080 c:\windows\Installer\646889.msi
+ 2011-04-28 14:57 . 2011-04-28 14:57 2721280 c:\windows\Installer\507374c.msp
+ 2010-03-18 18:16 . 2010-03-18 18:16 1663320 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_x86.dll
+ 2010-03-18 19:27 . 2010-03-18 19:27 2153816 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_amd64.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_amd64.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_amd64.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 3545952 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll
+ 2010-03-18 19:27 . 2010-03-18 19:27 3453792 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll
+ 2011-09-18 20:17 . 2011-09-18 20:17 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\2b21f937d40320cabc3c85c031db88d8\WindowsBase.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d14a6bf514550fdc219f580348599c58\UIAutomationClientsideProviders.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\8e4323f5bfb90be4621456033d8b404b\System.Xml.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\2a3c95561c3de429c3c0e7a53a920c45\System.Xaml.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\b346685f479e27aadce1793789333bfb\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\4ee71342f3eadce770c5b227e0e72015\System.Web.Services.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\7211feffc35222c34e5d6b9e97f1c009\System.Speech.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e449cb587c51f7bec5fcff8964844151\System.ServiceModel.Activities.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5af78d8b92c4a0b7f90dd99a8742c565\System.ServiceModel.Discovery.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\2c3f2f005761a596bf9e7262b76735a3\System.Runtime.Serialization.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\d850328fdb0d5b403f2b4a7752ec43da\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\35bb0262c48890be46a1861b63bed32d\System.Printing.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\73c6deea16d8ee87e65156bb9ef90e0b\System.Management.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\6d8ec822ecf54529d04b1342aef58dd3\System.IdentityModel.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0237eaa2a9c71060227e6d310a887c07\System.Drawing.ni.dll
+ 2011-09-18 20:31 . 2011-09-18 20:31 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\8440779374dcb4d650179a61139684b0\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1b6321bae09adccce41aedcd91fcea9b\System.DirectoryServices.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\f0cadc34a72bbfb06158ee14e3f3b97d\System.Deployment.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\20d5aeb1486af05bd5885e431e8cf531\System.Data.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\84e0e94c07d03148371aad1c9212daba\System.Data.SqlXml.ni.dll
+ 2011-09-18 20:31 . 2011-09-18 20:31 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c66f4672f3f96cac1796475fc53084f7\System.Data.Services.Client.ni.dll
+ 2011-09-18 20:31 . 2011-09-18 20:31 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\f985d985539603a521e6051cbef283d7\System.Data.Linq.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\d17a133036827281e02df99161f83199\System.Configuration.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\87cacc996ae318f4bd1e126f8271b8c1\System.ComponentModel.Composition.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\6f46271408743437680ef855e26ba561\System.Activities.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\b5dc8079f2701e3cf6a139deca5c0982\System.Activities.Presentation.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\bb930355f9bcc3bc388397471ae88492\System.Activities.Core.Presentation.ni.dll
+ 2011-09-18 20:30 . 2011-09-18 20:30 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8df1ec785fb8923566f2ce612f108cee\ReachFramework.ni.dll
+ 2011-09-18 20:19 . 2011-09-18 20:19 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\944136b49e38259ce517a6fe3e71fa4d\PresentationUI.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f35f1a86bb6cdfc3547ff815dddfa629\Microsoft.VisualBasic.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b915c536f129912ec5b50a187d663103\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\7caaf5543210b5383267ef450c2173f7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\41248e69f60429253a19267620bd5dcd\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-18 20:32 . 2011-09-18 20:32 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\a266703ae4763423c8e41fd9e375bf76\Microsoft.JScript.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\db2aa89dbd68dddefe47c70b35c045cf\Microsoft.CSharp.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e6474cae2445440fccb0e62e689e6c22\UIAutomationClientsideProviders.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a216205660fa7dabec6af4a7c52956ee\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\40c543317017c549c3d17d714c3cf1fc\System.Web.Services.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\86d3010efe01e554be5b8cd680fcfe2a\System.Speech.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f37365c0acb4b409a486f3aa4512a03e\System.ServiceModel.Discovery.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a53b7bb4838c656363b29f79f708a0f0\System.ServiceModel.Activities.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\33b886ae33f78b046f90bda3dde2688e\System.Runtime.Serialization.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\5c659e2195f712d6638b8536da384cda\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0751e44f42a603bfe153a4bbd124f62f\System.Printing.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e1acefba94c07ca77d751b68bc3e33d3\System.IdentityModel.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\be3d47a08a8e4118e75e31a402259409\System.DirectoryServices.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\864c2fd53f879fcd5f9b335cf49a66b4\System.Deployment.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\80bdabbd69127228408b96ca23460389\System.Data.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ec8c58572e78fa5fc63bb8b29ed7481a\System.Data.SqlXml.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\04f451f2d493483696f852bdce8c36e0\System.Data.Services.Client.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8a671058b35f625fb958ff2228fbc9cf\System.Data.Linq.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c527fa8c447a9edfeb14eeaf4af0a742\System.Activities.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\5be7a4e9c92dff127c74c0d744b3f523\System.Activities.Presentation.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\1871f74f0a94ec1d26071dcc872d4189\System.Activities.Core.Presentation.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\5d8782e167084ab1fced20b86cfb26e2\ReachFramework.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de59faecd59acbc6caabecbd8efbbb50\PresentationUI.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce05202cabbee87cda0b3df2e56a6b20\Microsoft.VisualBasic.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\899c60052ad7e741dc444017cc907ca8\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0adf14e7c198b3e2a634e53a23ddad7b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-18 20:26 . 2011-09-18 20:26 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4376863f8deba766befd5d8e41316a91\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2ceaa7403e2bdea36367a0a67d972f03\Microsoft.JScript.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll
+ 2011-08-10 08:28 . 2011-08-10 08:28 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\26c2afe61f099017c4e70bbcb2142ffd\WindowsBase.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 1458688 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\7221bfa57b475d20a93ae0fdc08b8cf5\UIAutomationClientsideProviders.ni.dll
