Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop slowing down


  • This topic is locked This topic is locked
19 replies to this topic

#1 brian10

brian10

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 February 2012 - 10:29 AM

My wife's laptop has been getting slower and slower it seems like. I know she has several chinese software installed, some of which is for watching movies and some for talking with her parents. So if you don't recognize the name of a program, let me know and maybe I can identify what it is for.

Below are the DDS and GMER Logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Yanfei at 9:00:51 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2705 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIPI = 0 (0x0)
IE: C:\Users\Yanfei\AppData\Roaming\FlashGetBHO\GetAllFlvUrl.htm
IE: Download all by FlashGet3 - C:\Users\Yanfei\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\Yanfei\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: ?????? - C:\Program Files (x86)\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{066B0B78-F842-4780-B8D2-26827A71D8C4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{066B0B78-F842-4780-B8D2-26827A71D8C4}\2375942554434343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{066B0B78-F842-4780-B8D2-26827A71D8C4}\B4557455543545 : DhcpNameServer = 129.237.32.1 129.237.133.1
TCP: Interfaces\{874510F9-F46D-4BD9-8E5E-ACE387F0C3F9} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-X64: XunleiBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
IE-X64: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yanfei\AppData\Roaming\Mozilla\Firefox\Profiles\qx6fa5xu.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(460).dll
FF - plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQ\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\npQQPhotoDrawEx.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-5-4 89600]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2012-2-1 121200]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 TSUSVC;Tencent Software Update Service;C:\Program Files (x86)\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe [2008-12-9 116040]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-9 228408]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-12 00:55:23 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D83D02E-FED1-4A75-92BB-2CDD923D1BD0}\mpengine.dll
2012-02-10 15:24:38 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 15:24:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA494FDD-D77C-4827-A113-8D756F6B232A}\gapaengine.dll
2012-02-05 20:07:15 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 17:59:45 116016 ----a-w- C:\Windows\System32\drivers\49606015.sys
2012-02-04 14:57:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-04 14:57:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-03 20:24:17 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB1DE733-CF50-40E9-BFFF-A78DD3A1F4CE}\mpengine.dll
2012-02-01 17:39:03 -------- d-----w- C:\Users\Yanfei\AppData\Roaming\SAP
2012-02-01 17:38:31 -------- d-----w- C:\Users\Yanfei\AppData\Local\sijab-logs
2012-02-01 17:38:29 946176 ----a-w- C:\Windows\SysWow64\icuuc34.dll
2012-02-01 17:38:29 89600 ----a-w- C:\Windows\SysWow64\libsapu16vc90.dll
2012-02-01 17:38:29 8847360 ----a-w- C:\Windows\SysWow64\icudt34.dll
2012-02-01 17:38:29 843776 ----a-w- C:\Windows\SysWow64\icuin34.dll
2012-02-01 17:38:29 4975616 ----a-w- C:\Windows\SysWow64\librfc32u.dll
2012-02-01 17:37:22 -------- d-----w- C:\Program Files (x86)\Common Files\ESRI
2012-02-01 17:37:21 1228800 ----a-w- C:\Windows\SysWow64\wdba.dll
2012-02-01 17:34:06 -------- d-----w- C:\Program Files (x86)\SAP
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-30 09:24:52 333176 ----a-w- C:\Windows\SysWow64\MMInstaller.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-16 12:53:14 291176 ----a-w- C:\Windows\SysWow64\kindling.dll
.
============= FINISH: 9:01:58.12 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-12 09:29:11
Windows 6.1.7601 Service Pack 1
Running: 23olgnid.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ʒ@\xb4 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ʒ@\xb4 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ʒ@\xb9\xb1\xb8 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ʒ@\xbe 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ʒ@\xbd\xa5\xbe 1

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 12 February 2012 - 12:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brian10

brian10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 February 2012 - 10:25 PM

The only issue I had was that firefox and internet explorer wouldn't start up after running the scan. A quick reboot solved the problem. The computer is still a little slow.

