Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.AVKillsvc.e infecting my Windows7 64bit (I think)


  • This topic is locked This topic is locked
7 replies to this topic

#1 BlackBeard0

BlackBeard0

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 September 2011 - 11:07 AM

I'm running Windows 7 64bit on my Inspiron N4010 laptop. My warranty just ran out like 3 weeks ago...So I'm here. I installed WinClam Portable and Spybot Portable I got from PortableApps.com on a flash drive via a secondary computer. I ran the Antivirus(I also ran AVG 2012 at 1st. and the system restated itself before it could finish, so I tried running AntiVirus from a flashdrive) and it came back with nothing, next I ran the spybot and it came back with this trojan that calls itself Win32.AVKillsvc.e so I fix and puge it then restart the system (thought I was home free!) Same problem...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 8.0.7600.16385
Run by Naim at 10:36:50 on 2011-09-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.3485 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = g.msn.com/USCON/1
uDefault_Page_URL = g.msn.com/USCON/1
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100809142529.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Google Update] "C:\Users\Naim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [SpybotDeletingB3956] command.com /c del "C:\WINDOWS\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD4861] cmd.exe /c del "C:\WINDOWS\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Naim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{604575CE-9009-41F7-AD1C-4F9C9D57FBFF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{66177686-ABA4-47B2-9682-28E122CBD3D2} : DhcpNameServer = 192.168.2.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: jifdorh - C:\Windows\system32\config\systemprofile\AppData\Local\jifdorh.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100809142529.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-9 98208]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-8-19 2399560]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-8-16 5264736]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-14 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-14 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-14 355440]
S2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-9 199032]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-9 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-9 148520]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-9 705856]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-9 2320920]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-14 355440]
.
=============== Created Last 30 ================
.
2011-09-12 02:01:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-11 23:55:17 108032 ----a-w- C:\Windows\SysWow64\~GLH0026.TMP
2011-09-11 23:55:12 458840 ----a-w- C:\Windows\System32\drivers\~GLH0023.TMP
2011-09-11 23:54:58 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys
2011-09-11 23:54:55 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-09-11 23:52:43 -------- d-----w- C:\ProgramData\CheckPoint
2011-09-11 23:52:25 -------- d-----w- C:\Windows\Internet Logs
2011-09-11 16:25:20 -------- d-----we C:\Windows\system64
2011-09-11 16:14:46 -------- d-----w- C:\Users\Naim\AppData\Local\ElevatedDiagnostics
2011-09-10 00:33:44 -------- d-----w- C:\Users\Naim\AppData\Roaming\AVG2012
2011-09-10 00:33:40 -------- d--h--w- C:\ProgramData\Common Files
2011-09-10 00:33:11 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-09-10 00:32:29 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-09-10 00:32:29 -------- d-----w- C:\ProgramData\AVG2012
2011-09-10 00:31:36 -------- d-----w- C:\Program Files (x86)\AVG
2011-09-10 00:26:12 -------- d-----w- C:\ProgramData\MFAData
2011-09-09 22:56:36 -------- d-----w- C:\Users\Naim\AppData\Local\Google
2011-09-09 22:55:54 -------- d-----w- C:\Users\Naim\AppData\Local\Deployment
2011-09-09 22:55:54 -------- d-----w- C:\Users\Naim\AppData\Local\Apps
2011-09-09 22:44:30 -------- d-----w- C:\Users\Naim\My Backup Files
2011-09-09 22:42:24 -------- d-----w- C:\Users\Naim\AppData\Roaming\Dell
2011-09-09 22:40:52 -------- d-----w- C:\Users\Naim\AppData\Local\ATI
2011-09-09 22:40:39 -------- d-----w- C:\Users\Naim\AppData\Local\DataSafeOnline
2011-09-09 22:40:08 -------- d-----w- C:\Users\Naim\AppData\Local\SupportSoft
2011-09-09 22:39:49 -------- d-----w- C:\Users\Naim\AppData\Local\Stardock_Corporation
2011-09-09 22:38:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-09 22:38:12 -------- d-----w- C:\Users\Naim\AppData\Local\VirtualStore
2011-09-09 22:33:26 -------- d-----w- C:\Users\Naim\AppData\Local\Dell Edoc Viewer
2011-09-09 22:22:33 -------- d-----w- C:\Emergency
2011-09-09 21:44:25 -------- d-----w- C:\Windows\SMINST
.
==================== Find3M ====================
.
2011-08-08 11:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-07-11 06:14:36 375376 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-07-11 06:14:08 29776 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-07-11 06:14:06 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-07-11 06:14:06 120400 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-07-11 06:13:44 282704 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-07-11 06:13:42 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 10:38:46.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 19 September 2011 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please run these tool in the order listed.
Post the logs when completed and let me know what problem persists.

#3 BlackBeard0

BlackBeard0
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 20 September 2011 - 04:45 PM

aswMBR log:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-20 14:21:59
-----------------------------
14:21:59.754 OS Version: Windows x64 6.1.7600
14:21:59.754 Number of processors: 4 586 0x2505
14:21:59.769 ComputerName: NAIM-PC UserName: Naim
14:22:01.080 Initialize success
14:22:07.335 AVAST engine download error: 0
14:30:03.105 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:30:03.120 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:30:03.120 Device \Driver\iaStor -> MajorFunction fffffa8004b786c0
14:30:05.133 Disk 0 MBR read successfully
14:30:05.133 Disk 0 MBR scan
14:30:05.133 Disk 0 TDL4@MBR code has been found
14:30:05.133 Disk 0 Windows 7 default MBR code found via API
14:30:05.133 Disk 0 MBR hidden
14:30:05.133 Disk 0 MBR [TDL4] **ROOTKIT**
14:30:05.133 Disk 0 trace - called modules:
14:30:05.164 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004b786c0]<<
14:30:05.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003b61060]
14:30:05.164 3 CLASSPNP.SYS[fffff880011b643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004944050]
14:30:05.164 \Driver\iaStor[0xfffffa8004a63870] -> IRP_MJ_CREATE -> 0xfffffa8004b786c0
14:30:05.164 Scan finished successfully
14:31:53.475 Disk 0 MBR has been saved successfully to "C:\Users\Naim\Desktop\MBR.dat"
14:31:53.491 The log file has been saved successfully to "C:\Users\Naim\Desktop\aswMBR.txt"

TDSSKiller log:

2011/09/20 14:34:55.0013 0948 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/20 14:34:55.0231 0948 ================================================================================
2011/09/20 14:34:55.0231 0948 SystemInfo:
2011/09/20 14:34:55.0231 0948
2011/09/20 14:34:55.0231 0948 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/20 14:34:55.0231 0948 Product type: Workstation
2011/09/20 14:34:55.0231 0948 ComputerName: NAIM-PC
2011/09/20 14:34:55.0247 0948 UserName: Naim
2011/09/20 14:34:55.0247 0948 Windows directory: C:\Windows
2011/09/20 14:34:55.0247 0948 System windows directory: C:\Windows
2011/09/20 14:34:55.0247 0948 Running under WOW64
2011/09/20 14:34:55.0247 0948 Processor architecture: Intel x64
2011/09/20 14:34:55.0247 0948 Number of processors: 4
2011/09/20 14:34:55.0247 0948 Page size: 0x1000
2011/09/20 14:34:55.0247 0948 Boot type: Safe boot
2011/09/20 14:34:55.0247 0948 ================================================================================
2011/09/20 14:34:55.0668 0948 Initialize success
2011/09/20 14:35:30.0362 1144 ================================================================================
2011/09/20 14:35:30.0362 1144 Scan started
2011/09/20 14:35:30.0362 1144 Mode: Manual;
2011/09/20 14:35:30.0362 1144 ================================================================================
2011/09/20 14:35:31.0049 1144 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/20 14:35:31.0563 1144 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/20 14:35:32.0094 1144 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/20 14:35:32.0593 1144 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/20 14:35:33.0233 1144 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/20 14:35:33.0779 1144 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/20 14:35:34.0403 1144 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/20 14:35:35.0011 1144 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/20 14:35:35.0510 1144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/20 14:35:36.0025 1144 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/20 14:35:36.0540 1144 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/20 14:35:37.0211 1144 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/09/20 14:35:37.0944 1144 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/20 14:35:38.0474 1144 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/20 14:35:39.0020 1144 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/20 14:35:39.0535 1144 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/20 14:35:40.0097 1144 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/20 14:35:40.0596 1144 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/20 14:35:41.0142 1144 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/20 14:35:41.0657 1144 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/20 14:35:42.0187 1144 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/20 14:35:42.0702 1144 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/20 14:35:43.0232 1144 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/20 14:35:43.0794 1144 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/09/20 14:35:44.0355 1144 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/20 14:35:44.0948 1144 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/20 14:35:45.0463 1144 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/20 14:35:46.0009 1144 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/09/20 14:35:46.0571 1144 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/09/20 14:35:47.0132 1144 Avgrkx64 (5a7aa579d4fa072fb9715f8d83eb1f00) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/09/20 14:35:47.0647 1144 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/09/20 14:35:48.0302 1144 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/20 14:35:48.0911 1144 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/20 14:35:49.0566 1144 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/09/20 14:35:50.0221 1144 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
2011/09/20 14:35:50.0736 1144 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/20 14:35:51.0266 1144 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/20 14:35:51.0781 1144 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/20 14:35:52.0311 1144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/20 14:35:52.0842 1144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/20 14:35:53.0372 1144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/20 14:35:53.0981 1144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/20 14:35:54.0495 1144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/20 14:35:55.0057 1144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/20 14:35:55.0587 1144 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/20 14:35:56.0133 1144 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/20 14:35:56.0664 1144 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/20 14:35:57.0225 1144 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/09/20 14:35:57.0834 1144 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/20 14:35:58.0364 1144 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
2011/09/20 14:35:58.0863 1144 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/09/20 14:35:59.0394 1144 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/20 14:35:59.0924 1144 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/20 14:36:00.0439 1144 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/20 14:36:00.0954 1144 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/20 14:36:01.0469 1144 cfwids (735f1cf0175cc510d1bf28eb2ea74c4c) C:\Windows\system32\drivers\cfwids.sys
2011/09/20 14:36:01.0968 1144 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/20 14:36:02.0373 1144 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/20 14:36:02.0935 1144 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/20 14:36:03.0465 1144 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/20 14:36:03.0996 1144 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/20 14:36:04.0542 1144 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/20 14:36:05.0057 1144 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/20 14:36:05.0587 1144 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/20 14:36:06.0133 1144 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/09/20 14:36:06.0695 1144 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/20 14:36:07.0272 1144 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/20 14:36:07.0771 1144 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/20 14:36:08.0348 1144 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/20 14:36:08.0879 1144 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/20 14:36:09.0534 1144 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/20 14:36:10.0220 1144 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/20 14:36:10.0813 1144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/20 14:36:11.0359 1144 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/20 14:36:11.0936 1144 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/20 14:36:12.0529 1144 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/20 14:36:13.0169 1144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/20 14:36:13.0761 1144 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/20 14:36:14.0339 1144 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/20 14:36:14.0853 1144 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/20 14:36:15.0399 1144 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/20 14:36:15.0914 1144 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/20 14:36:16.0429 1144 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/20 14:36:16.0944 1144 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/20 14:36:17.0505 1144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/20 14:36:18.0005 1144 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/20 14:36:18.0535 1144 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/09/20 14:36:19.0034 1144 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/20 14:36:19.0580 1144 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/20 14:36:20.0064 1144 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/20 14:36:20.0579 1144 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/20 14:36:21.0125 1144 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/20 14:36:21.0655 1144 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/20 14:36:22.0170 1144 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/20 14:36:22.0700 1144 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/20 14:36:23.0184 1144 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/20 14:36:23.0699 1144 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/20 14:36:24.0260 1144 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/20 14:36:24.0791 1144 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/09/20 14:36:25.0321 1144 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/20 14:36:25.0914 1144 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/20 14:36:26.0429 1144 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/20 14:36:26.0959 1144 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/20 14:36:27.0552 1144 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/20 14:36:28.0067 1144 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/20 14:36:28.0628 1144 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/20 14:36:29.0112 1144 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/20 14:36:29.0627 1144 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/20 14:36:30.0110 1144 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/20 14:36:30.0641 1144 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/20 14:36:31.0140 1144 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/20 14:36:31.0701 1144 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/20 14:36:32.0201 1144 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/20 14:36:32.0731 1144 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/09/20 14:36:33.0246 1144 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/20 14:36:33.0839 1144 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/20 14:36:34.0353 1144 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/20 14:36:34.0884 1144 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/20 14:36:35.0383 1144 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/20 14:36:35.0913 1144 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/20 14:36:36.0491 1144 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/20 14:36:37.0005 1144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/20 14:36:37.0536 1144 mfeapfk (0e7c21761af136cc69ab4c70af0e1afb) C:\Windows\system32\drivers\mfeapfk.sys
2011/09/20 14:36:38.0066 1144 mfeavfk (940322eef87fccce14aeb2e2e3010d6b) C:\Windows\system32\drivers\mfeavfk.sys
2011/09/20 14:36:38.0612 1144 mfefirek (e28b633fc5ca7449b67b9e3204143d82) C:\Windows\system32\drivers\mfefirek.sys
2011/09/20 14:36:39.0174 1144 mfehidk (d4d7bd28b9b407f0b2ba6579de689dec) C:\Windows\system32\drivers\mfehidk.sys
2011/09/20 14:36:39.0813 1144 mfenlfk (c0b72f83e453b883d0c56be99f161edf) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/09/20 14:36:40.0297 1144 mferkdet (e284a06b2c3493cde22aa9b31b123b57) C:\Windows\system32\drivers\mferkdet.sys
2011/09/20 14:36:40.0843 1144 mfewfpk (b8d41fdb7262f758dc498cfee44e513b) C:\Windows\system32\drivers\mfewfpk.sys
2011/09/20 14:36:41.0373 1144 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/20 14:36:41.0935 1144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/20 14:36:42.0465 1144 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/20 14:36:42.0996 1144 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/20 14:36:43.0526 1144 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/20 14:36:44.0041 1144 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/20 14:36:44.0540 1144 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/20 14:36:45.0055 1144 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/20 14:36:45.0570 1144 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/20 14:36:46.0100 1144 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/20 14:36:46.0646 1144 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/20 14:36:47.0161 1144 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/20 14:36:47.0785 1144 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/20 14:36:48.0331 1144 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/20 14:36:48.0846 1144 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/20 14:36:49.0345 1144 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/20 14:36:50.0016 1144 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/20 14:36:50.0531 1144 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/20 14:36:51.0061 1144 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/20 14:36:51.0592 1144 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/20 14:36:52.0184 1144 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/20 14:36:52.0699 1144 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/20 14:36:53.0198 1144 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/20 14:36:53.0698 1144 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/20 14:36:54.0228 1144 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/20 14:36:54.0821 1144 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/20 14:36:55.0320 1144 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/20 14:36:55.0866 1144 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/20 14:36:56.0365 1144 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/20 14:36:56.0911 1144 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/20 14:36:57.0426 1144 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/20 14:36:57.0956 1144 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/20 14:36:58.0471 1144 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/20 14:36:59.0017 1144 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/20 14:36:59.0516 1144 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/20 14:37:00.0062 1144 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/20 14:37:00.0593 1144 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/20 14:37:01.0201 1144 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/20 14:37:01.0700 1144 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/20 14:37:02.0231 1144 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/20 14:37:02.0730 1144 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/20 14:37:03.0245 1144 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/20 14:37:03.0728 1144 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/20 14:37:04.0243 1144 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/20 14:37:04.0742 1144 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/20 14:37:05.0257 1144 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/20 14:37:05.0756 1144 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/20 14:37:06.0287 1144 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/20 14:37:06.0786 1144 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/20 14:37:07.0426 1144 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/20 14:37:07.0925 1144 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/20 14:37:08.0424 1144 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/20 14:37:08.0923 1144 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/20 14:37:09.0469 1144 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/20 14:37:10.0046 1144 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/20 14:37:10.0546 1144 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/20 14:37:11.0029 1144 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/20 14:37:11.0497 1144 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/20 14:37:12.0043 1144 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/20 14:37:12.0542 1144 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/20 14:37:13.0010 1144 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/20 14:37:13.0525 1144 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/20 14:37:14.0040 1144 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/20 14:37:14.0524 1144 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/20 14:37:15.0023 1144 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/20 14:37:15.0538 1144 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/20 14:37:16.0037 1144 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/20 14:37:16.0552 1144 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/20 14:37:17.0113 1144 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/20 14:37:17.0659 1144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/20 14:37:18.0236 1144 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/20 14:37:18.0736 1144 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/20 14:37:19.0266 1144 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/20 14:37:19.0874 1144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/20 14:37:20.0467 1144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/20 14:37:20.0982 1144 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/20 14:37:21.0528 1144 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/20 14:37:22.0090 1144 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/20 14:37:22.0604 1144 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/20 14:37:23.0182 1144 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/20 14:37:23.0681 1144 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/20 14:37:24.0227 1144 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/20 14:37:24.0742 1144 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/20 14:37:25.0272 1144 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/20 14:37:25.0771 1144 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/20 14:37:26.0348 1144 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
2011/09/20 14:37:26.0941 1144 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/20 14:37:27.0534 1144 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/20 14:37:28.0033 1144 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/20 14:37:28.0626 1144 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/20 14:37:29.0141 1144 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/20 14:37:29.0702 1144 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/09/20 14:37:30.0389 1144 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/20 14:37:30.0904 1144 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/20 14:37:31.0465 1144 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/20 14:37:31.0855 1144 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/20 14:37:31.0902 1144 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/20 14:37:31.0949 1144 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/20 14:37:31.0996 1144 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/20 14:37:32.0557 1144 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/20 14:37:33.0041 1144 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
2011/09/20 14:37:33.0556 1144 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/20 14:37:34.0055 1144 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/20 14:37:34.0616 1144 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/20 14:37:35.0116 1144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/20 14:37:35.0662 1144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/20 14:37:36.0208 1144 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/20 14:37:36.0722 1144 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/20 14:37:37.0222 1144 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/20 14:37:37.0752 1144 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/20 14:37:38.0298 1144 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/20 14:37:38.0813 1144 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/20 14:37:39.0312 1144 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/20 14:37:39.0827 1144 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/20 14:37:40.0342 1144 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/20 14:37:40.0856 1144 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/20 14:37:41.0371 1144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/20 14:37:41.0855 1144 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/20 14:37:42.0354 1144 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/20 14:37:42.0869 1144 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/20 14:37:43.0368 1144 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/20 14:37:43.0883 1144 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/20 14:37:44.0413 1144 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/20 14:37:45.0006 1144 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/09/20 14:37:45.0599 1144 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/20 14:37:46.0098 1144 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/20 14:37:46.0628 1144 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/20 14:37:47.0206 1144 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/20 14:37:47.0720 1144 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/20 14:37:47.0736 1144 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/20 14:37:48.0251 1144 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/20 14:37:48.0812 1144 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/20 14:37:49.0405 1144 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/20 14:37:49.0920 1144 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/20 14:37:50.0419 1144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/20 14:37:51.0043 1144 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/20 14:37:51.0558 1144 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/20 14:37:52.0088 1144 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/09/20 14:37:52.0634 1144 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/20 14:37:52.0712 1144 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/09/20 14:37:52.0712 1144 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/20 14:37:52.0712 1144 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
2011/09/20 14:38:00.0154 1144 Boot (0x1200) (836dccc9841d3bd1ada993f80295c293) \Device\Harddisk0\DR0\Partition0
2011/09/20 14:38:00.0169 1144 Boot (0x1200) (bb14ee8745498d2317f6879f7f6031a2) \Device\Harddisk0\DR0\Partition1
2011/09/20 14:38:00.0185 1144 Boot (0x1200) (5f04faa414e98722cbc5e899ab8e04d9) \Device\Harddisk1\DR1\Partition0
2011/09/20 14:38:00.0200 1144 ================================================================================
2011/09/20 14:38:00.0200 1144 Scan finished
2011/09/20 14:38:00.0200 1144 ================================================================================
2011/09/20 14:38:00.0200 1564 Detected object count: 1
2011/09/20 14:38:00.0200 1564 Actual detected object count: 1
2011/09/20 14:38:14.0022 1564 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/20 14:38:14.0022 1564 \Device\Harddisk0\DR0 - ok
2011/09/20 14:38:14.0038 1564 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/20 14:38:47.0266 1508 Deinitialize success

ComboFix text file:
ComboFix 11-09-20.04 - Naim 09/20/2011 15:42:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2556 [GMT -5:00]
Running from: c:\users\Naim\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))
.
.
2011-09-20 21:03 . 2011-09-20 21:03 -------- d-----w- c:\windows\system32\WAT
2011-09-20 20:55 . 2011-09-20 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-12 02:01 . 2011-09-12 03:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-11 23:55 . 2011-03-18 06:24 108032 ----a-w- c:\windows\SysWow64\~GLH0026.TMP
2011-09-11 23:55 . 2010-05-15 21:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-09-11 23:54 . 2010-05-15 21:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-09-11 23:54 . 2011-09-11 23:54 -------- d-----w- c:\program files (x86)\Zone Labs
2011-09-11 23:52 . 2011-09-11 23:52 -------- d-----w- c:\programdata\CheckPoint
2011-09-11 23:52 . 2011-09-11 23:55 -------- d-----w- c:\windows\Internet Logs
2011-09-10 00:33 . 2011-09-10 00:33 -------- d--h--w- c:\programdata\Common Files
2011-09-10 00:33 . 2011-09-10 00:33 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-10 00:32 . 2011-09-20 20:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-10 00:32 . 2011-09-10 00:46 -------- d-----w- c:\programdata\AVG2012
2011-09-10 00:31 . 2011-09-10 00:31 -------- d-----w- c:\program files (x86)\AVG
2011-09-10 00:26 . 2011-09-20 20:38 -------- d-----w- c:\programdata\MFAData
2011-09-09 22:31 . 2011-09-19 19:11 -------- d-----w- c:\users\Naim
2011-09-09 22:22 . 2011-09-09 22:29 -------- d-----w- C:\Emergency
2011-09-09 21:44 . 2011-09-09 21:44 -------- d-----w- c:\windows\SMINST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 11:08 . 2011-08-08 11:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-11 06:14 . 2011-07-11 06:14 375376 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-07-11 06:14 . 2011-07-11 06:14 29776 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 06:14 . 2011-07-11 06:14 26704 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 06:14 . 2011-07-11 06:14 120400 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 06:13 . 2011-07-11 06:13 282704 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-07-11 06:13 . 2011-07-11 06:13 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-10 560128]
.
c:\users\Naim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jifdorh]
2011-09-11 16:23 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
3;2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349825972-939962816-1972536222-1000Core.job
- c:\users\Naim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 22:56]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349825972-939962816-1972536222-1000UA.job
- c:\users\Naim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 22:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"combofix"="c:\combofix\CF9390.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Java\jre6\bin\java.exe
c:\windows\SysWOW64\wscript.exe
.
**************************************************************************
.
Completion time: 2011-09-20 16:14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-20 21:14
.
Pre-Run: 438,154,096,640 bytes free
Post-Run: 443,081,109,504 bytes free
.
- - End Of File - - CC09B4471D08A9D6BEA93DDE7F6A3541

It has started up normally, i've tried doing a couple things and nothing weird has happened.... is it safe to make a back up image of my HD now?

Attached Files

  • Attached File  MBR.zip   579bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 21 September 2011 - 06:59 AM

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jifdorh]



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

It has started up normally, i've tried doing a couple things and nothing weird has happened.... is it safe to make a back up image of my HD now?


Not just now. Wait until I clear this computer.