+ 2011-08-10 08:28 . 2011-08-10 08:28 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\9f514e225bac2a8368c6c8c1f1b3fec8\System.Xml.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\01e4917a3d561da523667666495ea3a7\System.WorkflowServices.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\04bbd3aee57cc7389cbfceeb7c671c38\System.Workflow.Runtime.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\04114e4034cc0a4ff5f32ac99f8e071d\System.Workflow.ComponentModel.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\58edfdc84774acc6ffd7c1a470ad231c\System.Workflow.Activities.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\20e151b21c0de28e3598a6cd99620df9\System.Web.Services.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\0aff6140fc041e3d7dfb4997c8a9759f\System.Web.Mobile.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 3041792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\b1a54ae9b51750975107476a18958ffc\System.Web.Extensions.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\6849786427c22557dbac94abf2f8e78f\System.Web.Extensions.Design.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\eb242c285eb8147e097bbeb98caa6c3b\System.Speech.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\0b7da809697b92b3b12d235376d545b9\System.ServiceModel.Web.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b61b398b60e9b1207dc6fbd4aee4f2db\System.Runtime.Serialization.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a998c92418ead4aba1f24a651c44d026\System.Runtime.Remoting.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\741545409644f3c2b9ea41c1a124afba\System.Printing.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\7aa144b8269dfb63694b96c533ac5f98\System.Management.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\23b9bc5f688fb5b337c287e2b00a826f\System.IdentityModel.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\cbdabc2bd3c01ca7a74e2fa111a1554d\System.EnterpriseServices.ni.dll
+ 2011-08-10 08:29 . 2011-08-10 08:29 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\d88df8c5fbeb107d81ccceeb6674afc8\System.Drawing.ni.dll
+ 2011-08-10 08:45 . 2011-08-10 08:45 1229824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e9098f50f10b53ca39d3829e0f82d0e0\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\758d89744f82fc7ae39a1d6c778d26ba\System.DirectoryServices.ni.dll
+ 2011-08-10 08:29 . 2011-08-10 08:29 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\cf8a63f7d9dda35ee70b4750c57aa6c4\System.Deployment.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 8692736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\cf7695a50e1838d542ca8d9a14d31d3a\System.Data.ni.dll
+ 2011-08-10 08:28 . 2011-08-10 08:28 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d25da61acc271a371c7545eb9672dc9d\System.Data.SqlXml.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\873d61960d9d89cc7ed618ad34e1f37c\System.Data.Services.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 1289728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\51030557516ec3eebb70daf77ca01fb0\System.Data.Services.Client.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\770b278be35defe092471384f45a474b\System.Data.OracleClient.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\19d9025ab4639d9f77c281adcf467612\System.Data.Linq.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\4eb561a551378ad31294584076ca9cf8\System.Data.Entity.Design.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\f95f65500e36892ad9ecf8e4636acae2\System.Core.ni.dll
+ 2011-08-10 08:28 . 2011-08-10 08:28 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\04b8fccfed1cbcd3234570b869f33e9c\System.Configuration.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\5b77fc8e6e640dfa801f9d9962f04f52\ReachFramework.ni.dll
+ 2011-08-10 08:31 . 2011-08-10 08:31 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\c690e4ecea1a0a34bb3be6e37243dee7\PresentationUI.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\d3ed1525ea9310b9e353ea2bf51d2713\PresentationBuildTasks.ni.dll
+ 2011-08-10 08:43 . 2011-08-10 08:43 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\d31b2fe1f675a18da77950668df99c9e\Narrator.ni.exe
+ 2011-08-10 08:43 . 2011-08-10 08:43 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\2fbcffc23c0e3388100c01478c7411b4\MMCEx.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\7f391241164568df6821c17ef38cffec\MIGUIControls.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\b3a896580dfce2914c25dcc354f2fd9e\Microsoft.VisualBasic.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 1598464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\720cab4d46d3cb9ec39ecc4cc7f1e367\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d2967f513301ef5bb224ea2ece5f8812\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\923c28797288dbca634d0fa581bdddad\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\43ef110c79e512b5f06ee99bab301509\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\35b1003225c09c618d13f19594291888\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d67186574c8af08eb6adcda5108cf948\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\46a927dc25ca3173f7eb61511a92c15b\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3e23b52ddb1860f72edad11ef1c040e4\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\21d04845839a90794b1a9bdfcc352e76\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\21cbbc526690ee37b92ddfa9fca7cb2a\Microsoft.MediaCenter.ni.dll
+ 2011-08-10 08:42 . 2011-08-10 08:42 3208192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\0a6424e7a525551cc225c0069156c557\Microsoft.JScript.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\7f609b545f6e6dcbc58419383347665f\Microsoft.Ink.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\d14cb138ca8347e258997120499c0571\Microsoft.Build.Tasks.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\64b56c5f429dce63116b1fe32d058662\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\62dd1dd68484299d59785452ec17f377\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\4c95bb21729ffa504fc709ca6d097abc\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\ae58d35ac65bc344501e97deac8cd965\mcstore.ni.dll
+ 2011-08-10 08:39 . 2011-08-10 08:39 4087296 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\50a1b4b3592662fa4d583e41975c381c\mcepg.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 1284608 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd6f412cab295e545f99869284a985d6\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb582ea315837d82653bade0a8509068\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ab6bbc4c241dcefe770688ce02e11922\WindowsLive.Writer.Localization.ni.dll
+ 2011-08-10 08:33 . 2011-08-10 08:33 7024640 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f365cd27bb21aecd81612943b9d8103\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f1e59db76b9edd4deaed2ac55781c902\UIAutomationClientsideProviders.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 7949312 c:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\763c77ff72e7805a806876425570d8c5\System.WorkflowServices.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5b19559c40917af8970f5370edd18b6d\System.Workflow.Runtime.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\bc6d4b5141c12bc5313efdfa1d338357\System.Workflow.ComponentModel.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2be375376251b0276eba2dedb493bceb\System.Workflow.Activities.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f28bd40026e640601964b2b0bf38a6f0\System.Web.Services.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c8ebbaa62fb4f086bf05f9393223cd68\System.Web.Mobile.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 2402816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f94f6f6a849eeb39b9b3d4fbae344f4f\System.Web.Extensions.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b49029aa87036bc216f7ffe095d0e97c\System.Speech.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1c5c4880bf7ca01080700eea49e05e11\System.ServiceModel.Web.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\55cdcfcdc452a9142b4e67acb154a362\System.Runtime.Serialization.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\2f382e5ba0f6eaab1fd06086640a1866\System.Printing.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\7c22fba8ec12d6489fc16866e353dc50\System.Management.Automation.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2f46039c9e993a3a6fd57c675fd4aaec\System.IdentityModel.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\49be109772bc911da9c5254e064d64a0\System.DirectoryServices.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e6262eb0590a960d18c79521c4c6ddfc\System.Deployment.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\86f429e0a23238cf277d464bd0433d86\System.Data.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\1648b9bbfc86b5182a63b67a997b0f00\System.Data.SqlXml.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\30f94d0bf35aec7c7f4b0419105eaf7d\System.Data.Services.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\2e7f78d794468689a493ede3def26fda\System.Data.OracleClient.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\a6e989fe1bc0e5229b095f43897b8906\System.Data.Linq.ni.dll