Below is the combofix result:
ComboFix 12-02-12.01 - Yanfei 02/12/2012 13:58:24.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2798 [GMT -6:00]
Running from: c:\users\Yanfei\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\users\Yanfei\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 20:15 . 2012-02-12 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 00:55 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D83D02E-FED1-4A75-92BB-2CDD923D1BD0}\mpengine.dll
2012-02-10 15:24 . 2012-02-04 15:00 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 15:24 . 2012-02-10 15:24 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA494FDD-D77C-4827-A113-8D756F6B232A}\gapaengine.dll
2012-02-05 20:07 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 17:59 . 2012-02-04 17:59 116016 ----a-w- c:\windows\system32\drivers\49606015.sys
2012-02-04 14:57 . 2012-02-04 14:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-04 14:57 . 2012-02-04 14:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-03 20:24 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1DE733-CF50-40E9-BFFF-A78DD3A1F4CE}\mpengine.dll
2012-02-01 17:39 . 2012-02-02 02:15 -------- d-----w- c:\users\Yanfei\AppData\Roaming\SAP
2012-02-01 17:38 . 2012-02-01 17:38 -------- d-----w- c:\users\Yanfei\AppData\Local\sijab-logs
2012-02-01 17:38 . 2011-04-15 20:00 89600 ----a-w- c:\windows\SysWow64\libsapu16vc90.dll
2012-02-01 17:38 . 2011-04-15 20:00 4975616 ----a-w- c:\windows\SysWow64\librfc32u.dll
2012-02-01 17:38 . 2010-02-26 12:02 946176 ----a-w- c:\windows\SysWow64\icuuc34.dll
2012-02-01 17:38 . 2010-02-26 12:02 8847360 ----a-w- c:\windows\SysWow64\icudt34.dll
2012-02-01 17:38 . 2010-02-26 12:02 843776 ----a-w- c:\windows\SysWow64\icuin34.dll
2012-02-01 17:37 . 2012-02-01 17:37 -------- d-----w- c:\program files (x86)\Common Files\ESRI
2012-02-01 17:37 . 2010-03-22 10:05 1228800 ----a-w- c:\windows\SysWow64\wdba.dll
2012-02-01 17:34 . 2012-02-01 17:37 -------- d-----w- c:\program files (x86)\SAP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-01-16 03:08 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 09:24 . 2011-12-06 21:23 333176 ----a-w- c:\windows\SysWow64\MMInstaller.dll
2011-11-24 04:52 . 2011-12-14 03:16 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-12 02:30 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-12 02:30 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-12 02:30 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-12 02:30 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-16 12:53 . 2011-11-16 12:53 291176 ----a-w- c:\windows\SysWow64\kindling.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SAP_WUS_UNT"="c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe" [2011-04-14 95600]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIPI"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0010804]
Ime File REG_SZ freeime.ime
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ UNISPIM6.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [2011-04-14 121200]
S2 TSUSVC;Tencent Software Update Service;c:\program files (x86)\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe [2008-12-09 116040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\HPCeeScheduleForYanfei.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: c:\users\Yanfei\AppData\Roaming\FlashGetBHO\GetAllFlvUrl.htm
IE: Download all by FlashGet3 - c:\users\Yanfei\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Yanfei\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: ?????? - c:\program files (x86)\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Yanfei\AppData\Roaming\Mozilla\Firefox\Profiles\qx6fa5xu.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79DD782F-DD9B-90C8-01AB82140B2B65EB}\{DE7D83BF-EB3B-F5D9-D52C430ACBAFB5F9}\{D743F1FE-35C6-E579-63E67F5CCF1E1FA7}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-02-12 14:23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 20:23
.
Pre-Run: 108,582,473,728 bytes free
Post-Run: 108,836,143,104 bytes free
.
- - End Of File - - 4046B1C7D663CDEBE64C912F77FDA1E7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 12 February 2012 - 11:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 brian10

brian10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 13 February 2012 - 10:24 PM