#5 BlackBeard0

BlackBeard0
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 21 September 2011 - 09:27 AM

CF Script/ComboFix Log:


ComboFix 11-09-21.02 - Naim 09/21/2011 9:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2464 [GMT -4:00]
Running from: c:\users\Naim\Desktop\ComboFix.exe
Command switches used :: c:\users\Naim\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 13:58 . 2011-09-21 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 13:32 . 2011-09-21 13:32 -------- d-----w- c:\program files (x86)\7-Zip
2011-09-21 13:26 . 2011-09-21 13:26 -------- d-----w- c:\windows\SysWow64\SL-SL
2011-09-21 13:22 . 2011-09-21 13:22 -------- d-----w- C:\extensions
2011-09-21 13:22 . 2011-09-21 13:22 -------- d-----w- c:\program files (x86)\Conduit
2011-09-21 13:22 . 2011-09-21 13:22 -------- d-----w- c:\users\Public\Conduit
2011-09-21 13:22 . 2011-09-21 13:22 -------- d-----w- c:\program files (x86)\uTorrent
2011-09-21 13:13 . 2011-09-21 13:13 -------- d-----w- c:\program files (x86)\VideoLAN
2011-09-21 12:40 . 2011-09-21 12:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-21 12:23 . 2011-09-21 12:23 -------- d-----w- c:\windows\SysWow64\Wat
2011-09-21 01:45 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-09-21 01:45 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-09-21 01:45 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-21 01:45 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-09-21 01:45 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-09-21 01:45 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-09-21 01:45 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-09-21 01:45 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-09-21 01:45 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-21 01:45 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-09-20 21:22 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-20 21:22 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-20 21:22 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-20 21:22 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-09-20 21:19 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-09-20 21:15 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-09-20 21:15 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-09-20 21:15 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-09-20 21:15 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-09-20 21:14 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-09-20 21:14 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-20 21:14 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-09-20 21:14 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-09-20 21:14 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-09-20 21:14 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-09-20 21:03 . 2011-09-21 12:23 -------- d-----w- c:\windows\system32\WAT
2011-09-20 21:01 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-09-20 21:01 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-09-20 20:40 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-09-20 20:40 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-09-20 20:40 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-09-20 20:40 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-09-20 20:40 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-09-20 20:40 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-09-20 20:38 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-09-20 20:37 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-09-20 20:37 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-09-12 02:01 . 2011-09-12 03:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-11 23:55 . 2011-03-18 06:24 108032 ----a-w- c:\windows\SysWow64\~GLH0026.TMP
2011-09-11 23:55 . 2010-05-15 21:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-09-11 23:54 . 2010-05-15 21:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-09-11 23:54 . 2011-09-11 23:54 -------- d-----w- c:\program files (x86)\Zone Labs
2011-09-11 23:54 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-09-11 23:54 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-09-11 23:54 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-09-11 23:54 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-09-11 23:54 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-09-11 23:53 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-09-11 23:53 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-09-11 23:53 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-11 23:53 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-09-11 23:53 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-09-11 23:51 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-09-11 23:51 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-09-11 23:51 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-09-11 23:51 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-11 23:51 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-09-11 23:49 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-11 23:43 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-09-11 23:43 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-09-11 23:43 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-09-11 23:43 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-09-11 23:43 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-09-11 23:43 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-09-11 23:43 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-09-11 23:43 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-09-11 23:43 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-09-11 23:43 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-09-10 00:33 . 2011-09-10 00:33 -------- d--h--w- c:\programdata\Common Files
2011-09-10 00:33 . 2011-09-10 00:33 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-10 00:32 . 2011-09-21 12:29 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-10 00:32 . 2011-09-10 00:46 -------- d-----w- c:\programdata\AVG2012
2011-09-10 00:31 . 2011-09-10 00:31 -------- d-----w- c:\program files (x86)\AVG
2011-09-10 00:26 . 2011-09-21 12:29 -------- d-----w- c:\programdata\MFAData
2011-09-09 22:31 . 2011-09-19 19:11 -------- d-----w- c:\users\Naim
2011-09-09 22:22 . 2011-09-09 22:29 -------- d-----w- C:\Emergency
2011-09-09 21:44 . 2011-09-09 21:44 -------- d-----w- c:\windows\SMINST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 11:08 . 2011-08-08 11:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-07-16 04:32 . 2011-09-11 23:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-11 06:14 . 2011-07-11 06:14 375376 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-07-11 06:14 . 2011-07-11 06:14 29776 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 06:14 . 2011-07-11 06:14 26704 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 06:14 . 2011-07-11 06:14 120400 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 06:13 . 2011-07-11 06:13 282704 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-07-11 06:13 . 2011-07-11 06:13 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-20_21.07.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-20 20:41 . 2010-12-21 05:38 51200 c:\windows\SysWOW64\wscapi.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-09-20 20:41 . 2010-12-21 05:38 14336 c:\windows\SysWOW64\slwga.dll
+ 2011-09-11 23:52 . 2011-07-16 04:31 25600 c:\windows\SysWOW64\setup16.exe
- 2010-08-09 21:53 . 2010-08-09 21:53 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-09-20 21:19 . 2011-05-04 04:52 86528 c:\windows\SysWOW64\SearchFilterHost.exe
- 2009-07-14 00:13 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-09-20 21:20 . 2011-06-15 09:04 86016 c:\windows\SysWOW64\odbccu32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-09-20 21:20 . 2011-06-15 09:04 81920 c:\windows\SysWOW64\odbccr32.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-09-11 23:52 . 2011-07-16 04:36 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-09-21 01:45 . 2009-11-25 16:47 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 59392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-09-20 21:19 . 2011-05-04 04:52 59392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-09-11 23:50 . 2011-06-21 05:35 67072 c:\windows\SysWOW64\mshtmled.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-09-11 23:50 . 2011-06-21 05:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2009-07-13 23:42 . 2009-07-14 01:14 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-09-11 23:50 . 2011-06-21 05:35 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-09-11 23:50 . 2011-06-21 05:36 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2009-07-13 23:43 . 2009-07-14 01:16 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 80720 c:\windows\SysWOW64\mfcm100u.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 80208 c:\windows\SysWOW64\mfcm100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-09-11 23:50 . 2011-06-21 05:35 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-09-11 23:50 . 2011-06-21 05:34 48128 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-13 23:43 . 2009-07-14 01:15 48128 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-13 23:38 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2011-09-20 20:41 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2011-09-11 23:52 . 2011-05-24 10:34 44544 c:\windows\SysWOW64\devrtl.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 44544 c:\windows\SysWOW64\devrtl.dll
+ 2011-09-11 23:52 . 2011-05-24 10:34 64512 c:\windows\SysWOW64\devobj.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 64512 c:\windows\SysWOW64\devobj.dll
+ 2011-09-20 20:41 . 2010-12-21 05:34 80384 c:\windows\SysWOW64\davclnt.dll
+ 2011-09-20 20:39 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
- 2009-07-13 23:25 . 2009-07-14 01:14 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-09-20 21:20 . 2010-03-05 07:42 67584 c:\windows\SysWOW64\asycfilt.dll
- 2009-07-13 23:48 . 2009-07-14 01:41 97280 c:\windows\system32\wscsvc.dll
+ 2011-09-20 20:41 . 2010-12-21 06:16 97280 c:\windows\system32\wscsvc.dll
+ 2011-09-20 20:41 . 2010-12-21 06:16 62976 c:\windows\system32\wscapi.dll
+ 2011-09-11 23:52 . 2011-07-16 05:26 13312 c:\windows\system32\wow64cpu.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 13312 c:\windows\system32\wow64cpu.dll
+ 2011-09-21 01:41 . 2011-09-21 01:41 63554 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-08-09 19:44 . 2011-09-20 21:31 22502 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-21 12:28 27798 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-20 20:41 . 2010-12-21 06:15 15360 c:\windows\system32\slwga.dll
+ 2011-09-11 23:52 . 2011-07-16 05:24 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 11600 c:\windows\system32\MUI\0409\mscorees.dll
+ 2011-09-21 01:45 . 2009-11-25 16:47 11600 c:\windows\system32\MUI\0409\mscorees.dll
- 2009-07-14 00:29 . 2009-07-14 01:41 75264 c:\windows\system32\msscntrs.dll
+ 2011-09-20 21:19 . 2011-05-04 05:28 75264 c:\windows\system32\msscntrs.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 97280 c:\windows\system32\mshtmled.dll
+ 2011-09-11 23:50 . 2011-06-21 06:20 97280 c:\windows\system32\mshtmled.dll
- 2009-07-13 23:58 . 2009-07-14 01:39 12288 c:\windows\system32\msfeedssync.exe
+ 2011-09-11 23:50 . 2011-06-21 06:17 12288 c:\windows\system32\msfeedssync.exe
+ 2011-09-11 23:50 . 2011-06-21 06:20 82944 c:\windows\system32\msfeedsbs.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 82944 c:\windows\system32\msfeedsbs.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-09-11 23:50 . 2011-06-21 06:20 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-09-11 23:50 . 2011-06-21 06:20 57856 c:\windows\system32\licmgr10.dll
+ 2011-09-11 23:50 . 2011-06-21 06:19 64512 c:\windows\system32\jsproxy.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 64512 c:\windows\system32\jsproxy.dll
+ 2011-09-20 20:41 . 2011-03-03 06:14 30208 c:\windows\system32\dnscacheugc.exe
- 2009-07-13 23:54 . 2009-07-14 01:39 30208 c:\windows\system32\dnscacheugc.exe
+ 2011-09-09 22:26 . 2011-09-21 12:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 22:26 . 2011-09-20 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 22:26 . 2011-09-20 21:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-09 22:26 . 2011-09-21 12:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-21 12:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-20 21:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-13 23:38 . 2009-07-14 01:40 46080 c:\windows\system32\atmlib.dll
+ 2011-09-20 20:39 . 2011-02-19 06:36 46080 c:\windows\system32\atmlib.dll
+ 2011-09-20 21:20 . 2010-03-05 07:52 84992 c:\windows\system32\asycfilt.dll
- 2009-07-13 23:59 . 2009-07-14 01:40 84992 c:\windows\system32\asycfilt.dll
+ 2011-09-20 21:22 . 2011-07-09 05:16 49664 c:\windows\servicing\GC64\tzupd.exe
- 2010-08-09 21:53 . 2010-08-09 21:53 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2011-09-11 23:58 . 2011-09-21 12:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 23:58 . 2011-09-11 23:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-09-21 12:26 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-11 23:58 . 2011-09-21 12:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-11 23:58 . 2011-09-11 23:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-11 23:58 . 2011-09-21 12:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-11 23:58 . 2011-09-11 23:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 23:00 . 2011-09-21 12:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 23:00 . 2011-09-20 21:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-09 23:00 . 2011-09-21 12:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-09 23:00 . 2011-09-20 21:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-20 21:48 . 2011-09-20 21:48 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\882bb396750a48471568a631a7411d30\System.Windows.Presentation.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\848a8d094d025fe083d978a79514a6f7\System.Web.DynamicData.Design.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\9f2d92aa623e67f78f79609fc97f5a79\PresentationFontCache.ni.exe