+ 2011-08-10 08:36 . 2011-08-10 08:36 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a94107311637031bf9ea96c2ffe5b9f3\System.Data.Entity.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\5914966008346d5e9341ba1f9d6d2760\System.Core.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7e02ce44d03bc0802d8061678feb3356\ReachFramework.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7ad55f43f985bf78b69a0011376c4e2f\PresentationUI.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\baf4cb02c45af29af8b554d04779b06c\PresentationBuildTasks.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\bbcdc6fa58b34abdcfdde68152e9452e\Narrator.ni.exe
+ 2011-08-10 08:35 . 2011-08-10 08:35 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\6cd0b7acc2224ad1546d2d4aa19a69ec\MMCEx.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\885802a486238194369b40734ae32351\MIGUIControls.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6fe7fb2d0b04dbe5c8c5c7a62c0e2720\Microsoft.VisualBasic.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0844794347bf7df0b93a8c8712ec323c\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ae1605be91501dbe0b093b7effcdc756\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\919d214e828441c76321ac103f18e1e0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-10 08:35 . 2011-08-10 08:35 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83500b7a9a16ee02167fb1d646a06a53\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\383b1924065e449a28483c2e7ac5a3f5\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\154b5de16fadcfa8892c8a3b7e069cec\Microsoft.MediaCenter.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a7368b3d691b8c5b9cf3bf55c2e29d2d\Microsoft.JScript.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\1eb9672b5957033feb2005b60172378b\Microsoft.Ink.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d5822d617d224b18f00892c1962cbdf2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\10036d4580f57ec42eddcbe77537fa2f\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b1e87804eaa7e2851e6cbf5a7da1b69d\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\fdcc46e13a3fc393c667ba11f97dd7f4\mcstore.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 3025408 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\084861dd7596e032e1995fa562da9a57\mcepg.ni.dll
- 2011-06-28 06:01 . 2011-01-19 23:32 3178496 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 05:19 . 2011-05-04 22:34 3178496 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 08:00 . 2011-07-22 02:54 12273664 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-09-22 17:01 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-08-09 18:54 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-10 08:00 . 2011-07-22 05:52 17782272 c:\windows\system32\mshtml.dll
+ 2010-01-08 04:21 . 2011-09-15 17:12 47946184 c:\windows\system32\MRT.exe
+ 2011-08-10 08:00 . 2011-07-22 05:40 10886144 c:\windows\system32\ieframe.dll
+ 2011-05-19 04:06 . 2011-05-19 04:06 38672896 c:\windows\Installer\196cd8.msp
+ 2011-09-18 08:12 . 2011-09-18 08:12 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\5034d5e3f1bf120d9e61e72be6b9b013\System.ni.dll
+ 2011-09-18 20:29 . 2011-09-18 20:29 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\65c3e4d26ac857162658b81b1efffb19\System.Windows.Forms.ni.dll
+ 2011-09-18 20:33 . 2011-09-18 20:33 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\48ed28e415c976c7adfb2c5ceeaeedb2\System.ServiceModel.ni.dll
+ 2011-09-18 20:31 . 2011-09-18 20:31 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\529f1a1a0f3e9e994eb3356b55924f3c\System.Data.Entity.ni.dll
+ 2011-09-18 20:16 . 2011-09-18 20:16 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\3c24931e3b4e97b6b49c4d459ba8c552\System.Core.ni.dll
+ 2011-09-18 20:18 . 2011-09-18 20:18 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0abeeb299ca73f7afc5312a00e0bf22\PresentationFramework.ni.dll
+ 2011-09-18 20:17 . 2011-09-18 20:17 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\de5aaef4bd369972fea5ba6ff7d3e264\PresentationCore.ni.dll
+ 2011-09-18 08:05 . 2011-09-18 08:05 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\8f7f691aa155c11216387cf3420d9d1b\mscorlib.ni.dll
+ 2011-09-18 08:13 . 2011-09-18 08:13 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\56df5c322f32e926eb46047f65d0a357\System.ServiceModel.ni.dll
+ 2011-09-18 20:28 . 2011-09-18 20:28 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\093195c829c13c7ad35cb3ad43b52b6a\System.Data.Entity.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll
+ 2011-09-18 08:14 . 2011-09-18 08:14 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll
+ 2011-09-18 08:06 . 2011-09-18 08:06 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
+ 2011-08-10 08:28 . 2011-08-10 08:28 10598400 c:\windows\assembly\NativeImages_v2.0.50727_64\System\0c198700bb87dd8fd1a127c28a0b64c5\System.ni.dll
+ 2011-08-10 08:30 . 2011-08-10 08:30 17379328 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\b3f6bc2bf2e085a296d9d5f7af0f2cba\System.Windows.Forms.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 15232512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\cae385e7e9bb3cb69f410650dd107f83\System.Web.ni.dll
+ 2011-08-10 08:38 . 2011-08-10 08:38 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\725ac88272908cdf48d37c13e3047f5a\System.ServiceModel.ni.dll
+ 2011-08-10 08:41 . 2011-08-10 08:41 11898880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\5b4157837960adb02cf6270393dc5974\System.Management.Automation.ni.dll
+ 2011-08-10 08:32 . 2011-08-10 08:32 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\263b5a2a8bfc47d0ed0c555ae86970c6\System.Design.ni.dll
+ 2011-08-10 08:44 . 2011-08-10 08:44 13757952 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\3c48f6c26c1ea54b9d051cc7f2d555cc\System.Data.Entity.ni.dll
+ 2011-08-10 08:30 . 2011-08-10 08:30 19169792 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\627e4e9911a441995e181bce47a3522c\PresentationFramework.ni.dll
+ 2011-08-10 08:29 . 2011-08-10 08:29 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\25fce44a8ef6c886791c4d7f516268d0\PresentationCore.ni.dll
+ 2011-08-10 08:40 . 2011-08-10 08:40 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\bcdf5f864b0b6c1eb410aaf2ca760c8b\ehshell.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 12431360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 11807744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll
+ 2011-08-10 08:34 . 2011-08-10 08:34 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3c40b3b501f97062edd05ff330779af2\System.ServiceModel.ni.dll
+ 2011-08-10 08:27 . 2011-08-10 08:27 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a87b99435541fab7c7a58782904030f3\System.Design.ni.dll
+ 2011-08-10 08:26 . 2011-08-10 08:26 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
+ 2011-08-10 08:25 . 2011-08-10 08:25 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\196cf8.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"Facebook Update"="c:\users\Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000Core.job
- c:\users\Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 04:47]
.
2011-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000UA.job
- c:\users\Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 04:47]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 03:53]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 03:53]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000Core.job
- c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 18:32]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000UA.job
- c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 18:32]
.
2011-09-19 c:\windows\Tasks\HPCeeScheduleForLee.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-21 21:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k6u342o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,80,6a,db,e8,70,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,bf,bd,1f,64,bc,8c,40,98,cc,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,bf,bd,1f,64,bc,8c,40,98,cc,2d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2011-09-23 03:31:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 08:31
ComboFix2.txt 2011-08-09 20:56
.
Pre-Run: 80,411,693,056 bytes free
Post-Run: 80,630,714,368 bytes free
.
- - End Of File - - 5FCF8BB57FFF07A97704660A020BA50C