18:33:01.0069 2768 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
18:33:01.0553 2768 ============================================================
18:33:01.0553 2768 Current date / time: 2012/02/13 18:33:01.0553
18:33:01.0553 2768 SystemInfo:
18:33:01.0553 2768
18:33:01.0553 2768 OS Version: 6.1.7601 ServicePack: 1.0
18:33:01.0553 2768 Product type: Workstation
18:33:01.0553 2768 ComputerName: YANFEI-PC
18:33:01.0553 2768 UserName: Yanfei
18:33:01.0553 2768 Windows directory: C:\Windows
18:33:01.0553 2768 System windows directory: C:\Windows
18:33:01.0553 2768 Running under WOW64
18:33:01.0553 2768 Processor architecture: Intel x64
18:33:01.0553 2768 Number of processors: 8
18:33:01.0553 2768 Page size: 0x1000
18:33:01.0553 2768 Boot type: Normal boot
18:33:01.0553 2768 ============================================================
18:33:03.0238 2768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:03.0550 2768 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:03.0565 2768 \Device\Harddisk0\DR0:
18:33:03.0565 2768 MBR used
18:33:03.0565 2768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:33:03.0565 2768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23211800
18:33:03.0565 2768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23275800, BlocksNum 0x2185000
18:33:03.0565 2768 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:33:03.0565 2768 \Device\Harddisk1\DR1:
18:33:03.0565 2768 MBR used
18:33:03.0565 2768 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
18:33:03.0690 2768 Initialize success
18:33:03.0690 2768 ============================================================
18:33:08.0214 3344 ============================================================
18:33:08.0214 3344 Scan started
18:33:08.0214 3344 Mode: Manual;
18:33:08.0214 3344 ============================================================
18:33:09.0181 3344 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:33:09.0197 3344 1394ohci - ok
18:33:09.0290 3344 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:33:09.0290 3344 Accelerometer - ok
18:33:09.0368 3344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:33:09.0384 3344 ACPI - ok
18:33:09.0462 3344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:33:09.0462 3344 AcpiPmi - ok
18:33:09.0556 3344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:09.0571 3344 adp94xx - ok
18:33:09.0587 3344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:33:09.0587 3344 adpahci - ok
18:33:09.0680 3344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:33:09.0680 3344 adpu320 - ok
18:33:09.0930 3344 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:33:09.0946 3344 AFD - ok
18:33:10.0429 3344 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:33:10.0460 3344 AgereSoftModem - ok
18:33:10.0616 3344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:33:10.0616 3344 agp440 - ok
18:33:10.0960 3344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:33:10.0960 3344 aliide - ok
18:33:11.0022 3344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:33:11.0022 3344 amdide - ok
18:33:11.0100 3344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:33:11.0100 3344 AmdK8 - ok
18:33:11.0147 3344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:33:11.0147 3344 AmdPPM - ok
18:33:11.0209 3344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:33:11.0225 3344 amdsata - ok
18:33:11.0303 3344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:11.0303 3344 amdsbs - ok
18:33:11.0428 3344 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:33:11.0428 3344 amdxata - ok
18:33:11.0521 3344 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:33:11.0537 3344 AppID - ok
18:33:11.0911 3344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:33:11.0911 3344 arc - ok
18:33:11.0989 3344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:33:11.0989 3344 arcsas - ok
18:33:12.0083 3344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:12.0098 3344 AsyncMac - ok
18:33:12.0176 3344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:33:12.0176 3344 atapi - ok
18:33:12.0582 3344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:33:12.0582 3344 b06bdrv - ok
18:33:12.0738 3344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:12.0754 3344 b57nd60a - ok
18:33:13.0019 3344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:33:13.0019 3344 Beep - ok
18:33:13.0128 3344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:13.0159 3344 blbdrive - ok
18:33:13.0222 3344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:33:13.0237 3344 bowser - ok
18:33:13.0549 3344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:13.0549 3344 BrFiltLo - ok
18:33:13.0612 3344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:13.0627 3344 BrFiltUp - ok
18:33:13.0752 3344 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:33:13.0752 3344 BridgeMP - ok
18:33:14.0002 3344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:33:14.0033 3344 Brserid - ok
18:33:14.0111 3344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:14.0126 3344 BrSerWdm - ok
18:33:14.0251 3344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:14.0251 3344 BrUsbMdm - ok
18:33:14.0438 3344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:14.0454 3344 BrUsbSer - ok
18:33:14.0563 3344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:14.0563 3344 BTHMODEM - ok
18:33:14.0735 3344 catchme - ok
18:33:14.0860 3344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:14.0875 3344 cdfs - ok
18:33:15.0156 3344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:33:15.0172 3344 cdrom - ok
18:33:15.0390 3344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:33:15.0406 3344 circlass - ok
18:33:15.0577 3344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:33:15.0608 3344 CLFS - ok
18:33:16.0014 3344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:16.0045 3344 CmBatt - ok
18:33:16.0092 3344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:33:16.0092 3344 cmdide - ok
18:33:16.0170 3344 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:33:16.0186 3344 CNG - ok
18:33:16.0560 3344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:33:16.0560 3344 Compbatt - ok
18:33:16.0700 3344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:33:16.0700 3344 CompositeBus - ok
18:33:16.0825 3344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:16.0841 3344 crcdisk - ok
18:33:17.0246 3344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:33:17.0262 3344 DfsC - ok
18:33:17.0418 3344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:33:17.0434 3344 discache - ok
18:33:17.0558 3344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:33:17.0558 3344 Disk - ok
18:33:17.0699 3344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:33:17.0730 3344 drmkaud - ok
18:33:17.0917 3344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:17.0933 3344 DXGKrnl - ok
18:33:18.0900 3344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:33:18.0994 3344 ebdrv - ok
18:33:19.0462 3344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:33:19.0477 3344 elxstor - ok
18:33:19.0664 3344 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
18:33:19.0680 3344 enecir - ok