+ 2011-09-21 12:31 . 2011-09-21 12:31 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\cd27124310a458a0574a72d9e9364b0a\PresentationCFFRasterizer.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\735e220cab34c53ab47dbdb9a3f16f6c\PresentationCFFRasterizer.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9dae0c02dfa8138921bccf96a9229628\Microsoft.WSMan.Runtime.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e1c1b4ab295d49b143ccb298abedcefb\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\90c99b856c1995c8bb00adfafecb0eba\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\7876286f029dfd19d84caec9a4c52668\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\625e7d6455a54524c150c8d651335901\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\2d00e7010bf9509e1faba8f4ba11eff2\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\055e7900e5c6ec9ad8db5c6401de6374\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-09-20 21:31 . 2011-09-20 21:31 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\462b524ff0c8c0a764db439f7e65cb69\Microsoft.VisualC.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\30dded15a3463b985bca46a313665f7d\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\f5549de5532d582c04df863e86220437\LoadMxf.ni.exe
+ 2011-09-21 12:36 . 2011-09-21 12:36 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\df75cc1642de0720aa23fcd54f37007c\LoadMxf.ni.exe
+ 2011-09-20 21:45 . 2011-09-20 21:45 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\6f48498cd972f0a0736f0830446c5d47\ehiUPnP.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\ff80139f56e56fb8da9c0811884e5858\ehiTVMSMusic.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\f920ffd33e54c8c2954b0aa4922e20bb\dfsvc.ni.exe
+ 2011-09-20 21:32 . 2011-09-20 21:32 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\c2168c88a30bf127c60151d55a5c22be\Accessibility.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\0f0369d00722ff81ab404d391b730e6c\WindowsLiveWriter.ni.exe
+ 2011-09-20 21:40 . 2011-09-20 21:40 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5247a2056dd00b9dba9da49f5b2850af\WindowsLive.Writer.Api.ni.dll
+ 2011-09-21 12:32 . 2011-09-21 12:32 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\c23f8386031ea70eb7bdb59367fe2f0f\UIAutomationProvider.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a4a6211b6f6eb429d643fbbbd9653256\UIAutomationProvider.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\91863583ac124c524e8e91634c7bbd30\System.Windows.Presentation.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\9c016b37490889d9e2dd9efcc89e1da6\System.Web.DynamicData.Design.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\bff515e83413dbf959b9589ccefeca0a\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\ad0f1ab7ed22fca35ebdc7086df735d8\System.AddIn.Contract.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\36adbdd28cf7155bb476c6606317f117\PresentationFontCache.ni.exe
+ 2011-09-21 12:33 . 2011-09-21 12:33 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7c207f88fa0ab1c9a43e2e43fdf0a779\PresentationCFFRasterizer.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\658f59d8f832afed0068d8a5db77d5f8\PresentationCFFRasterizer.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\1d312fff41010364fac3b45fcc267c4b\napcrypt.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\1ae8dc99e79812cf5e6394b4f4db6552\Microsoft.WSMan.Runtime.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ecf78a76d679f911e23ebf3ef33f2b5e\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c12fba359c4354a0dc100a3cfacabeae\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ba5d61e74137b5793aead1ad706aad71\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a1d7a90314ab9634f2db1fe388ef86d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\867278d798f8be11a2ed9a76554329bc\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\2da8735b6762a57c4738d6c809645fa6\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\2cdfc43976ddf3a90d4573b528371985\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\b933f490039e14eb2e4be2e597ae07ed\Microsoft.Vsa.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ea183e8b958908d26680bb6e88d4fbb0\Microsoft.VisualC.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b20f6742224b9c733f41e2ea1b834fc2\Microsoft.Build.Framework.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9d58ae6973a51b87eaf4141686f20fec\Microsoft.Build.Framework.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\8065ab477932e0308175a4ac031456c5\ehiUserXp.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1040a6847fcc7f5c3245fe8a68623597\dfsvc.ni.exe
+ 2011-09-20 21:35 . 2011-09-20 21:35 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5c6e1a094b1e65c69b528151cc19b1ee\Accessibility.ni.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-09-11 23:52 . 2011-07-16 04:30 5120 c:\windows\SysWOW64\wow32.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 2048 c:\windows\SysWOW64\user.exe
+ 2011-09-11 23:52 . 2011-07-16 02:26 2048 c:\windows\SysWOW64\user.exe
- 2010-08-09 21:53 . 2010-08-09 21:53 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-09-11 23:52 . 2011-07-16 02:26 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-09-11 23:52 . 2011-07-16 02:21 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 02:21 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 02:21 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 02:21 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-09-09 23:29 . 2011-09-21 12:28 5074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2349825972-939962816-1972536222-1000_UserData.bin
+ 2011-09-11 23:52 . 2011-07-16 05:04 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-09-11 23:52 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-09-21 12:25 . 2011-09-21 12:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-20 21:04 . 2011-09-20 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-21 12:25 . 2011-09-21 12:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-20 21:04 . 2011-09-20 21:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-09-20 20:38 . 2010-11-02 04:41 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-09-20 20:41 . 2011-03-12 11:31 442880 c:\windows\SysWOW64\XpsPrint.dll
- 2009-07-14 00:20 . 2009-07-14 01:16 180224 c:\windows\SysWOW64\xmllite.dll
+ 2011-09-20 21:22 . 2011-06-16 04:35 180224 c:\windows\SysWOW64\xmllite.dll
+ 2011-09-11 23:50 . 2011-06-21 05:36 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-09-20 20:41 . 2010-12-21 05:38 350720 c:\windows\SysWOW64\winhttp.dll
+ 2011-09-20 20:38 . 2010-10-16 04:36 314368 c:\windows\SysWOW64\webio.dll
+ 2011-09-20 20:41 . 2010-12-21 05:38 204800 c:\windows\SysWOW64\WebClnt.dll
+ 2011-09-21 12:23 . 2011-09-21 01:44 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2011-09-21 12:23 . 2011-09-21 01:44 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2011-09-11 23:50 . 2011-06-21 05:36 132096 c:\windows\SysWOW64\url.dll
+ 2011-09-20 20:41 . 2010-12-21 05:38 204288 c:\windows\SysWOW64\upnp.dll
+ 2011-09-20 21:19 . 2010-11-02 04:40 496128 c:\windows\SysWOW64\taskschd.dll
- 2009-07-13 23:30 . 2009-07-14 01:16 496128 c:\windows\SysWOW64\taskschd.dll
+ 2011-09-20 21:19 . 2010-11-02 04:34 192000 c:\windows\SysWOW64\taskeng.exe
+ 2011-09-20 21:19 . 2010-11-02 04:40 305152 c:\windows\SysWOW64\taskcomp.dll
+ 2011-09-20 21:19 . 2010-08-26 04:39 109056 c:\windows\SysWOW64\t2embed.dll
+ 2011-09-20 21:19 . 2010-05-05 06:46 363520 c:\windows\SysWOW64\StructuredQuery.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 363520 c:\windows\SysWOW64\StructuredQuery.dll
- 2009-07-14 00:14 . 2009-07-14 01:14 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-09-20 21:19 . 2011-05-04 04:52 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
- 2009-07-14 00:14 . 2009-07-14 01:14 428032 c:\windows\SysWOW64\SearchIndexer.exe
+ 2011-09-20 21:19 . 2011-05-04 04:52 428032 c:\windows\SysWOW64\SearchIndexer.exe
+ 2011-09-20 21:19 . 2010-11-02 04:34 179712 c:\windows\SysWOW64\schtasks.exe
+ 2011-09-20 21:19 . 2010-08-21 05:36 224256 c:\windows\SysWOW64\schannel.dll
- 2009-07-14 00:06 . 2009-07-14 01:16 850432 c:\windows\SysWOW64\sbe.dll
+ 2011-09-20 21:20 . 2010-12-23 05:28 850432 c:\windows\SysWOW64\sbe.dll
- 2009-07-13 23:22 . 2009-07-14 01:14 123904 c:\windows\SysWOW64\poqexec.exe
+ 2011-09-20 21:20 . 2011-04-09 05:56 123904 c:\windows\SysWOW64\poqexec.exe
+ 2011-09-20 21:20 . 2011-06-15 09:04 163840 c:\windows\SysWOW64\odbctrac.dll
- 2009-07-14 00:11 . 2009-07-14 01:16 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2011-09-20 21:20 . 2011-06-15 09:04 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-09-20 21:20 . 2011-06-15 09:04 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-09-11 23:50 . 2011-06-21 05:35 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-09-20 21:19 . 2011-05-04 04:52 666624 c:\windows\SysWOW64\mssvp.dll
- 2009-07-14 00:13 . 2009-07-14 01:15 666624 c:\windows\SysWOW64\mssvp.dll
- 2009-07-14 00:14 . 2009-07-14 01:15 197120 c:\windows\SysWOW64\mssphtb.dll
+ 2011-09-20 21:19 . 2011-05-04 04:52 197120 c:\windows\SysWOW64\mssphtb.dll
- 2009-07-14 00:13 . 2009-07-14 01:15 337408 c:\windows\SysWOW64\mssph.dll
+ 2011-09-20 21:19 . 2011-05-04 04:52 337408 c:\windows\SysWOW64\mssph.dll
+ 2011-09-11 23:50 . 2011-06-21 05:35 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2011-09-20 20:38 . 2010-05-23 10:11 196608 c:\windows\SysWOW64\mfreadwrite.dll
+ 2011-09-11 23:52 . 2011-07-16 04:30 272384 c:\windows\SysWOW64\KernelBase.dll
+ 2011-09-20 21:20 . 2010-12-18 05:29 541184 c:\windows\SysWOW64\kerberos.dll
- 2009-07-13 23:35 . 2009-07-14 01:15 541184 c:\windows\SysWOW64\kerberos.dll
+ 2011-09-20 21:15 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-09-21 12:40 . 2011-05-04 08:52 157472 c:\windows\SysWOW64\javaws.exe
- 2010-08-09 19:05 . 2010-08-09 19:05 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-09-21 12:40 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-09-21 12:40 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\java.exe
- 2010-08-09 19:05 . 2010-08-09 19:05 145184 c:\windows\SysWOW64\java.exe
+ 2011-09-11 23:50 . 2011-06-21 05:34 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-09-11 23:50 . 2011-06-21 05:34 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-09-11 23:50 . 2011-06-21 05:34 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-09-20 21:20 . 2010-12-23 05:28 534528 c:\windows\SysWOW64\EncDec.dll
- 2009-07-14 00:41 . 2009-07-14 01:16 534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-09-11 23:52 . 2011-05-24 10:32 252928 c:\windows\SysWOW64\drvinst.exe
- 2009-07-13 23:16 . 2009-07-14 01:14 252928 c:\windows\SysWOW64\drvinst.exe
+ 2011-09-20 20:41 . 2011-03-03 05:29 269824 c:\windows\SysWOW64\dnsapi.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2010-08-09 19:05 . 2011-05-04 08:52 472808 c:\windows\SysWOW64\deployJava1.dll
+ 2011-09-20 20:38 . 2010-11-02 04:35 218624 c:\windows\SysWOW64\d3d10_1core.dll
+ 2011-09-20 20:38 . 2010-11-02 04:35 161792 c:\windows\SysWOW64\d3d10_1.dll
- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2011-09-20 20:38 . 2010-11-02 04:35 739840 c:\windows\SysWOW64\d2d1.dll
+ 2011-09-20 21:20 . 2010-12-23 05:28 642048 c:\windows\SysWOW64\CPFilters.dll
- 2009-07-14 04:54 . 2011-09-20 21:08 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-21 12:29 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-21 12:29 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-20 21:08 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 23:52 . 2011-05-24 10:34 145920 c:\windows\SysWOW64\cfgmgr32.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 145920 c:\windows\SysWOW64\cfgmgr32.dll
+ 2011-09-20 20:39 . 2011-02-19 03:37 294912 c:\windows\SysWOW64\atmfd.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 138056 c:\windows\SysWOW64\atl100.dll
- 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll
+ 2011-09-20 20:38 . 2010-11-02 05:18 229888 c:\windows\system32\XpsRasterService.dll
+ 2011-09-20 20:41 . 2011-03-12 12:03 662528 c:\windows\system32\XpsPrint.dll
+ 2011-09-20 21:22 . 2011-06-16 05:31 199680 c:\windows\system32\xmllite.dll
- 2009-07-14 00:41 . 2009-07-14 01:41 199680 c:\windows\system32\xmllite.dll
+ 2011-09-11 23:52 . 2011-07-16 05:26 362496 c:\windows\system32\wow64win.dll
+ 2011-09-11 23:52 . 2011-07-16 05:26 243200 c:\windows\system32\wow64.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 243200 c:\windows\system32\wow64.dll
+ 2011-09-20 21:19 . 2010-11-02 05:18 524288 c:\windows\system32\wmicmiplugin.dll
+ 2011-09-11 23:52 . 2011-07-16 05:26 214528 c:\windows\system32\winsrv.dll
+ 2011-09-20 20:41 . 2010-12-21 06:16 442880 c:\windows\system32\winhttp.dll
+ 2011-09-20 20:38 . 2010-10-16 05:19 395776 c:\windows\system32\webio.dll
+ 2011-09-20 20:41 . 2010-12-21 06:16 258048 c:\windows\system32\WebClnt.dll
+ 2011-09-21 12:23 . 2011-09-21 01:44 152888 c:\windows\system32\WAT\WatWeb.dll
+ 2011-09-21 12:23 . 2011-09-21 01:44 249656 c:\windows\system32\WAT\WatUX.exe
+ 2011-09-21 12:23 . 2011-09-21 01:44 138664 c:\windows\system32\WAT\npWatWeb.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 134144 c:\windows\system32\url.dll
+ 2011-09-11 23:50 . 2011-06-21 06:20 134144 c:\windows\system32\url.dll
+ 2011-09-20 20:41 . 2010-12-21 06:15 264192 c:\windows\system32\upnp.dll
+ 2011-09-11 23:52 . 2011-05-24 11:21 404992 c:\windows\system32\umpnpmgr.dll
+ 2011-09-20 21:19 . 2010-11-02 05:10 464384 c:\windows\system32\taskeng.exe
- 2009-07-13 23:47 . 2009-07-14 01:41 473600 c:\windows\system32\taskcomp.dll
+ 2011-09-20 21:19 . 2010-11-02 05:17 473600 c:\windows\system32\taskcomp.dll
+ 2011-09-20 21:19 . 2010-05-05 07:37 483840 c:\windows\system32\StructuredQuery.dll
- 2009-07-14 00:29 . 2009-07-14 01:41 483840 c:\windows\system32\StructuredQuery.dll
+ 2011-09-20 21:20 . 2010-08-21 06:29 558592 c:\windows\system32\spoolsv.exe