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 23 September 2011 - 09:44 PM

Hello

How is the computer running now?


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 vortilad

vortilad
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 24 September 2011 - 02:20 PM

It's still redirecting me, to random, virus filled sites. Here is this log:


14:14:10.0055 3456 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
14:14:10.0541 3456 ============================================================
14:14:10.0541 3456 Current date / time: 2011/09/24 14:14:10.0541
14:14:10.0541 3456 SystemInfo:
14:14:10.0541 3456
14:14:10.0541 3456 OS Version: 6.1.7600 ServicePack: 0.0
14:14:10.0541 3456 Product type: Workstation
14:14:10.0542 3456 ComputerName: LEE-PC
14:14:10.0542 3456 UserName: Lee
14:14:10.0542 3456 Windows directory: C:\Windows
14:14:10.0542 3456 System windows directory: C:\Windows
14:14:10.0542 3456 Running under WOW64
14:14:10.0542 3456 Processor architecture: Intel x64
14:14:10.0542 3456 Number of processors: 1
14:14:10.0542 3456 Page size: 0x1000
14:14:10.0542 3456 Boot type: Normal boot
14:14:10.0542 3456 ============================================================
14:14:11.0480 3456 Initialize success
14:14:13.0518 2836 ============================================================
14:14:13.0518 2836 Scan started
14:14:13.0518 2836 Mode: Manual;
14:14:13.0518 2836 ============================================================
14:14:16.0601 2836 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:14:16.0608 2836 1394ohci - ok
14:14:16.0682 2836 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:14:16.0686 2836 ACPI - ok
14:14:16.0716 2836 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:14:16.0718 2836 AcpiPmi - ok
14:14:16.0793 2836 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
14:14:16.0795 2836 adfs - ok
14:14:16.0863 2836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:14:16.0870 2836 adp94xx - ok
14:14:16.0918 2836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:14:16.0923 2836 adpahci - ok
14:14:16.0949 2836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:14:16.0952 2836 adpu320 - ok
14:14:17.0041 2836 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:14:17.0048 2836 AFD - ok
14:14:17.0147 2836 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
14:14:17.0181 2836 AgereSoftModem - ok
14:14:17.0239 2836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:14:17.0242 2836 agp440 - ok
14:14:17.0292 2836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:14:17.0293 2836 aliide - ok
14:14:17.0353 2836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:14:17.0358 2836 amdide - ok
14:14:17.0397 2836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:14:17.0398 2836 AmdK8 - ok
14:14:17.0421 2836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:14:17.0422 2836 AmdPPM - ok
14:14:17.0486 2836 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:14:17.0489 2836 amdsata - ok
14:14:17.0538 2836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:14:17.0542 2836 amdsbs - ok
14:14:17.0580 2836 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:14:17.0581 2836 amdxata - ok
14:14:17.0629 2836 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:14:17.0632 2836 AppID - ok
14:14:17.0751 2836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:14:17.0753 2836 arc - ok
14:14:17.0771 2836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:14:17.0773 2836 arcsas - ok
14:14:17.0854 2836 ASPI - ok
14:14:17.0939 2836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:14:17.0941 2836 AsyncMac - ok
14:14:17.0988 2836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:14:17.0989 2836 atapi - ok
14:14:18.0084 2836 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
14:14:18.0119 2836 athr - ok
14:14:18.0199 2836 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
14:14:18.0202 2836 AtiHdmiService - ok
14:14:18.0409 2836 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
14:14:18.0562 2836 atikmdag - ok
14:14:18.0608 2836 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:14:18.0609 2836 AtiPcie - ok
14:14:18.0693 2836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:14:18.0702 2836 b06bdrv - ok
14:14:18.0753 2836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:14:18.0758 2836 b57nd60a - ok
14:14:18.0841 2836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:14:18.0842 2836 Beep - ok
14:14:18.0924 2836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:18.0925 2836 blbdrive - ok
14:14:18.0987 2836 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:14:18.0989 2836 bowser - ok
14:14:19.0037 2836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:19.0038 2836 BrFiltLo - ok
14:14:19.0061 2836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:19.0063 2836 BrFiltUp - ok
14:14:19.0113 2836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:14:19.0119 2836 Brserid - ok
14:14:19.0147 2836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:19.0148 2836 BrSerWdm - ok
14:14:19.0169 2836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:19.0171 2836 BrUsbMdm - ok
14:14:19.0198 2836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:19.0200 2836 BrUsbSer - ok
14:14:19.0241 2836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:19.0243 2836 BTHMODEM - ok
14:14:19.0344 2836 catchme - ok
14:14:19.0410 2836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:14:19.0411 2836 cdfs - ok
14:14:19.0466 2836 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:14:19.0469 2836 cdrom - ok
14:14:19.0523 2836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:14:19.0524 2836 circlass - ok
14:14:19.0585 2836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:14:19.0591 2836 CLFS - ok
14:14:19.0690 2836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:19.0691 2836 CmBatt - ok
14:14:19.0716 2836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:14:19.0720 2836 cmdide - ok
14:14:19.0766 2836 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:14:19.0773 2836 CNG - ok
14:14:19.0827 2836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:14:19.0828 2836 Compbatt - ok
14:14:19.0872 2836 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:14:19.0874 2836 CompositeBus - ok
14:14:19.0913 2836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:19.0915 2836 crcdisk - ok
14:14:20.0011 2836 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:14:20.0013 2836 DfsC - ok
14:14:20.0054 2836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:14:20.0055 2836 discache - ok
14:14:20.0116 2836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:14:20.0119 2836 Disk - ok
14:14:20.0172 2836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:14:20.0173 2836 drmkaud - ok
14:14:20.0247 2836 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:14:20.0267 2836 DXGKrnl - ok
14:14:20.0397 2836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:14:20.0496 2836 ebdrv - ok
14:14:20.0584 2836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:14:20.0601 2836 elxstor - ok
14:14:20.0626 2836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:14:20.0627 2836 ErrDev - ok
14:14:20.0693 2836 ewusbnet (18fa0e750b1a617fb523358491948c52) C:\Windows\system32\DRIVERS\ewusbnet.sys
14:14:20.0696 2836 ewusbnet - ok
14:14:20.0746 2836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:14:20.0749 2836 exfat - ok
14:14:20.0778 2836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:14:20.0781 2836 fastfat - ok
14:14:20.0842 2836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:14:20.0843 2836 fdc - ok
14:14:20.0887 2836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:14:20.0889 2836 FileInfo - ok
14:14:20.0923 2836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:14:20.0924 2836 Filetrace - ok
14:14:20.0985 2836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:20.0987 2836 flpydisk - ok
14:14:21.0034 2836 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:14:21.0040 2836 FltMgr - ok
14:14:21.0078 2836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:14:21.0080 2836 FsDepends - ok
14:14:21.0160 2836 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:14:21.0164 2836 fssfltr - ok
14:14:21.0205 2836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:14:21.0207 2836 Fs_Rec - ok
14:14:21.0267 2836 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:14:21.0272 2836 fvevol - ok
14:14:21.0309 2836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:14:21.0310 2836 gagp30kx - ok
14:14:21.0402 2836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:14:21.0403 2836 GEARAspiWDM - ok
14:14:21.0530 2836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:14:21.0531 2836 hcw85cir - ok
14:14:21.0582 2836 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:14:21.0589 2836 HdAudAddService - ok
14:14:21.0660 2836 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:14:21.0662 2836 HDAudBus - ok
14:14:21.0700 2836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:14:21.0702 2836 HidBatt - ok
14:14:21.0751 2836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:14:21.0753 2836 HidBth - ok
14:14:21.0786 2836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:14:21.0787 2836 HidIr - ok
14:14:21.0838 2836 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:14:21.0839 2836 HidUsb - ok
14:14:21.0896 2836 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:14:21.0897 2836 HpqKbFiltr - ok
14:14:21.0970 2836 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:14:21.0973 2836 HpSAMD - ok
14:14:22.0030 2836 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:14:22.0049 2836 HTTP - ok
14:14:22.0119 2836 hwdatacard (f57e489800543b69fe196f51ca9c85b5) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:14:22.0123 2836 hwdatacard - ok