18:33:20.0148 3344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:33:20.0164 3344 ErrDev - ok
18:33:20.0413 3344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:33:20.0460 3344 exfat - ok
18:33:20.0756 3344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:33:20.0803 3344 fastfat - ok
18:33:20.0975 3344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:33:21.0006 3344 fdc - ok
18:33:21.0287 3344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:33:21.0302 3344 FileInfo - ok
18:33:21.0583 3344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:33:21.0583 3344 Filetrace - ok
18:33:22.0051 3344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:22.0067 3344 flpydisk - ok
18:33:22.0176 3344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:33:22.0192 3344 FltMgr - ok
18:33:22.0410 3344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:33:22.0441 3344 FsDepends - ok
18:33:22.0597 3344 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:33:22.0597 3344 Fs_Rec - ok
18:33:22.0753 3344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:33:22.0769 3344 fvevol - ok
18:33:22.0956 3344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:22.0972 3344 gagp30kx - ok
18:33:23.0268 3344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:33:23.0268 3344 hcw85cir - ok
18:33:23.0596 3344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:33:23.0611 3344 HdAudAddService - ok
18:33:23.0720 3344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:33:23.0736 3344 HDAudBus - ok
18:33:23.0830 3344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:23.0845 3344 HidBatt - ok
18:33:23.0986 3344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:33:24.0001 3344 HidBth - ok
18:33:24.0095 3344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:33:24.0110 3344 HidIr - ok
18:33:24.0173 3344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:33:24.0173 3344 HidUsb - ok
18:33:24.0563 3344 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:33:24.0563 3344 hpdskflt - ok
18:33:24.0703 3344 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:33:24.0703 3344 HpqKbFiltr - ok
18:33:24.0875 3344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:33:24.0890 3344 HpSAMD - ok
18:33:25.0265 3344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:33:25.0280 3344 HTTP - ok
18:33:25.0390 3344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:33:25.0390 3344 hwpolicy - ok
18:33:25.0483 3344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:33:25.0499 3344 i8042prt - ok
18:33:25.0748 3344 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
18:33:25.0748 3344 iaStor - ok
18:33:25.0889 3344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:33:25.0889 3344 iaStorV - ok
18:33:26.0513 3344 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:27.0168 3344 igfx - ok
18:33:27.0324 3344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:33:27.0324 3344 iirsp - ok
18:33:27.0433 3344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:33:27.0433 3344 intelide - ok
18:33:27.0496 3344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:33:27.0496 3344 intelppm - ok
18:33:27.0792 3344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:27.0808 3344 IpFilterDriver - ok
18:33:27.0901 3344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:33:27.0917 3344 IPMIDRV - ok
18:33:28.0057 3344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:33:28.0073 3344 IPNAT - ok
18:33:28.0213 3344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:33:28.0213 3344 IRENUM - ok
18:33:28.0307 3344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:33:28.0307 3344 isapnp - ok
18:33:28.0400 3344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:33:28.0416 3344 iScsiPrt - ok
18:33:28.0619 3344 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
18:33:28.0619 3344 JMCR - ok
18:33:28.0806 3344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:33:28.0806 3344 kbdclass - ok
18:33:28.0853 3344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:33:28.0853 3344 kbdhid - ok
18:33:29.0071 3344 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:33:29.0087 3344 KSecDD - ok
18:33:29.0134 3344 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:29.0134 3344 KSecPkg - ok
18:33:29.0336 3344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:33:29.0336 3344 ksthunk - ok
18:33:29.0633 3344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:29.0633 3344 lltdio - ok
18:33:29.0789 3344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:29.0789 3344 LSI_FC - ok
18:33:29.0898 3344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:29.0914 3344 LSI_SAS - ok
18:33:29.0929 3344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:29.0960 3344 LSI_SAS2 - ok
18:33:30.0101 3344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:30.0116 3344 LSI_SCSI - ok
18:33:30.0179 3344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:33:30.0194 3344 luafv - ok
18:33:30.0272 3344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:33:30.0272 3344 megasas - ok
18:33:30.0397 3344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:30.0413 3344 MegaSR - ok
18:33:30.0491 3344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:33:30.0491 3344 Modem - ok
18:33:30.0522 3344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:33:30.0522 3344 monitor - ok
18:33:30.0709 3344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:33:30.0709 3344 mouclass - ok
18:33:30.0756 3344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:33:30.0756 3344 mouhid - ok
18:33:30.0834 3344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:33:30.0834 3344 mountmgr - ok
18:33:30.0943 3344 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:33:30.0943 3344 MpFilter - ok
18:33:31.0068 3344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:33:31.0084 3344 mpio - ok
18:33:31.0536 3344 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:33:31.0536 3344 MpNWMon - ok
18:33:31.0583 3344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:33:31.0879 3344 mpsdrv - ok
18:33:32.0753 3344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:33:32.0768 3344 MRxDAV - ok
18:33:32.0924 3344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:32.0941 3344 mrxsmb - ok
18:33:33.0206 3344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:33.0206 3344 mrxsmb10 - ok
18:33:33.0315 3344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:33.0315 3344 mrxsmb20 - ok
18:33:33.0378 3344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:33:33.0378 3344 msahci - ok
18:33:33.0440 3344 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:33:33.0440 3344 msdsm - ok
18:33:33.0534 3344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:33:34.0111 3344 Msfs - ok
18:33:34.0205 3344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:34.0205 3344 mshidkmdf - ok
18:33:34.0267 3344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:33:34.0283 3344 msisadrv - ok
18:33:34.0329 3344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:34.0329 3344 MSKSSRV - ok
18:33:34.0376 3344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:34.0376 3344 MSPCLOCK - ok