+ 2011-09-20 21:19 . 2011-05-04 05:24 249856 c:\windows\system32\SearchProtocolHost.exe
- 2009-07-14 00:30 . 2009-07-14 01:39 249856 c:\windows\system32\SearchProtocolHost.exe
- 2009-07-14 00:32 . 2009-07-14 01:39 593408 c:\windows\system32\SearchIndexer.exe
+ 2011-09-20 21:19 . 2011-05-04 05:24 593408 c:\windows\system32\SearchIndexer.exe
- 2009-07-14 00:29 . 2009-07-14 01:39 113664 c:\windows\system32\SearchFilterHost.exe
+ 2011-09-20 21:19 . 2011-05-04 05:24 113664 c:\windows\system32\SearchFilterHost.exe
+ 2011-09-20 21:19 . 2010-11-02 05:10 285696 c:\windows\system32\schtasks.exe
+ 2011-09-20 21:19 . 2010-08-21 06:36 340992 c:\windows\system32\schannel.dll
- 2009-07-13 23:34 . 2009-07-14 01:39 142336 c:\windows\system32\poqexec.exe
+ 2011-09-20 21:20 . 2011-04-09 06:58 142336 c:\windows\system32\poqexec.exe
- 2009-07-14 02:36 . 2011-09-20 20:36 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-21 12:32 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-21 12:32 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-09-20 20:36 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 00:28 . 2009-07-14 01:41 212992 c:\windows\system32\odbctrac.dll
+ 2011-09-20 21:20 . 2011-06-15 09:58 212992 c:\windows\system32\odbctrac.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2011-09-20 21:20 . 2011-06-15 09:58 106496 c:\windows\system32\odbccu32.dll
+ 2011-09-20 21:20 . 2011-06-15 09:58 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 163840 c:\windows\system32\odbccp32.dll
+ 2011-09-20 21:20 . 2011-06-15 09:58 163840 c:\windows\system32\odbccp32.dll
- 2009-07-14 00:30 . 2009-07-14 01:41 779264 c:\windows\system32\mssvp.dll
+ 2011-09-20 21:19 . 2011-05-04 05:28 779264 c:\windows\system32\mssvp.dll
- 2009-07-14 00:32 . 2009-07-14 01:41 288256 c:\windows\system32\mssphtb.dll
+ 2011-09-20 21:19 . 2011-05-04 05:28 288256 c:\windows\system32\mssphtb.dll
+ 2011-09-20 21:19 . 2011-05-04 05:28 491520 c:\windows\system32\mssph.dll
- 2009-07-14 00:30 . 2009-07-14 01:41 491520 c:\windows\system32\mssph.dll
+ 2011-09-11 23:50 . 2011-06-21 06:20 703488 c:\windows\system32\msfeeds.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 552960 c:\windows\system32\msdri.dll
+ 2011-09-20 21:19 . 2010-08-04 07:07 552960 c:\windows\system32\msdri.dll
+ 2011-09-20 20:38 . 2010-05-23 08:35 257024 c:\windows\system32\mfreadwrite.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 206848 c:\windows\system32\mfps.dll
+ 2011-09-20 20:38 . 2010-05-23 08:35 206848 c:\windows\system32\mfps.dll
+ 2011-09-11 23:52 . 2011-07-16 05:21 422400 c:\windows\system32\KernelBase.dll
+ 2011-09-20 21:20 . 2010-12-18 06:11 714752 c:\windows\system32\kerberos.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 852480 c:\windows\system32\jscript.dll
+ 2011-09-20 21:15 . 2011-02-18 06:36 852480 c:\windows\system32\jscript.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 247808 c:\windows\system32\ieui.dll
+ 2011-09-11 23:50 . 2011-06-21 06:19 247808 c:\windows\system32\ieui.dll
+ 2011-09-11 23:50 . 2011-06-21 06:19 256000 c:\windows\system32\iepeers.dll
+ 2011-09-11 23:50 . 2011-06-21 06:19 445952 c:\windows\system32\iedkcs32.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 445952 c:\windows\system32\iedkcs32.dll
- 2009-07-14 04:45 . 2010-08-09 20:57 274320 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-09-21 12:25 274320 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-20 21:20 . 2010-12-23 06:07 723968 c:\windows\system32\EncDec.dll
+ 2011-09-20 21:19 . 2011-05-04 02:51 126464 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-09-20 21:19 . 2011-07-09 02:44 287744 c:\windows\system32\drivers\mrxsmb10.sys
- 2010-08-09 21:53 . 2010-08-09 21:53 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-09-20 21:19 . 2011-05-04 02:51 157696 c:\windows\system32\drivers\mrxsmb.sys
- 2009-07-13 23:22 . 2009-07-14 01:43 223448 c:\windows\system32\drivers\fvevol.sys
+ 2011-09-20 20:39 . 2009-09-26 06:20 223448 c:\windows\system32\drivers\fvevol.sys
+ 2011-09-20 20:38 . 2011-01-26 06:53 265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2011-09-20 20:38 . 2011-01-26 06:53 982912 c:\windows\system32\drivers\dxgkrnl.sys
- 2009-07-13 23:21 . 2009-07-14 01:40 182272 c:\windows\system32\dnsrslvr.dll
+ 2011-09-20 20:41 . 2011-03-03 06:17 182272 c:\windows\system32\dnsrslvr.dll
+ 2011-09-20 20:41 . 2011-03-03 06:17 356352 c:\windows\system32\dnsapi.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 356352 c:\windows\system32\dnsapi.dll
+ 2011-09-20 20:41 . 2010-12-21 06:10 100864 c:\windows\system32\davclnt.dll
+ 2011-09-20 20:38 . 2010-11-02 05:12 320512 c:\windows\system32\d3d10_1core.dll
- 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll
+ 2011-09-20 20:38 . 2010-11-02 05:12 197120 c:\windows\system32\d3d10_1.dll
+ 2011-09-20 20:38 . 2010-11-02 05:12 902656 c:\windows\system32\d2d1.dll
+ 2011-09-20 21:20 . 2010-12-23 06:07 961024 c:\windows\system32\CPFilters.dll
+ 2011-09-11 23:50 . 2010-10-16 05:23 112000 c:\windows\system32\consent.exe
- 2009-07-13 23:38 . 2009-07-14 01:39 338432 c:\windows\system32\conhost.exe
+ 2011-09-11 23:52 . 2011-07-16 05:17 338432 c:\windows\system32\conhost.exe
+ 2009-07-14 05:12 . 2011-09-21 12:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-20 20:38 . 2011-01-26 06:31 144384 c:\windows\system32\cdd.dll
+ 2011-09-20 20:39 . 2011-02-19 04:13 367104 c:\windows\system32\atmfd.dll
+ 2011-09-11 23:58 . 2011-09-21 12:29 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-20 21:03 . 2011-09-21 01:55 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-20 21:03 . 2011-09-20 21:03 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-09-21 01:55 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-20 21:15 . 2010-03-02 23:23 171368 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 258048 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll
+ 2011-09-20 21:15 . 2010-03-03 23:26 258048 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-09-20 21:15 . 2010-03-02 23:24 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-09-20 21:15 . 2010-03-03 23:27 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-09-21 12:40 . 2011-09-21 12:40 207360 c:\windows\Installer\ceed7.msi
+ 2010-03-19 14:19 . 2010-03-19 14:19 155136 c:\windows\Installer\ce1a6.msi
+ 2008-07-31 01:28 . 2008-07-31 01:28 233984 c:\windows\Installer\ce1a1.msi
- 2010-08-09 21:53 . 2010-08-09 21:53 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2011-09-20 21:19 . 2010-08-04 07:14 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2011-09-20 21:19 . 2010-08-04 07:14 198656 c:\windows\ehome\mcupdate.exe
+ 2011-09-20 21:19 . 2010-08-04 06:28 638976 c:\windows\ehome\mcstore.dll
+ 2011-09-20 21:19 . 2010-08-04 07:07 957952 c:\windows\ehome\mcplayer.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 957952 c:\windows\ehome\mcplayer.dll
+ 2011-09-20 21:19 . 2010-08-04 07:14 741376 c:\windows\ehome\mcepg.dll
+ 2011-09-20 21:19 . 2010-08-04 07:05 696320 c:\windows\ehome\ehrecvr.exe
+ 2011-09-20 21:19 . 2010-08-04 07:05 295936 c:\windows\ehome\ehprivjob.exe
+ 2011-09-20 21:19 . 2010-08-04 07:07 150528 c:\windows\ehome\ehPresenter.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 150528 c:\windows\ehome\ehPresenter.dll
- 2009-07-14 00:25 . 2009-07-14 01:40 758784 c:\windows\ehome\ehglid.dll
+ 2011-09-20 21:19 . 2010-08-04 07:07 758784 c:\windows\ehome\ehglid.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\e7727e918450641b5070b263faba6b0d\WsatConfig.ni.exe
+ 2011-09-20 21:48 . 2011-09-20 21:48 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\b4b1b8728f3b374742008a2b8b948138\WindowsFormsIntegration.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\51d859ccc657cd640a621b8f0052f101\VistaBridgeLibrary.ni.dll
+ 2011-09-21 12:34 . 2011-09-21 12:34 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\21240971bbdcab17679d25ce7297d59a\VistaBridgeLibrary.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\4be0d0e390793152b4f5b0e5bb106e2b\VDialog.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\3037924076c4aaaa6fab19a9308e5d54\UIAutomationTypes.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\fc2c67900e0ace0d072de3eb7a31cce3\UIAutomationProvider.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\000d79f13457028301b08e4a562a9872\UIAutomationProvider.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\e713333d76ceffa169dce44094cb6e30\UIAutomationClient.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\74d85a6613ea62938fca172c13683622\TaskScheduler.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\4da50f8371b9e3702aa65782c9cde180\System.Xml.Linq.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\a09d93335422a115450a212a0defda79\System.Web.Routing.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\08922cbfd0aea1d848a4453822dfd279\System.Web.RegularExpressions.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\5586214d0b4f91c06444d2ad3f4d3706\System.Web.Entity.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\b2ab5ac22e1523170dc04a3441a718ea\System.Web.Entity.Design.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\050d922b0cdc110734f20e86ab3c4ef4\System.Web.DynamicData.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\350e7923579c8b8ff8ffb341c7a34cb7\System.Web.Abstractions.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\012d2a1c24d42710fbf97dc94ec504fb\System.Transactions.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\9ef1ad9611b1ac3e14b188761970b723\System.ServiceProcess.ni.dll
+ 2011-09-21 12:29 . 2011-09-21 12:29 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\beab80c34eca0fa89161ff99f28183ad\System.Security.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 924672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\9b6435c61e2b2b04425a366818251ab4\System.Security.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0a85e867fe9fd9f76be97b8b7c5bdfc9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\62fa57fafcfdced13fe6677ae0ef012e\System.Net.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\962dd89f4c10d0e4044d974e207e7824\System.Messaging.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\3b392868856590c34775610461b04387\System.Management.Instrumentation.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\2c8e8216c1aee6efc901686bc683e1b5\System.IO.Log.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\447e3b751e1e9d56e1e055641b477d46\System.IdentityModel.Selectors.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\e50018ed66598a6f7459391a92a332d4\System.EnterpriseServices.Wrapper.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\04ae6ad5595d4ccfde16f8a2dd051fa2\System.Drawing.Design.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e198fadf6657e0dc7f4c3cdd5d4bc016\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\6bfd7badb7b44bd78944e1b2ed112ab9\System.Data.Services.Design.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\e5c44e730cd501f586034f470f342ad7\System.Data.DataSetExtensions.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\357e6c29cc6fcf9bd03d814bdbdbcff5\System.Configuration.Install.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\09cd84e13b823c7ad0701948ca06888d\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\2723655fefebdc6d6b059c2b0f1115b1\System.AddIn.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\2f9a3f7cb355902f1006b526d6e283a2\System.AddIn.Contract.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\6f0949db9a999cee6e55c5783a90cee0\sysglobl.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\cd054182e8962373d0afb00421832688\SMSvcHost.ni.exe
+ 2011-09-20 21:44 . 2011-09-20 21:44 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\2cd1c407b939e770a9030b17d2129359\SMDiagnostics.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\e19dbdf7a113d7b4c5b502de963fd76a\PresentationFramework.Royale.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\dbab4af14e9ae50b122de929d59a2eac\PresentationFramework.Aero.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c89c0947ec1754c80e2b904ef2a92a57\PresentationFramework.Royale.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b5c26a0b3da21eefba43a3127d265883\PresentationFramework.Classic.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\8f174cd54fdce3beba9ee5cac4360140\PresentationFramework.Aero.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2a99e3046e77ad3144a823a63034b6a7\PresentationFramework.Luna.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\12c70d9ad220be74c6a5f74449f59c9e\PresentationFramework.Luna.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0168fe59a3c03924fba643e4063c7d1f\PresentationFramework.Classic.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2de0af0a83f9dd1174d4ebb6c847008f\napsnap.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\5bda622ef44e81ba0e54967306e5a808\napinit.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\bc5d158b3f2d97939fe5a6c0f8c8f87b\naphlpr.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\701f374ba78342978c5545d4840259ea\napcrypt.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 408064 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\11513eb8da64f292e8cd612c3bf1a8b6\MyDock.Util.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\c02760e9ca99d7502b024e24f9847e3d\MSBuild.ni.exe