14:14:22.0152 2836 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:14:22.0153 2836 hwpolicy - ok
14:14:22.0234 2836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:14:22.0236 2836 i8042prt - ok
14:14:22.0283 2836 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:14:22.0290 2836 iaStorV - ok
14:14:22.0520 2836 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:14:22.0697 2836 igfx - ok
14:14:22.0751 2836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:14:22.0753 2836 iirsp - ok
14:14:22.0807 2836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:14:22.0833 2836 intelide - ok
14:14:23.0018 2836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:14:23.0021 2836 intelppm - ok
14:14:23.0079 2836 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:23.0081 2836 IpFilterDriver - ok
14:14:23.0113 2836 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:14:23.0115 2836 IPMIDRV - ok
14:14:23.0144 2836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:14:23.0147 2836 IPNAT - ok
14:14:23.0231 2836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:14:23.0232 2836 IRENUM - ok
14:14:23.0274 2836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:14:23.0275 2836 isapnp - ok
14:14:23.0309 2836 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:14:23.0313 2836 iScsiPrt - ok
14:14:23.0357 2836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:23.0359 2836 kbdclass - ok
14:14:23.0392 2836 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:23.0394 2836 kbdhid - ok
14:14:23.0444 2836 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:14:23.0446 2836 KSecDD - ok
14:14:23.0501 2836 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:14:23.0504 2836 KSecPkg - ok
14:14:23.0554 2836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:14:23.0555 2836 ksthunk - ok
14:14:23.0652 2836 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
14:14:23.0654 2836 Lbd - ok
14:14:23.0708 2836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:14:23.0710 2836 lltdio - ok
14:14:23.0774 2836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:23.0777 2836 LSI_FC - ok
14:14:23.0814 2836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:23.0816 2836 LSI_SAS - ok
14:14:23.0842 2836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:23.0845 2836 LSI_SAS2 - ok
14:14:23.0887 2836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:23.0890 2836 LSI_SCSI - ok
14:14:23.0944 2836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:14:23.0947 2836 luafv - ok
14:14:24.0012 2836 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys
14:14:24.0017 2836 lvpopf64 - ok
14:14:24.0095 2836 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
14:14:24.0098 2836 LVPr2M64 - ok
14:14:24.0129 2836 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
14:14:24.0131 2836 LVPr2Mon - ok
14:14:24.0194 2836 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
14:14:24.0200 2836 LVRS64 - ok
14:14:24.0408 2836 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
14:14:24.0591 2836 LVUVC64 - ok
14:14:24.0634 2836 MBAMProtector - ok
14:14:24.0683 2836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:14:24.0684 2836 megasas - ok
14:14:24.0716 2836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:24.0720 2836 MegaSR - ok
14:14:24.0790 2836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:14:24.0792 2836 Modem - ok
14:14:24.0833 2836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:14:24.0834 2836 monitor - ok
14:14:24.0866 2836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:14:24.0867 2836 mouclass - ok
14:14:24.0894 2836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:14:24.0896 2836 mouhid - ok
14:14:24.0927 2836 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:14:24.0929 2836 mountmgr - ok
14:14:24.0975 2836 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:14:24.0980 2836 mpio - ok
14:14:25.0006 2836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:14:25.0008 2836 mpsdrv - ok
14:14:25.0048 2836 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:14:25.0051 2836 MRxDAV - ok
14:14:25.0114 2836 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:25.0117 2836 mrxsmb - ok
14:14:25.0161 2836 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:25.0166 2836 mrxsmb10 - ok
14:14:25.0194 2836 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:25.0197 2836 mrxsmb20 - ok
14:14:25.0233 2836 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:14:25.0234 2836 msahci - ok
14:14:25.0281 2836 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:14:25.0284 2836 msdsm - ok
14:14:25.0342 2836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:14:25.0343 2836 Msfs - ok
14:14:25.0374 2836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:14:25.0375 2836 mshidkmdf - ok
14:14:25.0392 2836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:14:25.0393 2836 msisadrv - ok
14:14:25.0441 2836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:14:25.0443 2836 MSKSSRV - ok
14:14:25.0464 2836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:25.0465 2836 MSPCLOCK - ok
14:14:25.0491 2836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:14:25.0492 2836 MSPQM - ok
14:14:25.0533 2836 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:14:25.0539 2836 MsRPC - ok
14:14:25.0572 2836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:14:25.0574 2836 mssmbios - ok
14:14:25.0601 2836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:14:25.0602 2836 MSTEE - ok
14:14:25.0640 2836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:25.0641 2836 MTConfig - ok
14:14:25.0667 2836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:14:25.0668 2836 Mup - ok
14:14:25.0721 2836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:14:25.0726 2836 NativeWifiP - ok
14:14:25.0791 2836 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:14:25.0811 2836 NDIS - ok
14:14:25.0835 2836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:25.0837 2836 NdisCap - ok
14:14:25.0884 2836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:25.0885 2836 NdisTapi - ok
14:14:25.0917 2836 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:25.0918 2836 Ndisuio - ok
14:14:25.0943 2836 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:25.0946 2836 NdisWan - ok
14:14:25.0976 2836 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:14:25.0978 2836 NDProxy - ok
14:14:25.0998 2836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:14:26.0000 2836 NetBIOS - ok
14:14:26.0031 2836 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:14:26.0039 2836 NetBT - ok
14:14:26.0288 2836 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:14:26.0451 2836 netw5v64 - ok
14:14:26.0499 2836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:14:26.0501 2836 nfrd960 - ok
14:14:26.0526 2836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:14:26.0527 2836 Npfs - ok
14:14:26.0558 2836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:14:26.0559 2836 nsiproxy - ok
14:14:26.0660 2836 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:14:26.0732 2836 Ntfs - ok
14:14:26.0763 2836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:14:26.0773 2836 Null - ok
14:14:26.0812 2836 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:14:26.0817 2836 nvraid - ok
14:14:26.0853 2836 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:14:26.0856 2836 nvstor - ok
14:14:26.0896 2836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:14:26.0898 2836 nv_agp - ok
14:14:26.0936 2836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:14:26.0938 2836 ohci1394 - ok
14:14:27.0006 2836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:14:27.0008 2836 Parport - ok
14:14:27.0046 2836 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:14:27.0047 2836 partmgr - ok
14:14:27.0082 2836 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:14:27.0086 2836 pci - ok
14:14:27.0115 2836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:14:27.0118 2836 pciide - ok
14:14:27.0163 2836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:14:27.0168 2836 pcmcia - ok
14:14:27.0195 2836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:14:27.0196 2836 pcw - ok
14:14:27.0235 2836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:14:27.0251 2836 PEAUTH - ok
14:14:27.0353 2836 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:14:27.0355 2836 PptpMiniport - ok
14:14:27.0382 2836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:14:27.0385 2836 Processor - ok
14:14:27.0442 2836 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:14:27.0444 2836 Psched - ok
14:14:27.0530 2836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:14:27.0593 2836 ql2300 - ok
14:14:27.0629 2836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:14:27.0631 2836 ql40xx - ok
14:14:27.0666 2836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:14:27.0668 2836 QWAVEdrv - ok
14:14:27.0694 2836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:14:27.0695 2836 RasAcd - ok
14:14:27.0747 2836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:14:27.0749 2836 RasAgileVpn - ok
14:14:27.0785 2836 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:14:27.0788 2836 Rasl2tp - ok
14:14:27.0819 2836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:14:27.0825 2836 RasPppoe - ok
14:14:27.0862 2836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:14:27.0864 2836 RasSstp - ok
14:14:27.0898 2836 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:14:27.0904 2836 rdbss - ok
14:14:27.0944 2836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:14:27.0945 2836 rdpbus - ok
14:14:27.0971 2836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:14:27.0972 2836 RDPCDD - ok