18:33:34.0407 3344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:33:34.0407 3344 MSPQM - ok
18:33:34.0485 3344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:33:34.0501 3344 MsRPC - ok
18:33:34.0704 3344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:33:34.0704 3344 mssmbios - ok
18:33:34.0735 3344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:33:34.0735 3344 MSTEE - ok
18:33:34.0766 3344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:34.0782 3344 MTConfig - ok
18:33:34.0797 3344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:33:34.0797 3344 Mup - ok
18:33:34.0907 3344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:34.0922 3344 NativeWifiP - ok
18:33:35.0172 3344 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:33:35.0187 3344 NDIS - ok
18:33:35.0281 3344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:35.0281 3344 NdisCap - ok
18:33:35.0328 3344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:35.0343 3344 NdisTapi - ok
18:33:35.0546 3344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:35.0546 3344 Ndisuio - ok
18:33:35.0655 3344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:35.0655 3344 NdisWan - ok
18:33:35.0731 3344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:33:35.0732 3344 NDProxy - ok
18:33:35.0804 3344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:33:35.0806 3344 NetBIOS - ok
18:33:35.0874 3344 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:33:35.0879 3344 NetBT - ok
18:33:36.0443 3344 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:33:36.0690 3344 NETw5s64 - ok
18:33:36.0918 3344 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:33:36.0973 3344 netw5v64 - ok
18:33:37.0113 3344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:37.0114 3344 nfrd960 - ok
18:33:37.0156 3344 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:33:37.0157 3344 NisDrv - ok
18:33:37.0218 3344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:33:37.0219 3344 Npfs - ok
18:33:37.0291 3344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:33:37.0292 3344 nsiproxy - ok
18:33:37.0399 3344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:33:37.0416 3344 Ntfs - ok
18:33:37.0441 3344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:33:37.0441 3344 Null - ok
18:33:37.0575 3344 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
18:33:37.0576 3344 NVHDA - ok
18:33:37.0892 3344 nvlddmkm (d1db65fdda7af4853ef0994bb111d778) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:33:37.0970 3344 nvlddmkm - ok
18:33:38.0073 3344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:33:38.0076 3344 nvraid - ok
18:33:38.0102 3344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:33:38.0104 3344 nvstor - ok
18:33:38.0193 3344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:33:38.0196 3344 nv_agp - ok
18:33:38.0235 3344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:33:38.0237 3344 ohci1394 - ok
18:33:38.0306 3344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:33:38.0309 3344 Parport - ok
18:33:38.0368 3344 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:33:38.0369 3344 partmgr - ok
18:33:38.0475 3344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:33:38.0478 3344 pci - ok
18:33:38.0532 3344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:33:38.0533 3344 pciide - ok
18:33:38.0583 3344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:38.0588 3344 pcmcia - ok
18:33:38.0632 3344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:33:38.0634 3344 pcw - ok
18:33:38.0686 3344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:33:38.0698 3344 PEAUTH - ok
18:33:38.0846 3344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:38.0849 3344 PptpMiniport - ok
18:33:38.0881 3344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:33:38.0884 3344 Processor - ok
18:33:38.0972 3344 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:33:38.0975 3344 Psched - ok
18:33:39.0068 3344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:33:39.0092 3344 ql2300 - ok
18:33:39.0168 3344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:39.0171 3344 ql40xx - ok
18:33:39.0206 3344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:33:39.0208 3344 QWAVEdrv - ok
18:33:39.0230 3344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:39.0232 3344 RasAcd - ok
18:33:39.0271 3344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:39.0273 3344 RasAgileVpn - ok
18:33:39.0324 3344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:39.0327 3344 Rasl2tp - ok
18:33:39.0353 3344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:39.0356 3344 RasPppoe - ok
18:33:39.0378 3344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:39.0380 3344 RasSstp - ok
18:33:39.0469 3344 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:39.0475 3344 rdbss - ok
18:33:39.0572 3344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:39.0589 3344 rdpbus - ok
18:33:39.0649 3344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:39.0650 3344 RDPCDD - ok
18:33:39.0717 3344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:33:39.0718 3344 RDPENCDD - ok
18:33:39.0753 3344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:33:39.0753 3344 RDPREFMP - ok
18:33:39.0799 3344 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:33:39.0802 3344 RDPWD - ok
18:33:39.0867 3344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:33:39.0869 3344 rdyboost - ok
18:33:39.0909 3344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:39.0911 3344 rspndr - ok
18:33:39.0941 3344 RTL8167 (5b04929ef24f87e239b880faae410e3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:33:39.0944 3344 RTL8167 - ok
18:33:39.0992 3344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:33:39.0995 3344 sbp2port - ok
18:33:40.0098 3344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:40.0101 3344 scfilter - ok
18:33:40.0143 3344 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:33:40.0146 3344 sdbus - ok
18:33:40.0205 3344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:33:40.0206 3344 secdrv - ok
18:33:40.0317 3344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:33:40.0319 3344 Serenum - ok
18:33:40.0380 3344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:33:40.0394 3344 Serial - ok
18:33:40.0495 3344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:33:40.0497 3344 sermouse - ok
18:33:40.0595 3344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:33:40.0596 3344 sffdisk - ok
18:33:40.0631 3344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:33:40.0633 3344 sffp_mmc - ok
18:33:40.0666 3344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:33:40.0668 3344 sffp_sd - ok
18:33:40.0708 3344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:40.0710 3344 sfloppy - ok
18:33:40.0801 3344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:40.0803 3344 SiSRaid2 - ok
18:33:40.0853 3344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:40.0855 3344 SiSRaid4 - ok
18:33:40.0938 3344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:33:40.0941 3344 Smb - ok
18:33:41.0008 3344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:33:41.0009 3344 spldr - ok
18:33:41.0076 3344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:33:41.0085 3344 srv - ok