+ 2011-09-20 21:45 . 2011-09-20 21:45 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\5523eb8f43a01b29f1d8e65797a811ae\MMCFxCommon.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\f7467972b0c2794fb6f9aa16e2b5999f\Microsoft.WSMan.Management.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b3d293299c64fca597cb8d642245fb23\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\473e9a9e34d683efaca0508918d86f50\Microsoft.Vsa.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\eb2440683eb3da6aa4a58d9c65f3e356\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3853d2480e2bcbed6d612a49e382a4d6\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23537cb249073a90dbca9a5d21c04e3b\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0c1b78c334985e1015c3fa1f9a63c3fe\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0773bfe015ecf298fbf776e815e1a8ae\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\03192d0c95823ccc0df09482dc24cf86\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d9d07e40aa4d6c3c46995c9574c3fd8a\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ca452d0946734bb3a8f558015b94e90a\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a826afa27a7572a8b2bfe29af8b04bd9\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9f13763c1b53d2cd0e6d9d1cb5a34951\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\82809f05f027f523933c46ecd2014a77\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6c150addb84a59e7e7a0165c759da09d\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5ab13f219a756bcb9cdcf5d8aa75ff8f\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4fd01f1ce5158825cb07c02759f98bb3\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\358233ea94de055f83b0ed37608693c4\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\2fc4fdadf0feda02b79115de09a5c8b3\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1914d9bcc2faafe5093c491ead42baed\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\0367933c336aa06157c30c97ecf21df7\Microsoft.ManagementConsole.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\fce6261e4890aeee68ebafd3c7503b59\Microsoft.Build.Utilities.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\1117aa31f6c9e1896d6331884abb865b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\fe53bc9afbbe7ddcd019b5901f385f56\Microsoft.Build.Framework.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\5dba71a416170b8fcc087cbc041bbd36\Microsoft.Build.Framework.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\50029a2564c42533d4631a9c31e7337b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\f992bf97972819368e2d5fe9ea76c4c4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\85455acee24607bcc94607979ffd5b8e\Mcx2Dvcs.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 545792 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\271dfc392ac0643bab8b858dfb8ade12\mcupdate.ni.exe
+ 2011-09-21 12:30 . 2011-09-21 12:30 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\15d4461663c6af24282901b1f07e91f2\mcupdate.ni.exe
+ 2011-09-21 12:30 . 2011-09-21 12:30 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\f254b7639bc1c285e9c865f1fb53a2e8\mcstoredb.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\226a161833d2a6dc2bafee380971a5d1\mcstoredb.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\a404599e53ac7e00fddea1fa440d68fa\mcplayerinterop.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\7fda576e052f21e976237dc30e68b47d\mcplayerinterop.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\de9782841cbc7dbbad3e87594d5cae73\mcGlidHostObj.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\8201454791c78127e7b58ad23df8abac\mcGlidHostObj.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\b8e3936c3d195fd892d22b700aa433ce\MCESidebarCtrl.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\6e2a154d8d4612429503e7eebaf04fbd\MCESidebarCtrl.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\e5faab0816070fa8bbc73739a1e810f7\EventViewer.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\e3286ebcc9bb247e22bfdf0e611de54e\ehRecObj.ni.dll
+ 2011-09-21 12:29 . 2011-09-21 12:29 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\359663432cb10ee049e8ca7c0e6ad40c\ehRecObj.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\3246efb99373e55bd1b959773544f022\ehiWUapi.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\f8c0d91c775ad878662d36cb268bf7fc\ehiwmp.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\289204adea622e38771b847a05f17234\ehiUserXp.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\ea53b7b91eaaf84cbee21ecff7fb23ba\ehiiTv.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\a15758a37bd60ea85c32a17af495a155\ehiExtens.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\39d8adbc139377384f9860c83fe28ebd\ehiBmlDataCarousel.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\7ee4fccc9fc77c848b265fc80151b094\ehiActivScp.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\30dd93a3efb5b657506f92f120ba653c\ehExtHost.ni.exe
+ 2011-09-20 21:44 . 2011-09-20 21:44 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\160f21c145554b2713c8f252e25ec6a1\ehCIR.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\3d024b5626eab42124b4924936eb7e61\CustomMarshalers.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\5a15fd43816384c9ce8f9e5f602a4881\ComSvcConfig.ni.exe
+ 2011-09-20 21:43 . 2011-09-20 21:43 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\d0c5103b2307f7ab6d7b122282a23fc7\BDATunePIA.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\bb8b320e9f04eb026fbe201544e0d2c3\WsatConfig.ni.exe
+ 2011-09-20 21:40 . 2011-09-20 21:40 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\606d10c20478061be1cd571ef675e6d9\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e35a49224081e6a174bf9f2322c10f16\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5657d015b0fa0cfc6ab2f4ee9bf125c\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ce6636e728495d2a0dc053f8668db881\WindowsLive.Writer.Passport.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\95b898c0709649053db452e95e7b02b5\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84036011d96bb9ec3cf7f845aae4837e\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7f677040817dfc70ad43702d6db31f7d\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\694934efdca71d40c066de05b080af40\WindowsLive.Writer.Interop.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5bed00ec786bc132ae73a498d93135c6\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\53fe2ee7867c54ceef0b702586018365\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f28c3bf166286fca01ae75b7ac44a08\WindowsLive.Writer.Controls.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2e12a44d3815a831947b7d1ce6a51c25\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2cf4cba5e01ea9c8f46ca321b57be421\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\165b5b60025dae0e1791af38a5bffb7b\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\15b684f6e8cc4eb2ce95e951b7a6884c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\15252076f680e14b4533e8083c618150\WindowsLive.Writer.Localization.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\54fa5855e52580bb457fca135a303732\WindowsLive.Client.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\ad93820da9c8f11f0cb4c7b17c2f9315\WindowsFormsIntegration.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\efadc7a54e78f3755da53c95bdc293fd\UIAutomationTypes.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\41711200b9de7178bdda85228b32f97d\UIAutomationClient.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\1aef7f929e7131ac0d33a16491437dec\TaskScheduler.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d3d63efed90d899e99d0129ac36cb800\System.Xml.Linq.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d28bca51aafe2798311107a559dc04bf\System.Web.Routing.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\32f0e82ec89a541cd35b1199026bdc79\System.Web.RegularExpressions.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\2b94f95bea6e42e6da56057315b2c297\System.Web.Extensions.Design.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\0a1f870d38044f31606befbd9227c9a3\System.Web.Entity.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4d5a7e8ff61f92a0c334e4ade0a7bae3\System.Web.Entity.Design.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\301fe40df1fe634fa8a883abca02dc58\System.Web.DynamicData.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\7cbec1873ba78ac21ee6428301de29b5\System.Web.Abstractions.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\33eef8d1899573df9ab38acc0ffff07a\System.Transactions.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cdb4206b82e070d99aa0d58aec54f12b\System.ServiceProcess.ni.dll
+ 2011-09-21 12:32 . 2011-09-21 12:32 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\7f009f584401629e941dd5c754e4a0d4\System.Security.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 676864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\32b960090a63f7a98efff49416b70b2b\System.Security.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\64880ed3f57cece98833e508f3c7e9d9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a89d1cc8c80b4089cd9f77b5bbd43062\System.Runtime.Remoting.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\47a35529fed67982be81a1e67a8145d8\System.Net.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\59069ccdbc65fce202bb976999326efa\System.Messaging.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\f7e5b8ec78f2a86c02e544e1c81f3184\System.Management.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\53f6cf889e0bc005b801a58cd4cf7702\System.Management.Instrumentation.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0336973f4a5807b5242a70f66b033806\System.IO.Log.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c60391efb4d753eceea25c8834cd208b\System.IdentityModel.Selectors.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\57d7078bc796f91103e92b210de3c3d6\System.EnterpriseServices.Wrapper.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\57d7078bc796f91103e92b210de3c3d6\System.EnterpriseServices.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\73ba31fc311c9a769f50cad8edc92e08\System.Drawing.Design.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7e14e786ccaa33485c46349a9383bdac\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\60e988be789d1c29c32ba387e4a3df03\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\db5a9e2583426c5ff57e624e9233cd8c\System.Data.Services.Client.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\7ab6121d26b1ce1af98e152d3fc02bbb\System.Data.Services.Design.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\a30f177f0106522cb22d7cad9a0ac508\System.Data.Entity.Design.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\0dcebfec2898ec15785543b8a2fa15dd\System.Data.DataSetExtensions.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c94ae2aa302ed8cebfe8cbffd7b6fa99\System.Configuration.ni.dll
+ 2011-09-21 12:32 . 2011-09-21 12:32 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4c57c8b1594281c44d9f04a3b3d76131\System.Configuration.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\2c721a8ce1293d634aef8d6b01a8af3f\System.Configuration.Install.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\2c6546e04f50bbb0faca15865ad835f0\System.AddIn.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\788cc2579c0a59283c3a1f24ac41323f\sysglobl.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b446bfeada0a6193c6493eba35cc608\SMSvcHost.ni.exe
+ 2011-09-20 21:40 . 2011-09-20 21:40 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b2de5b6831274468b42d17ab83649810\SMDiagnostics.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a5cd52f0fb6816ff1e2d52c13ca80849\PresentationFramework.Royale.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b72dd677c136de2517a6e44ec365df1\PresentationFramework.Aero.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\503714a7c3655766c24045c6e5f40d26\PresentationFramework.Classic.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\38b7f6ae1801f971229538dc3c567f59\PresentationFramework.Luna.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\320dc15c335e427b6d61b74921adfc55\PresentationFramework.Classic.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\292dc8a25e02249b0746f4d0355d288e\PresentationFramework.Luna.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\194b3514c3e2db5e3de619488a5aa90d\PresentationFramework.Royale.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\03a15ab4f178ecdfb3b980f82c9aaa66\PresentationFramework.Aero.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\8a7ecc61b6bc19b55bad24b486e1a2bf\napsnap.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\5b710a192e8df516a6186310c6a4d773\napinit.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\71c2fc1d1280cd485b65e5375945d19c\naphlpr.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\42090241bfba75d06b390e2ea047d33d\MSBuild.ni.exe
+ 2011-09-20 21:41 . 2011-09-20 21:41 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\daca8a744cdeed250b72fa7ff0231c84\MMCFxCommon.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\e22a5b38455d7b6109f9149d1d2482ff\Microsoft.WSMan.Management.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\78fa2bfa4ff975a1d1fc2759fc924ec6\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fc83fea4c3adb96825c979e179c0fef4\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e040b5b48d35cc1b18afd89e08b4488f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c27453f30d8614d85f459f5b0041a571\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\98d02e5138fdd474b8265599fe709c2f\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6ecdc3e2e2adcc3c1cd998d2921285fb\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\5dbf9cb39580e130fee7f831ed4532a9\Microsoft.ManagementConsole.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9f4831d83beda7ffaa42b77faccd7ebc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\754a3d1ae7ce89d6d3708dd77da2a56f\Microsoft.Build.Utilities.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a8b573869f01ed7d6fa4adcc4878b805\Microsoft.Build.Engine.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8fdbe09d8ca85d4ea089b7c5aa24189c\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\130e6e04f8e14bd783d1ea10b81ec3a2\mcstoredb.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\c58fe63d95c866ebca092819b9f10b52\EventViewer.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\e0d7d5e06f2931d31ff2567cdc9a2078\ehRecObj.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\b296e4a7cf7a2ec895036f09f654594e\ehiVidCtl.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\7f130b6c3d44f0c572719397cbe3459b\ehiProxy.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\e79e25723507c1a8ce45167bcebfb167\ehiExtens.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\d2b61d359d2f853b21704e2fe2fb197e\ehExtHost32.ni.exe