14:14:28.0025 2836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:14:28.0026 2836 RDPENCDD - ok
14:14:28.0057 2836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:14:28.0058 2836 RDPREFMP - ok
14:14:28.0089 2836 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:14:28.0093 2836 RDPWD - ok
14:14:28.0143 2836 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:14:28.0147 2836 rdyboost - ok
14:14:28.0226 2836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:14:28.0228 2836 rspndr - ok
14:14:28.0284 2836 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
14:14:28.0288 2836 RSUSBSTOR - ok
14:14:28.0345 2836 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:14:28.0349 2836 RTL8167 - ok
14:14:28.0380 2836 RtsUIR - ok
14:14:28.0428 2836 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:14:28.0430 2836 sbp2port - ok
14:14:28.0480 2836 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:14:28.0481 2836 scfilter - ok
14:14:28.0565 2836 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
14:14:28.0568 2836 sdbus - ok
14:14:28.0604 2836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:14:28.0605 2836 secdrv - ok
14:14:28.0657 2836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:14:28.0658 2836 Serenum - ok
14:14:28.0685 2836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:14:28.0688 2836 Serial - ok
14:14:28.0733 2836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:14:28.0735 2836 sermouse - ok
14:14:28.0808 2836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:14:28.0809 2836 sffdisk - ok
14:14:28.0829 2836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:14:28.0831 2836 sffp_mmc - ok
14:14:28.0854 2836 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:14:28.0856 2836 sffp_sd - ok
14:14:28.0886 2836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:14:28.0888 2836 sfloppy - ok
14:14:28.0950 2836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:14:28.0952 2836 SiSRaid2 - ok
14:14:28.0978 2836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:14:28.0980 2836 SiSRaid4 - ok
14:14:29.0034 2836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:14:29.0036 2836 Smb - ok
14:14:29.0160 2836 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
14:14:29.0164 2836 SMSIVZAM5X64 - ok
14:14:29.0229 2836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:14:29.0231 2836 spldr - ok
14:14:29.0304 2836 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:14:29.0311 2836 srv - ok
14:14:29.0350 2836 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:14:29.0364 2836 srv2 - ok
14:14:29.0402 2836 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:14:29.0408 2836 SrvHsfHDA - ok
14:14:29.0477 2836 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:14:29.0512 2836 SrvHsfV92 - ok
14:14:29.0569 2836 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:14:29.0586 2836 SrvHsfWinac - ok
14:14:29.0651 2836 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:14:29.0654 2836 srvnet - ok
14:14:29.0740 2836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:14:29.0742 2836 stexstor - ok
14:14:29.0802 2836 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
14:14:29.0810 2836 STHDA - ok
14:14:29.0904 2836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:14:29.0905 2836 swenum - ok
14:14:29.0969 2836 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
14:14:29.0974 2836 SynTP - ok
14:14:30.0088 2836 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
14:14:30.0132 2836 Tcpip - ok
14:14:30.0202 2836 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
14:14:30.0214 2836 TCPIP6 - ok
14:14:30.0255 2836 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:14:30.0256 2836 tcpipreg - ok
14:14:30.0291 2836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:14:30.0293 2836 TDPIPE - ok
14:14:30.0317 2836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:14:30.0319 2836 TDTCP - ok
14:14:30.0360 2836 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:14:30.0365 2836 tdx - ok
14:14:30.0412 2836 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:14:30.0413 2836 TermDD - ok
14:14:30.0474 2836 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:14:30.0476 2836 tssecsrv - ok
14:14:30.0525 2836 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:14:30.0527 2836 tunnel - ok
14:14:30.0565 2836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:14:30.0567 2836 uagp35 - ok
14:14:30.0607 2836 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:14:30.0614 2836 udfs - ok
14:14:30.0677 2836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:14:30.0679 2836 uliagpkx - ok
14:14:30.0720 2836 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:14:30.0721 2836 umbus - ok
14:14:30.0770 2836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:14:30.0771 2836 UmPass - ok
14:14:30.0841 2836 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
14:14:30.0843 2836 USBAAPL64 - ok
14:14:30.0923 2836 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:14:30.0926 2836 usbaudio - ok
14:14:30.0970 2836 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:14:30.0973 2836 usbccgp - ok
14:14:30.0989 2836 USBCCID - ok
14:14:31.0027 2836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:14:31.0029 2836 usbcir - ok
14:14:31.0080 2836 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:14:31.0081 2836 usbehci - ok
14:14:31.0128 2836 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
14:14:31.0129 2836 usbfilter - ok
14:14:31.0174 2836 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:14:31.0179 2836 usbhub - ok
14:14:31.0195 2836 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
14:14:31.0197 2836 usbohci - ok
14:14:31.0265 2836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:14:31.0267 2836 usbprint - ok
14:14:31.0325 2836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:14:31.0328 2836 usbscan - ok
14:14:31.0353 2836 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:14:31.0355 2836 USBSTOR - ok
14:14:31.0388 2836 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:14:31.0390 2836 usbuhci - ok
14:14:31.0451 2836 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
14:14:31.0456 2836 VClone - ok
14:14:31.0513 2836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:14:31.0514 2836 vdrvroot - ok
14:14:31.0595 2836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:14:31.0598 2836 vga - ok
14:14:31.0635 2836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:14:31.0636 2836 VgaSave - ok
14:14:31.0688 2836 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:14:31.0692 2836 vhdmp - ok
14:14:31.0711 2836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:14:31.0713 2836 viaide - ok
14:14:31.0752 2836 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:14:31.0754 2836 volmgr - ok
14:14:31.0810 2836 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:14:31.0815 2836 volmgrx - ok
14:14:31.0869 2836 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:14:31.0873 2836 volsnap - ok
14:14:31.0900 2836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:14:31.0903 2836 vsmraid - ok
14:14:31.0942 2836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:14:31.0943 2836 vwifibus - ok
14:14:31.0983 2836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:14:31.0985 2836 vwififlt - ok
14:14:32.0050 2836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:14:32.0051 2836 WacomPen - ok
14:14:32.0098 2836 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:14:32.0100 2836 WANARP - ok
14:14:32.0121 2836 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:14:32.0122 2836 Wanarpv6 - ok
14:14:32.0207 2836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:14:32.0208 2836 Wd - ok
14:14:32.0242 2836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:14:32.0259 2836 Wdf01000 - ok
14:14:32.0329 2836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:14:32.0330 2836 WfpLwf - ok
14:14:32.0357 2836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:14:32.0358 2836 WIMMount - ok
14:14:32.0442 2836 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
14:14:32.0443 2836 WinUsb - ok
14:14:32.0533 2836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:14:32.0534 2836 WmiAcpi - ok
14:14:32.0600 2836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:14:32.0601 2836 ws2ifsl - ok
14:14:32.0663 2836 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:14:32.0666 2836 WudfPf - ok
14:14:32.0716 2836 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:32.0720 2836 WUDFRd - ok
14:14:32.0787 2836 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:14:32.0793 2836 yukonw7 - ok
14:14:32.0855 2836 MBR (0x1B8) (ccf4c305504c3ee040e94bda0d4d9dbc) \Device\Harddisk0\DR0
14:14:32.0860 2836 \Device\Harddisk0\DR0 - ok
14:14:32.0882 2836 Boot (0x1200) (0d4e60a7d2be80557c99da2308754a25) \Device\Harddisk0\DR0\Partition0
14:14:32.0883 2836 \Device\Harddisk0\DR0\Partition0 - ok
14:14:32.0893 2836 Boot (0x1200) (c97532cf961d36c1932d952638079a96) \Device\Harddisk0\DR0\Partition1
14:14:32.0894 2836 \Device\Harddisk0\DR0\Partition1 - ok
14:14:32.0933 2836 Boot (0x1200) (34dd5e105823968f15e29cdc84e7cbea) \Device\Harddisk0\DR0\Partition2
14:14:32.0934 2836 \Device\Harddisk0\DR0\Partition2 - ok
14:14:32.0960 2836 Boot (0x1200) (2b962a13bead5606167cc81e99f2fd85) \Device\Harddisk0\DR0\Partition3
14:14:32.0961 2836 \Device\Harddisk0\DR0\Partition3 - ok
14:14:32.0965 2836 ============================================================
14:14:32.0965 2836 Scan finished
14:14:32.0965 2836 ============================================================
14:14:32.0982 1236 Detected object count: 0
14:14:32.0983 1236 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 24 September 2011 - 02:55 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 vortilad