18:33:41.0114 3344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:33:41.0122 3344 srv2 - ok
18:33:41.0214 3344 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:33:41.0221 3344 SrvHsfHDA - ok
18:33:41.0272 3344 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:33:41.0296 3344 SrvHsfV92 - ok
18:33:41.0341 3344 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:33:41.0354 3344 SrvHsfWinac - ok
18:33:41.0468 3344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:33:41.0471 3344 srvnet - ok
18:33:41.0528 3344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:33:41.0528 3344 stexstor - ok
18:33:41.0572 3344 STHDA (1fedf8d130ce221521b9bad6703b92de) C:\Windows\system32\DRIVERS\stwrt64.sys
18:33:41.0578 3344 STHDA - ok
18:33:41.0698 3344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:33:41.0698 3344 swenum - ok
18:33:41.0774 3344 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
18:33:41.0776 3344 SynTP - ok
18:33:41.0866 3344 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:33:41.0883 3344 Tcpip - ok
18:33:41.0941 3344 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:33:41.0950 3344 TCPIP6 - ok
18:33:41.0998 3344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:33:41.0999 3344 tcpipreg - ok
18:33:42.0047 3344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:33:42.0048 3344 TDPIPE - ok
18:33:42.0066 3344 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:33:42.0067 3344 TDTCP - ok
18:33:42.0187 3344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:33:42.0189 3344 tdx - ok
18:33:42.0228 3344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:33:42.0229 3344 TermDD - ok
18:33:42.0294 3344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:42.0295 3344 tssecsrv - ok
18:33:42.0384 3344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:33:42.0386 3344 TsUsbFlt - ok
18:33:42.0495 3344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:33:42.0496 3344 tunnel - ok
18:33:42.0530 3344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:33:42.0531 3344 uagp35 - ok
18:33:42.0578 3344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:33:42.0582 3344 udfs - ok
18:33:42.0636 3344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:33:42.0653 3344 uliagpkx - ok
18:33:42.0741 3344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:33:42.0743 3344 umbus - ok
18:33:42.0779 3344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:33:42.0780 3344 UmPass - ok
18:33:42.0940 3344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:33:42.0943 3344 usbccgp - ok
18:33:43.0032 3344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:33:43.0054 3344 usbcir - ok
18:33:43.0116 3344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:33:43.0118 3344 usbehci - ok
18:33:43.0145 3344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:33:43.0149 3344 usbhub - ok
18:33:43.0194 3344 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:33:43.0207 3344 usbohci - ok
18:33:43.0355 3344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:33:43.0358 3344 usbprint - ok
18:33:43.0395 3344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:43.0417 3344 USBSTOR - ok
18:33:43.0493 3344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:33:43.0495 3344 usbuhci - ok
18:33:43.0593 3344 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:33:43.0602 3344 usbvideo - ok
18:33:43.0699 3344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:33:43.0700 3344 vdrvroot - ok
18:33:43.0741 3344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:43.0742 3344 vga - ok
18:33:43.0761 3344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:33:43.0762 3344 VgaSave - ok
18:33:43.0802 3344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:33:43.0807 3344 vhdmp - ok
18:33:43.0865 3344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:33:43.0866 3344 viaide - ok
18:33:43.0900 3344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:33:43.0902 3344 volmgr - ok
18:33:43.0953 3344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:33:43.0959 3344 volmgrx - ok
18:33:44.0024 3344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:33:44.0027 3344 volsnap - ok
18:33:44.0070 3344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:33:44.0074 3344 vsmraid - ok
18:33:44.0124 3344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:33:44.0125 3344 vwifibus - ok
18:33:44.0155 3344 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:33:44.0157 3344 vwififlt - ok
18:33:44.0214 3344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:33:44.0215 3344 WacomPen - ok
18:33:44.0461 3344 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:33:44.0464 3344 WANARP - ok
18:33:44.0470 3344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:33:44.0472 3344 Wanarpv6 - ok
18:33:44.0605 3344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:33:44.0606 3344 Wd - ok
18:33:44.0670 3344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:33:44.0676 3344 Wdf01000 - ok
18:33:44.0731 3344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:44.0732 3344 WfpLwf - ok
18:33:44.0764 3344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:33:44.0800 3344 WIMMount - ok
18:33:44.0920 3344 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:33:44.0921 3344 WinUsb - ok
18:33:45.0088 3344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:33:45.0088 3344 WmiAcpi - ok
18:33:45.0149 3344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:33:45.0150 3344 ws2ifsl - ok
18:33:45.0235 3344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:33:45.0237 3344 WudfPf - ok
18:33:45.0274 3344 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:33:45.0277 3344 WUDFRd - ok
18:33:45.0337 3344 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:33:45.0341 3344 yukonw7 - ok
18:33:45.0362 3344 MBR (0x1B8) (d877bef44c668189e4996159141470c7) \Device\Harddisk0\DR0
18:33:45.0433 3344 \Device\Harddisk0\DR0 - ok
18:33:48.0146 3344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:33:48.0149 3344 \Device\Harddisk1\DR1 - ok
18:33:48.0165 3344 Boot (0x1200) (1c5c96d8f1e2a68884bddf3c2628698b) \Device\Harddisk0\DR0\Partition0
18:33:48.0167 3344 \Device\Harddisk0\DR0\Partition0 - ok
18:33:48.0182 3344 Boot (0x1200) (5883edc35fe0544f8d57034d201b8a50) \Device\Harddisk0\DR0\Partition1
18:33:48.0184 3344 \Device\Harddisk0\DR0\Partition1 - ok
18:33:48.0209 3344 Boot (0x1200) (cd4d29d13ed315bd1d3716cccab76e80) \Device\Harddisk0\DR0\Partition2
18:33:48.0211 3344 \Device\Harddisk0\DR0\Partition2 - ok
18:33:48.0226 3344 Boot (0x1200) (caae4e0cfb06b4881fd24cc667ac1618) \Device\Harddisk0\DR0\Partition3
18:33:48.0226 3344 \Device\Harddisk0\DR0\Partition3 - ok
18:33:48.0239 3344 Boot (0x1200) (0ca5027734b18daa7a45b80509554fc8) \Device\Harddisk1\DR1\Partition0
18:33:48.0241 3344 \Device\Harddisk1\DR1\Partition0 - ok
18:33:48.0242 3344 ============================================================
18:33:48.0242 3344 Scan finished
18:33:48.0242 3344 ============================================================
18:33:48.0261 3352 Detected object count: 0
18:33:48.0261 3352 Actual detected object count: 0
18:34:08.0628 2684 Deinitialize success