+ 2011-09-20 21:40 . 2011-09-20 21:40 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2e8bbdf2a971ffe1ba403c620989954c\CustomMarshalers.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3fadba29feb0636a1370d16904d75633\ComSvcConfig.ni.exe
+ 2011-09-20 21:40 . 2011-09-20 21:40 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\f72231024f33e4e5decd8ec7f08dc190\BDATunePIA.ni.dll
+ 2011-09-20 21:15 . 2010-03-03 23:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-20 21:19 . 2010-08-04 06:28 638976 c:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
+ 2011-09-20 21:19 . 2010-08-04 07:14 741376 c:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
+ 2011-09-20 21:19 . 2010-08-04 07:14 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
+ 2011-09-20 21:19 . 2010-08-04 07:14 198656 c:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
+ 2011-09-20 20:38 . 2010-05-23 10:15 1619456 c:\windows\SysWOW64\WMVDECOD.DLL
+ 2011-09-11 23:50 . 2011-06-21 05:36 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2011-09-20 21:19 . 2011-05-04 04:53 1553920 c:\windows\SysWOW64\tquery.dll
+ 2011-09-20 21:20 . 2010-06-29 05:02 1413632 c:\windows\SysWOW64\ole32.dll
+ 2011-09-20 21:20 . 2010-03-24 06:37 1289528 c:\windows\SysWOW64\ntdll.dll
+ 2011-09-20 20:41 . 2010-12-21 05:36 1389568 c:\windows\SysWOW64\msxml6.dll
+ 2011-09-20 20:41 . 2010-12-21 05:36 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2011-09-11 23:52 . 2010-12-18 05:30 2690560 c:\windows\SysWOW64\mstscax.dll
+ 2011-09-11 23:52 . 2010-12-18 05:26 1034240 c:\windows\SysWOW64\mstsc.exe
- 2009-07-14 00:13 . 2009-07-14 01:15 1401856 c:\windows\SysWOW64\mssrch.dll
+ 2011-09-20 21:19 . 2011-05-04 04:52 1401856 c:\windows\SysWOW64\mssrch.dll
+ 2011-09-11 23:50 . 2011-07-22 06:38 5989376 c:\windows\SysWOW64\mshtml.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 4368720 c:\windows\SysWOW64\mfc100u.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 4342088 c:\windows\SysWOW64\mfc100.dll
+ 2011-09-20 20:38 . 2010-05-23 10:11 3181568 c:\windows\SysWOW64\mf.dll
+ 2011-09-11 23:52 . 2011-07-16 04:30 1048576 c:\windows\SysWOW64\kernel32.dll
+ 2011-09-11 23:50 . 2011-06-21 05:34 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2011-09-20 20:38 . 2010-06-26 05:14 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
- 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2011-09-20 21:20 . 2011-02-26 05:33 2614784 c:\windows\SysWOW64\explorer.exe
+ 2011-09-20 20:38 . 2010-11-02 04:35 1074176 c:\windows\SysWOW64\DWrite.dll
+ 2011-09-20 20:38 . 2010-11-02 04:35 1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2009-07-14 04:54 . 2011-09-21 12:29 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-20 21:08 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-20 20:38 . 2010-05-23 08:37 1888256 c:\windows\system32\WMVDECOD.DLL
+ 2011-09-11 23:50 . 2011-06-21 06:20 1197056 c:\windows\system32\wininet.dll
+ 2011-09-11 23:52 . 2011-06-11 02:56 3134464 c:\windows\system32\win32k.sys
+ 2011-09-21 12:23 . 2011-09-21 01:44 1255736 c:\windows\system32\WAT\WatAdminSvc.exe
+ 2011-09-11 23:50 . 2011-06-21 06:20 1499648 c:\windows\system32\urlmon.dll
+ 2011-09-20 21:19 . 2011-05-04 05:30 2326016 c:\windows\system32\tquery.dll
+ 2011-09-20 21:19 . 2010-11-02 05:17 1169408 c:\windows\system32\taskschd.dll
+ 2011-09-20 21:19 . 2010-11-02 05:16 1114624 c:\windows\system32\schedsvc.dll
- 2009-07-14 00:21 . 2009-07-14 01:41 1118720 c:\windows\system32\sbe.dll
+ 2011-09-20 21:20 . 2010-12-23 06:07 1118720 c:\windows\system32\sbe.dll
+ 2011-09-20 21:20 . 2010-06-29 05:39 2085376 c:\windows\system32\ole32.dll
+ 2011-09-20 21:20 . 2010-03-24 06:59 1736608 c:\windows\system32\ntdll.dll
+ 2011-09-20 20:41 . 2010-12-21 06:13 2003968 c:\windows\system32\msxml6.dll
+ 2011-09-20 20:41 . 2010-12-21 06:13 1880576 c:\windows\system32\msxml3.dll
+ 2011-09-11 23:52 . 2010-12-18 06:12 3138048 c:\windows\system32\mstscax.dll
+ 2011-09-11 23:52 . 2010-12-18 06:08 1097216 c:\windows\system32\mstsc.exe
+ 2011-09-11 23:50 . 2011-06-21 06:20 1026560 c:\windows\system32\mstime.dll
+ 2011-09-20 21:19 . 2011-05-04 05:28 2228224 c:\windows\system32\mssrch.dll
- 2009-07-14 00:35 . 2009-07-14 01:41 2228224 c:\windows\system32\mssrch.dll
+ 2011-09-11 23:50 . 2011-07-22 07:34 9322496 c:\windows\system32\mshtml.dll
+ 2011-09-20 20:38 . 2010-05-23 08:35 4068864 c:\windows\system32\mf.dll
- 2009-07-13 23:28 . 2009-07-14 01:41 1162240 c:\windows\system32\kernel32.dll
+ 2011-09-11 23:52 . 2011-07-16 05:21 1162240 c:\windows\system32\kernel32.dll
+ 2011-09-11 23:50 . 2011-06-21 06:19 2458624 c:\windows\system32\iertutil.dll
+ 2011-09-20 20:38 . 2010-11-02 05:12 1133568 c:\windows\system32\FntCache.dll
- 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2011-09-20 20:38 . 2010-06-26 05:31 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2011-09-20 20:38 . 2010-11-02 05:12 1540608 c:\windows\system32\DWrite.dll
+ 2011-09-11 23:52 . 2011-06-21 06:27 1896832 c:\windows\system32\drivers\tcpip.sys
+ 2009-07-14 04:45 . 2011-09-21 12:26 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-09-10 00:47 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-13 20:37 . 2009-06-10 20:40 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2009-07-13 20:37 . 2009-06-10 20:39 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 1576784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 1764184 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 5915984 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-11 11:03 . 2011-01-11 11:03 2761728 c:\windows\Installer\ce19c.msi
+ 2011-09-20 21:53 . 2011-09-20 21:53 7546880 c:\windows\Installer\17cdf7.msi
- 2010-08-09 21:53 . 2010-08-09 21:53 2870272 c:\windows\explorer.exe
+ 2011-09-20 21:20 . 2011-02-26 06:23 2870272 c:\windows\explorer.exe
- 2010-08-09 21:53 . 2010-08-09 21:53 1551872 c:\windows\ehome\wow\ehuihlp.dll
+ 2011-09-20 21:19 . 2010-08-04 06:16 1551872 c:\windows\ehome\wow\ehuihlp.dll
+ 2011-09-20 21:19 . 2010-08-04 07:07 1668608 c:\windows\ehome\ehuihlp.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 1668608 c:\windows\ehome\ehuihlp.dll
+ 2011-09-20 21:19 . 2010-08-04 06:28 6307840 c:\windows\ehome\ehshell.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 6307840 c:\windows\ehome\ehshell.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\fc24d89d06f3274599adcf9a57f80328\WindowsBase.ni.dll
+ 2011-09-20 21:31 . 2011-09-20 21:31 4893696 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\28797f75a7c2976543550e5c02b2ccfb\WindowsBase.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 1458688 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\de9eb8c1d083fe2d7ecab85d072886cf\UIAutomationClientsideProviders.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\2bea2e57037259f28d7b740e2f0d2604\System.Xml.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\2448fc6501587fc8138eae89891ee789\System.WorkflowServices.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\fe558664b470dfb24761adc48ec629db\System.Workflow.Runtime.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\a60bde68bb5c5ba98592d3e24ab9ea20\System.Workflow.ComponentModel.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\dc14c9172a5146a281d8c2ecb5f952a8\System.Workflow.Activities.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\4e8e2f7e84d059a88bb7a22993c32fe7\System.Web.Services.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2c5925a05879633dc1426725b7023aad\System.Web.Mobile.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\ca16a0538eb0d86546c63e84d19f3826\System.Web.Extensions.Design.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\47287ed66e18205e84e20911f61144f1\System.Web.Extensions.ni.dll
+ 2011-09-20 21:48 . 2011-09-20 21:48 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\e6bf0a1b2adf1efd6ebab883dc634d5b\System.Speech.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\b0caf6f02f94a187edc53a49b4adb0a8\System.ServiceModel.Web.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\cd2a3b5ecab5bb3b93a82803910b76aa\System.Runtime.Serialization.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\2b883b1b3bac7472e54a19ac9be34077\System.Runtime.Remoting.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\9a59815de9e4b66926abdc2122de187e\System.Printing.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\66bc0f3f0048ca51d07db725a7d22cfa\System.Printing.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\23ea72bb109d72afc5d4df964032cd43\System.Management.ni.dll
+ 2011-09-21 12:35 . 2011-09-21 12:35 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\ae39465d667bc24a3c86359b6c53945b\System.IdentityModel.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\97eec16d7eac6827700dabc00c368d24\System.IdentityModel.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\e50018ed66598a6f7459391a92a332d4\System.EnterpriseServices.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\d3620681f7e0a412c7f2538b755c7f6d\System.Drawing.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 1229824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\353a45667b6b6b0036cc1fe4d27c1a2e\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\31d5f7b7a9c6d38c35e7a761e3921ad3\System.DirectoryServices.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\bb15e5a74113be1465f33e090b86ec1b\System.Deployment.ni.dll
+ 2011-09-21 12:29 . 2011-09-21 12:29 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\01cae9fd3562547968476632b8c1889c\System.Deployment.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 8692736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\192849be72234e00a96f14fbc965ea74\System.Data.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\55b5fb5ccea726c3196cc9589b2b8148\System.Data.SqlXml.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\7168ff3bc965c024885c6e5747253228\System.Data.Services.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 1289728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\9b7d3c7ba04b72be4cec7305f038cc07\System.Data.Services.Client.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\65d6b1600e01a27e7b7242dcf4b31a7c\System.Data.OracleClient.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\15470b10a2df348ef4d624778e2abb84\System.Data.Linq.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\8dc9cc598a4344274ee860ff425dde6e\System.Data.Entity.Design.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\347f3440a56fa1429f897e786fd21613\System.Core.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\03c9524ad94ac3383e3ebdfec867909d\System.Core.ni.dll
+ 2011-09-20 21:31 . 2011-09-20 21:31 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\73cfabc0e2c95a64432656747f195e73\System.Configuration.ni.dll
+ 2011-09-21 12:28 . 2011-09-21 12:28 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\06fbdb1975e80a82b8c16833d189475b\System.Configuration.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\f0b9b50ccb9f61b7551535b14d16a437\ReachFramework.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\47d6c413913acca1e0cfb3cc78bc9742\ReachFramework.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\5c14e5d6998edc2dbfef5d9ed7b692f4\PresentationUI.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\269a0d1c75dc961b83e55d9955321864\PresentationUI.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\172f53bd171fddd96ffb1b203c4a4b86\PresentationBuildTasks.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\bd7f6da200abe1bcc16d9ed18dba2e70\Narrator.ni.exe
+ 2011-09-20 21:46 . 2011-09-20 21:46 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\ae3a2f8b0aa596b3f9ca1709c0634f04\MMCEx.ni.dll
+ 2011-09-21 12:35 . 2011-09-21 12:36 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\c7b311d86b9b9c8afa1cde518d81aaae\MIGUIControls.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\68b7dd292b9510687c50cda82fcd900e\MIGUIControls.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\972e9a8f7f2f8b8e7bfa7e1f8273acfd\Microsoft.VisualBasic.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 1598464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\7a686606d1a4bc26dee799bfc5cdb4ce\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cbe3081470a86686a6d41fd44d2c2863\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\970e001d91826c31abf911d369712552\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\4d34ac01191487b392dd0a0ebcfa92f5\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\42259c2c256a9c52f8583f4faeb7c819\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0c5e7a17d3622a65fda774d82a594719\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f77cd540d0a9893f4c320df18d8d04b7\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c8013f2721b7878b323689d06e5c903f\Microsoft.MediaCenter.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9c779b405d2590c456a4c175de40f557\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\94f4f44c28575681b9fd41b81ddb1754\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6b3b07ed2384d8042d6e2150f9e2821b\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 3208192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\8866e7cef7ae8e85786b9112f4365abf\Microsoft.JScript.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3c7fcace7ef8a0f916043a1171624a09\Microsoft.Ink.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\d05559c0266c96c40000a1d75e7321b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a1b2b257cb3c64fa48f30f4ba542fbd5\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-21 12:36 . 2011-09-21 12:36 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\8bb0de5c2078b1ce09929caeffff8229\Microsoft.Build.Tasks.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0bca8e9b1a314096012ff30c0bd3749e\Microsoft.Build.Tasks.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\dbc9ac0035d3e47d6eaa51ff9d2d1e8b\Microsoft.Build.Engine.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\4f2ef735b9dc9ae4a09c601ff1f1b7a9\Microsoft.Build.Engine.ni.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\65306b0cba77a9d5f191c4ab6b734de7\mcstore.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 2796032 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\6241c06b17e04b5afdb3fc41b5686d6e\mcstore.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 4075520 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\d4e18c0571f84de710017b7e07d4eeb4\mcepg.ni.dll