vortilad
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 24 September 2011 - 10:30 PM

OTL logfile created on: 9/24/2011 10:17:28 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Lee\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 57.91% Memory free
5.49 Gb Paging File | 4.25 Gb Available in Paging File | 77.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.48 Gb Total Space | 74.08 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.19 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
Drive E: | 573.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEE-PC | User Name: Lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Logitech\Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\qtxml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\qtsql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid\phonon4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (RosettaStoneLtdController) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe (Rosetta Stone Ltd.)
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (LVUVC64) Logitech HD Webcam C270(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8


IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lee\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lee\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Lee\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 10:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 16:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/27 23:06:54 | 000,000,000 | ---D | M]

[2011/08/09 13:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lee\AppData\Roaming\Mozilla\Extensions
[2011/09/23 18:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k6u342o6.default\extensions
[2011/09/23 18:52:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\k6u342o6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/03 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/27 23:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/03 19:03:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/17 11:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/07 16:52:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/16 01:44:24 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lee\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lee\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lee\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Lee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Lee\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: AT_InfectedMushroom = C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobnnindgjlefbclgkdfgjaikcdiaone\3_0\

O1 HOSTS File: ([2011/09/23 03:09:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000..\Run: [Facebook Update] C:\Users\Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310C8C1D-191F-4CD6-9459-23A80EF93D54}: DhcpNameServer = 97.64.183.164 97.64.209.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8}: DhcpNameServer = 97.64.183.164 97.64.209.37
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/05/30 14:01:14 | 000,000,155 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/06/18 05:21:20 | 001,900,544 | R--- | M] (Impressions Games) - E:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/24 22:16:10 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Lee\Desktop\OTL.exe
[2011/09/24 14:13:58 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lee\Desktop\tdsskiller.exe
[2011/09/23 15:49:18 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\{96E30B92-4D56-4892-B312-164C89A2B6F0}
[2011/09/23 15:49:06 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\{6F6B99D1-4CA7-468C-AE12-54DAD99C6CA5}
[2011/09/23 14:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/09/23 12:30:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/23 03:32:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/23 02:19:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/23 02:19:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/23 02:17:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/23 02:11:28 | 004,237,365 | R--- | C] (Swearware) -- C:\Users\Lee\Desktop\ComboFix.exe
[2011/09/21 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\{A2E17AE2-6A91-4F00-8101-E8F0623EC142}
[2011/09/21 17:00:14 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\{2EB69D10-8382-4421-AABF-DB68800D9224}
[2011/09/21 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\Lee\Desktop\School 2011 Fall
[2011/09/21 03:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/09/15 23:47:08 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\Facebook
[2011/09/15 23:47:03 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Lee\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/09/11 22:55:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lee\Desktop\dds.scr
[2011/09/11 15:56:01 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\{FC5F334A-B83A-414D-9A96-169D6C3E4C7A}
[2011/09/08 15:22:32 | 000,000,000 | ---D | C] -- C:\Users\Lee\Desktop\Phillip junk
[2011/09/05 13:32:39 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/03 19:03:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/03 19:03:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/03 19:03:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/29 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\Lee\AppData\Local\{2735B6C2-EC43-4233-9D99-B74CA24A104B}
[2011/08/26 20:35:07 | 000,000,000 | ---D | C] -- C:\b70fcd687d6bc6c1ac5758b2136e3a7b
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 22:20:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 22:16:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 22:16:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 22:16:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Lee\Desktop\OTL.exe
[2011/09/24 22:12:29 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 22:12:29 | 000,633,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 22:12:29 | 000,110,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 22:08:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/24 22:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 22:07:45 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 20:52:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000UA.job
[2011/09/24 20:37:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000UA.job
[2011/09/24 14:14:03 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lee\Desktop\tdsskiller.exe
[2011/09/24 13:47:34 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000Core.job
[2011/09/23 15:45:20 | 000,009,216 | ---- | M] () -- C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 14:36:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/23 14:36:20 | 000,001,165 | ---- | M] () -- C:\Users\Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/23 03:09:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/23 02:11:31 | 004,237,365 | R--- | M] (Swearware) -- C:\Users\Lee\Desktop\ComboFix.exe
[2011/09/23 01:28:33 | 004,387,661 | ---- | M] () -- C:\Users\Lee\Desktop\IMG_4517.JPG
[2011/09/23 01:20:50 | 001,521,177 | ---- | M] () -- C:\Users\Lee\Desktop\IMG_4474.JPG
[2011/09/23 01:17:28 | 000,581,978 | ---- | M] () -- C:\Users\Lee\Desktop\IMG_4456.JPG
[2011/09/22 23:52:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000Core.job
[2011/09/22 22:00:53 | 001,103,873 | ---- | M] () -- C:\Users\Lee\Desktop\IMAG0291.jpg
[2011/09/22 18:07:57 | 000,008,280 | ---- | M] () -- C:\Users\Lee\Desktop\5496.png
[2011/09/21 18:04:28 | 000,005,921 | ---- | M] () -- C:\Users\Lee\Documents\My Movie.wlmp
[2011/09/21 16:57:19 | 000,968,411 | ---- | M] () -- C:\Users\Lee\Desktop\BLO MTM KORE.mp3
[2011/09/21 14:40:07 | 000,073,304 | ---- | M] () -- C:\Users\Lee\Desktop\the newer thing.jpg
[2011/09/20 22:38:16 | 000,002,389 | ---- | M] () -- C:\Users\Lee\Desktop\Google Chrome.lnk
[2011/09/18 23:04:39 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLee.job