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 18:36:02
-----------------------------
18:36:02.118 OS Version: Windows x64 6.1.7601 Service Pack 1
18:36:02.119 Number of processors: 8 586 0x1E05
18:36:02.120 ComputerName: YANFEI-PC UserName: Yanfei
18:36:03.504 Initialize success
18:38:04.419 AVAST engine defs: 12021302
18:38:34.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:38:34.597 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
18:38:34.603 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:38:34.608 Disk 1 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
18:38:34.671 Disk 0 MBR read successfully
18:38:34.678 Disk 0 MBR scan
18:38:34.688 Disk 0 unknown MBR code
18:38:34.712 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:38:34.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287779 MB offset 409600
18:38:34.849 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17162 MB offset 589780992
18:38:34.907 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
18:38:35.043 Service scanning
18:38:36.702 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:38:37.630 Modules scanning
18:38:37.639 Disk 0 trace - called modules:
18:38:37.660 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:38:37.669 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005934790]
18:38:37.677 3 CLASSPNP.SYS[fffff8800106343f] -> nt!IofCallDriver -> [0xfffffa8005837b10]
18:38:37.685 5 hpdskflt.sys[fffff8800200b289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b45050]
18:38:44.572 AVAST engine scan C:\Windows
18:38:51.654 AVAST engine scan C:\Windows\system32
18:43:23.285 AVAST engine scan C:\Windows\system32\drivers
18:43:43.004 AVAST engine scan C:\Users\Yanfei
18:49:29.589 File: C:\Users\Yanfei\Desktop\Yanfei\Kathy's Files\Library\200452331535399.exe **INFECTED** Win32:Malware-gen
18:49:52.365 File: C:\Users\Yanfei\Desktop\Yanfei\Library\200452331535399.exe **INFECTED** Win32:Malware-gen
19:00:42.403 AVAST engine scan C:\ProgramData
19:05:12.467 Scan finished successfully
21:22:25.012 Disk 0 MBR has been saved successfully to "C:\Users\Yanfei\Desktop\Computer Cleanup\MBR.dat"
21:22:25.090 The log file has been saved successfully to "C:\Users\Yanfei\Desktop\Computer Cleanup\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 13 February 2012 - 10:45 PM