+ 2011-09-21 12:29 . 2011-09-21 12:29 4086784 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\44b07d685ed25469307b1493f1008294\mcepg.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\cd95090e70b8a4405c0f6031ed624b2d\ehiVidCtl.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\8f4ea304ab5cef3511ec2248d162ed2b\ehiProxy.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 3434496 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\16263129bf4bbc26e597794343bbfb38\DellDock.ni.exe
+ 2011-09-20 21:40 . 2011-09-20 21:40 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b62622c6f4153b5baa062fb601b2a324\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6bb4290f26e9bb6b31ae6d926099b686\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4c6b4d604d5540b5ad3ff4f1ac22f148\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-09-21 12:32 . 2011-09-21 12:32 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3617705e6731280adeeb493f6c201431\WindowsBase.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3362506b095377f46a4e5bcfed5ac408\WindowsBase.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\6a0f40f6dbe2e8ddac0fbdabe16f7257\UIAutomationClientsideProviders.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 7949312 c:\windows\assembly\NativeImages_v2.0.50727_32\System\bb2b3b9c7c2941a3f485940d59a68131\System.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\447fd8040376beceb8f2572214434843\System.Xml.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\5c3f0929f916211b48a7aec9446479d4\System.WorkflowServices.ni.dll
+ 2011-09-20 21:37 . 2011-09-20 21:37 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\3ea9965489d26fe745d1098178bb3aec\System.Workflow.Runtime.ni.dll
+ 2011-09-20 21:37 . 2011-09-20 21:37 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ece63c4c514f0abd95240a24b66706ab\System.Workflow.ComponentModel.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\611edfe6fa668af843cef5da8a366325\System.Workflow.Activities.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8750f4b6d1280fda60f50e5383ac139b\System.Web.Services.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\38f675c2dd3a1559f32f1a6b3d3ad37e\System.Web.Mobile.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 2400768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0b005b654ce2f8c18d1ca48e8f36ada4\System.Web.Extensions.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b7a40f321fb4adea98a9dfbaa8d7896e\System.Speech.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\117c3a08ebf72b37447185406492c8d9\System.ServiceModel.Web.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3b89775a75816ba02406818cb7d7fc6c\System.Runtime.Serialization.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\49717d33db6d40d5040d22f3605909af\System.Printing.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\335af27aed140789dfd9830a18107d5e\System.Printing.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\2625567942389feae608170ea1f5ef39\System.Management.Automation.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ee517244dd04e809184612e3970e6a78\System.IdentityModel.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1c9d526783dc991a4c0db0adde215f77\System.Drawing.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e12c143e09d4e46a1396255210321c27\System.DirectoryServices.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\83c5a6c9ebb1febe24515059b4bc1dff\System.Deployment.ni.dll
+ 2011-09-21 12:32 . 2011-09-21 12:32 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\21691a99054859380b3207dcc5670aff\System.Deployment.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\179b93bc916180c4648a44b6fd79a1de\System.Data.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e121c1e73fabfce6f229546388585865\System.Data.SqlXml.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6504d87b9fc45d9414fed47f31945997\System.Data.Services.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ac8207fb89974974bc3dfc1c56010fb1\System.Data.OracleClient.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\4a8f03953937ecf6882e9190edd38654\System.Data.Linq.ni.dll
+ 2011-09-20 21:42 . 2011-09-20 21:42 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\1188238dee0393aedb71c70b8803c1fb\System.Data.Entity.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\973d05846f4e315f63dba4479ac1e89b\System.Core.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\874cb7614e4c14a0cde99139a2a6a504\ReachFramework.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\07a71b2c6878c8db198978f53cd8f667\ReachFramework.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f1e7ff17b3ffd2c35a5fc3dd45472212\PresentationUI.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\e51ff5372e0d81af04c5b1004fe1f1fa\PresentationUI.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\2ef20a2309b4bccf6290b3aa37de07bb\PresentationBuildTasks.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\1fc24f0992ed97bb15bccf5ad98779e3\Narrator.ni.exe
+ 2011-09-20 21:41 . 2011-09-20 21:41 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\ce9d6c7435b37bc43e6e2806676a9ae3\MMCEx.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\47f28c923b0c9062889acdafba88b7f0\MIGUIControls.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32bc2e6b27c3721a3bbbebb340f2e1fd\Microsoft.VisualBasic.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0187f7547e74b2dc77198596dacc8400\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ebf1503767d11756387eb8563626a4bc\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3b583f981fcc4b8a5fbaef4e7dcd076c\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\388fc8b1c6f8497b751a0e63bef7fe9b\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c424c4d0539e40057abe1a0aac44002d\Microsoft.MediaCenter.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\34dd2de93606a9e3edb4483abc470e63\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\c1d036e7d21aa16c6ecd5903f1380245\Microsoft.JScript.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\0c1145a01795b927268ef2cb3aae458c\Microsoft.Ink.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9382ff19598e955d4ccf6985efaf54b0\Microsoft.Build.Tasks.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\42589f854ca39465d44ba41d1257b374\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b5de7b818e31fae65bc3da7cf5f2a072\Microsoft.Build.Engine.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 2031104 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\76bce48e363f03fa3701aafa91c1acf1\mcstore.ni.dll
+ 2011-09-20 21:41 . 2011-09-20 21:41 3016704 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\851de2a7e207fcbaac0b06a510c308cf\mcepg.ni.dll
+ 2011-09-20 21:15 . 2010-03-02 23:24 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-20 21:15 . 2010-03-02 23:24 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-20 21:19 . 2010-08-04 06:28 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
- 2010-08-09 21:53 . 2010-08-09 21:53 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
- 2009-07-14 01:01 . 2009-06-10 20:30 3996672 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-20 21:15 . 2010-03-02 23:23 3996672 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-13 20:37 . 2009-06-10 20:39 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-20 21:15 . 2010-03-02 23:24 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-20 20:40 . 2011-03-29 22:31 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-20 21:14 . 2010-09-01 04:29 11406848 c:\windows\SysWOW64\wmp.dll
+ 2011-09-20 21:19 . 2010-07-27 14:03 12867584 c:\windows\SysWOW64\shell32.dll
+ 2011-09-11 23:50 . 2011-06-21 05:34 10989568 c:\windows\SysWOW64\ieframe.dll
+ 2011-09-20 21:14 . 2010-09-01 05:21 14627840 c:\windows\system32\wmp.dll
+ 2009-07-14 02:34 . 2011-09-21 12:47 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-09-20 21:19 . 2010-07-27 14:59 14162944 c:\windows\system32\shell32.dll
+ 2011-09-11 23:50 . 2011-06-21 06:19 12371456 c:\windows\system32\ieframe.dll
+ 2011-09-20 20:40 . 2011-03-29 22:26 10007376 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-09-20 21:31 . 2011-09-20 21:31 10597376 c:\windows\assembly\NativeImages_v2.0.50727_64\System\30e90cfe38228fe5bf43505a85c75f0c\System.ni.dll
+ 2011-09-21 12:29 . 2011-09-21 12:29 17379328 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\cf2384e4b91fc1d484f9a66019fda0fe\System.Windows.Forms.ni.dll
+ 2011-09-20 21:32 . 2011-09-20 21:32 17379328 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2aa384dbdc9e234ef8d43ed9498c3daa\System.Windows.Forms.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 15227392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ef1cc155a27197cea5ae4c4a60c1a900\System.Web.ni.dll
+ 2011-09-20 21:44 . 2011-09-20 21:44 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\5db9f933234d23d75eedf0a4b7bf2331\System.ServiceModel.ni.dll
+ 2011-09-21 12:35 . 2011-09-21 12:35 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\312c2ae845270193db7fb06ad3404da0\System.ServiceModel.ni.dll
+ 2011-09-20 21:46 . 2011-09-20 21:46 11898880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\f2a7ee644f974e98248c807fd6bfb5fb\System.Management.Automation.ni.dll
+ 2011-09-20 21:34 . 2011-09-20 21:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\1bb45aaf0b68b6a87e2b2379f8c5b182\System.Design.ni.dll
+ 2011-09-20 21:47 . 2011-09-20 21:47 13757952 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\90d280a908efb95e20bc989e66009533\System.Data.Entity.ni.dll
+ 2011-09-20 21:33 . 2011-09-20 21:33 19164160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\734a11d85c65c724c3f702db57e2a471\PresentationFramework.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 19169792 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\48130b24fdfe9ecdea2a0605928f25f6\PresentationFramework.ni.dll
+ 2011-09-20 21:31 . 2011-09-20 21:31 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\050c77132da0d15d398e9498e3722b8b\PresentationCore.ni.dll
+ 2011-09-21 12:31 . 2011-09-21 12:31 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\04910590d2ee452c3475fc20cb722efb\PresentationCore.ni.dll
+ 2011-09-20 21:30 . 2011-09-20 21:30 15566848 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\b654f93b365c4463014d8b41152efd54\mscorlib.ni.dll
+ 2011-09-20 21:43 . 2011-09-20 21:43 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\3759625c7775ee5988373bf400b95322\MenuSkinning.ni.dll
+ 2011-09-20 21:45 . 2011-09-20 21:45 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\c1b63226c7684d0064d9a35cf9b5490f\ehshell.ni.dll
+ 2011-09-21 12:30 . 2011-09-21 12:30 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\5b606f0b17c4f474b76e7efbb422ed8e\ehshell.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 12431360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cf5bc818aaa32d558b5f6ea0250f4a10\System.Windows.Forms.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 12431360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\49acca7e29c2bafbc73f8961df8a79d0\System.Windows.Forms.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 11804160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8afbb7f09b1b782b423154b2888e7218\System.Web.ni.dll
+ 2011-09-20 21:40 . 2011-09-20 21:40 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0ccfbe3657388e52229e493acec37334\System.ServiceModel.ni.dll
+ 2011-09-20 21:36 . 2011-09-20 21:36 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a1f477dc540de833f6d6fbfb631807e6\System.Design.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 14318592 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\86b74dd743101ab11c25c66661f449b0\PresentationFramework.ni.dll
+ 2011-09-21 12:33 . 2011-09-21 12:33 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\459fd3c62e2466acabd843936bfa4e6f\PresentationFramework.ni.dll
+ 2011-09-21 12:32 . 2011-09-21 12:32 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d4aec2a0b06a02273cf207b48d4edd13\PresentationCore.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5653656ab637572268f5f5c13107d3af\PresentationCore.ni.dll
+ 2011-09-20 21:35 . 2011-09-20 21:35 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe" [2011-08-31 274216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-20 560128]
.
c:\users\Naim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349825972-939962816-1972536222-1000Core.job
- c:\users\Naim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 22:56]
.
2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349825972-939962816-1972536222-1000UA.job
- c:\users\Naim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 22:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-21 10:00:46
ComboFix-quarantined-files.txt 2011-09-21 14:00
ComboFix2.txt 2011-09-20 21:14
.
Pre-Run: 429,641,445,376 bytes free
Post-Run: 429,575,573,504 bytes free
.
- - End Of File - - B78BFCDD8B0F5C649445829931944A02

Security Check CheckUp.txt:


Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````
I disabled my AVG 2012 and firewall before I ran these, just precautionary so they wouldn't possibly interfere. I had already cleared/formatted my hard drive while attempting to fix this myself before I contacted bleepingcomputer. In a way tragic but in a way sort of spiritually cleansing. :) At least she's working again!

Edited by BlackBeard0, 21 September 2011 - 09:34 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 21 September 2011 - 05:12 PM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Please le me know of any remaining issues.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 27 September 2011 - 08:45 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Surf Safely, and Think Prevention!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 03 October 2011 - 08:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users