[2011/09/16 15:18:13 | 000,018,953 | ---- | M] () -- C:\Users\Lee\Desktop\313005_10150298099408160_514578159_8035834_346164895_n.jpg
[2011/09/15 23:47:04 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Lee\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/09/15 13:20:16 | 000,000,162 | -H-- | M] () -- C:\Users\Lee\Desktop\~$stfood web homework.rtf
[2011/09/14 14:21:30 | 000,000,162 | -H-- | M] () -- C:\Users\Lee\Desktop\~$illips_Resume.rtf
[2011/09/13 14:30:12 | 000,049,411 | ---- | M] () -- C:\Users\Lee\Desktop\Phillips_Resume.rtf
[2011/09/11 22:55:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lee\Desktop\dds.scr
[2011/09/11 22:29:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/11 13:50:55 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/08 15:28:37 | 000,000,162 | -H-- | M] () -- C:\Users\Lee\Desktop\~$alth History.rtf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/23 15:55:49 | 002,019,394 | ---- | C] () -- C:\Users\Lee\Desktop\Evanescence - Bring Me To Life Dj Toxa Electro Mix 2010.mp3
[2011/09/23 15:55:41 | 003,275,811 | ---- | C] () -- C:\Users\Lee\Desktop\Madeon - Pop Culture live mashup.mp3
[2011/09/23 15:55:36 | 003,226,492 | ---- | C] () -- C:\Users\Lee\Desktop\Katy-Perry---E-T---Futuristic-Lover---Benny-Benassi-Radio-Edit--Official.mp3
[2011/09/23 15:55:29 | 009,961,976 | ---- | C] () -- C:\Users\Lee\Desktop\jonsi-around_us-(blarsa_remix).mp3
[2011/09/23 15:46:23 | 250,882,871 | ---- | C] () -- C:\Users\Lee\Desktop\VIDEO0021.3gp
[2011/09/23 14:36:20 | 000,001,165 | ---- | C] () -- C:\Users\Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/23 02:19:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/23 02:19:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/23 02:19:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/23 02:19:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/23 02:19:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/23 01:28:32 | 004,387,661 | ---- | C] () -- C:\Users\Lee\Desktop\IMG_4517.JPG
[2011/09/23 01:20:49 | 001,521,177 | ---- | C] () -- C:\Users\Lee\Desktop\IMG_4474.JPG
[2011/09/23 01:17:28 | 000,581,978 | ---- | C] () -- C:\Users\Lee\Desktop\IMG_4456.JPG
[2011/09/22 22:00:52 | 001,103,873 | ---- | C] () -- C:\Users\Lee\Desktop\IMAG0291.jpg
[2011/09/22 18:07:55 | 000,008,280 | ---- | C] () -- C:\Users\Lee\Desktop\5496.png
[2011/09/21 18:04:28 | 000,005,921 | ---- | C] () -- C:\Users\Lee\Documents\My Movie.wlmp
[2011/09/21 16:57:16 | 000,968,411 | ---- | C] () -- C:\Users\Lee\Desktop\BLO MTM KORE.mp3
[2011/09/21 14:40:07 | 000,073,304 | ---- | C] () -- C:\Users\Lee\Desktop\the newer thing.jpg
[2011/09/16 15:18:12 | 000,018,953 | ---- | C] () -- C:\Users\Lee\Desktop\313005_10150298099408160_514578159_8035834_346164895_n.jpg
[2011/09/15 23:47:13 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000UA.job
[2011/09/15 23:47:12 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000Core.job
[2011/09/15 13:20:16 | 000,000,162 | -H-- | C] () -- C:\Users\Lee\Desktop\~$stfood web homework.rtf
[2011/09/14 14:21:30 | 000,000,162 | -H-- | C] () -- C:\Users\Lee\Desktop\~$illips_Resume.rtf
[2011/09/13 14:22:55 | 000,049,411 | ---- | C] () -- C:\Users\Lee\Desktop\Phillips_Resume.rtf
[2011/09/08 15:28:37 | 000,000,162 | -H-- | C] () -- C:\Users\Lee\Desktop\~$alth History.rtf
[2011/09/05 13:32:45 | 000,002,389 | ---- | C] () -- C:\Users\Lee\Desktop\Google Chrome.lnk
[2011/09/05 13:32:07 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000UA.job
[2011/09/05 13:32:06 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3260367747-3519056791-2037069027-1000Core.job
[2011/08/23 12:21:08 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/23 12:21:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/08/18 00:36:41 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/18 00:36:41 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/18 00:36:41 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/08/18 00:08:29 | 000,000,334 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/08/08 21:27:59 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/08/08 21:27:58 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/08/08 21:27:16 | 000,000,336 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/05/24 11:08:17 | 000,000,091 | -H-- | C] () -- C:\Users\Lee\AppData\Local\fusioncache.dat
[2011/04/22 15:33:27 | 000,008,884 | -HS- | C] () -- C:\ProgramData\d7pn6113367ma77ot8s28ry8ea5d377u5ya3c35x36mll6
[2011/04/22 15:33:27 | 000,008,864 | -HS- | C] () -- C:\Users\Lee\AppData\Local\d7pn6113367ma77ot8s28ry8ea5d377u5ya3c35x36mll6
[2011/04/17 00:36:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/28 22:26:42 | 000,757,504 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/02/06 19:34:35 | 000,009,216 | ---- | C] () -- C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 04:11:25 | 000,000,296 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/09/01 04:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/30 17:43:34 | 001,286,152 | ---- | C] () -- C:\Windows\SysWow64\msxml4.dll
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 25 September 2011 - 01:49 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-3260367747-3519056791-2037069027-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2
    [2011/08/08 21:27:59 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/08/08 21:27:58 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/08/08 21:27:16 | 000,000,336 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2011/04/22 15:33:27 | 000,008,884 | -HS- | C] () -- C:\ProgramData\d7pn6113367ma77ot8s28ry8ea5d377u5ya3c35x36mll6
    [2011/04/22 15:33:27 | 000,008,864 | -HS- | C] () -- C:\Users\Lee\AppData\Local\d7pn6113367ma77ot8s28ry8ea5d377u5ya3c35x36mll6
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 vortilad

vortilad
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 26 September 2011 - 01:17 AM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3260367747-3519056791-2037069027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\Temp:0B174FAE deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
C:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully.
C:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully.
C:\ProgramData\P1kAlMiG2Kb7Fz moved successfully.
C:\ProgramData\d7pn6113367ma77ot8s28ry8ea5d377u5ya3c35x36mll6 moved successfully.
C:\Users\Lee\AppData\Local\d7pn6113367ma77ot8s28ry8ea5d377u5ya3c35x36mll6 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lee\Desktop\cmd.bat deleted successfully.
C:\Users\Lee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lee
->Temp folder emptied: 2905145 bytes
->Temporary Internet Files folder emptied: 289799475 bytes
->Java cache emptied: 1247100 bytes
->FireFox cache emptied: 45741023 bytes
->Google Chrome cache emptied: 6202203 bytes
->Flash cache emptied: 4245972 bytes

User: Mcx1-LEE-PC
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 181760 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84659 bytes
RecycleBin emptied: 436197 bytes

Total Files Cleaned = 335.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Lee
->Flash cache emptied: 0 bytes

User: Mcx1-LEE-PC

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_005851

Files\Folders moved on Reboot...
C:\Users\Lee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G826414Y\complete[1].htm not found!
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\urlclassifier3.sqlite moved successfully.
C:\Users\Lee\AppData\Local\Mozilla\Firefox\Profiles\k6u342o6.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 26 September 2011 - 01:27 AM

How are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 vortilad

vortilad
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 26 September 2011 - 02:27 AM

Still being redirected :(

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 26 September 2011 - 02:50 AM

Hello


Does it happen in both firefox and IE?

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users