Hello

do you know what this file is? - 200452331535399.exe



Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\Users\Yanfei\Desktop\Yanfei\Library\200452331535399.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 brian10

brian10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 14 February 2012 - 12:18 AM

My wife said it is an e-book. It is not necessary to keep this file.
Thanks,
Brian


VirSCAN.org Scanned Report :
Scanned time : 2012/02/13 23:14:08 (CST)
Scanner results: 36% Scanner(s) (13/36) found malware!
File Name : 200452331535399.exe
File Size : 694590 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3be517830829d065666a6ea90ac306af
SHA1 : 53e7e7db2eacaebc477057a534ac6d52553e2afc
Online report : http://r.virscan.org/51df69180bbdf4dd78fb9e4ad3f234b6

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120213131427 2012-02-13 0.34 Trojan.Win32.Agent!IK
AhnLab V3 2012.02.14.00 2012.02.14 2012-02-14 6.12 Win-Trojan/Agent.308736.R
AntiVir 8.2.8.44 7.11.21.199 2012-01-27 0.20 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201202091446 2012-02-09 3.87 -
Authentium 5.1.1 201202131923 2012-02-13 2.50 -
AVAST! 4.7.4 120213-2 2012-02-13 0.29 Win32:Malware-gen
AVG 10.0.1405 2090/4808 2012-02-13 0.24 Agent2.COPE
BitDefender 7.90123.7777724 7.41003 2012-02-14 4.27 -
ClamAV 0.97.3 14449 2012-02-14 0.17 Trojan.Spy-63580
Comodo 5.1 11517 2012-02-14 2.22 UnclassifiedMalware
CP Secure 1.3.0.5 2012.02.14 2012-02-14 0.38 Troj.PSW.W32.Delf.oc
Dr.Web 7.0.0.11250 2012.02.12 2012-02-12 11.81 -
F-Prot 4.6.2.117 20120213 2012-02-13 1.05 W32/Agent.KS.gen!Eldorado (generic, not disinfectable)
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 0.50 -
Fortinet 4.3.388 15.206 2012-02-13 0.26 -
GData 22.3871 20120214 2012-02-14 5.81 -
ViRobot 20120211 2012.02.11 2012-02-11 0.86 -
Ikarus T3.1.32.20.0 2012.02.13.80475 2012-02-13 4.87 Trojan.Win32.Agent
JiangMin 13.0.900 2012.02.14 2012-02-14 3.08 -
Kaspersky 5.5.10 2012.02.08 2012-02-08 2.59 -
KingSoft 2009.2.5.15 2012.2.14.9 2012-02-14 1.36 -
McAfee 5400.1158 6619 2012-02-13 12.11 -
Microsoft 1.8001 2012.02.14 2012-02-14 4.17 -
NOD32 3.0.21 6841 2012-01-30 0.23 -
Panda 9.05.01 2012.02.13 2012-02-13 2.85 Trj/Agent.LLG
Trend Micro 9.500-1005 8.774.07 2012-02-13 0.42 -
Quick Heal 11.00 2012.02.13 2012-02-13 1.75 -
Rising 20.0 23.97.00.02 2012-02-13 2.62 -
Sophos 3.28.1 4.74 2012-02-14 6.51 -
Sunbelt 3.9.2527.2 11542 2012-02-13 0.95 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20120213.002 2012-02-13 0.75 -
nProtect 20120213.03 11754821 2012-02-13 1.53 Trojan/W32.Agent.694590
The Hacker 6.7.0.1 v00397 2012-02-13 0.58 Trojan/Agent.wpt
VBA32 3.12.16.4 20120213.0728 2012-02-13 6.31 -
VirusBuster 5.4.1.7 14.1.216.0/78072642012-02-14 2.89 -

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 18 February 2012 - 01:51 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Users\Yanfei\Desktop\Yanfei\Kathy's Files\Library\200452331535399.exe


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brian10

brian10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 20 February 2012 - 09:05 PM

No problems running combofix with the CFScript. The computer is running pretty well now. Below is the combofix log:


ComboFix 12-02-12.01 - Yanfei 02/20/2012 19:13:53.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2691 [GMT -6:00]
Running from: c:\users\Yanfei\Desktop\ComboFix.exe
Command switches used :: c:\users\Yanfei\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\users\Yanfei\Desktop\Yanfei\Kathy's Files\Library\200452331535399.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yanfei\Desktop\Yanfei\Kathy's Files\Library\200452331535399.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 01:14 . 2012-02-21 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 23:49 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BAEE96-29C3-49CD-AD7A-D1F978FB8532}\mpengine.dll
2012-02-15 03:58 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 03:58 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 03:58 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 03:58 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 03:58 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 03:58 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 03:58 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:58 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 15:24 . 2012-02-04 15:00 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 15:24 . 2012-02-10 15:24 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA494FDD-D77C-4827-A113-8D756F6B232A}\gapaengine.dll
2012-02-05 20:07 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 17:59 . 2012-02-04 17:59 116016 ----a-w- c:\windows\system32\drivers\49606015.sys
2012-02-04 14:57 . 2012-02-04 14:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-04 14:57 . 2012-02-04 14:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-03 20:24 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1DE733-CF50-40E9-BFFF-A78DD3A1F4CE}\mpengine.dll
2012-02-01 17:39 . 2012-02-13 03:33 -------- d-----w- c:\users\Yanfei\AppData\Roaming\SAP
2012-02-01 17:38 . 2012-02-01 17:38 -------- d-----w- c:\users\Yanfei\AppData\Local\sijab-logs
2012-02-01 17:38 . 2011-04-15 20:00 89600 ----a-w- c:\windows\SysWow64\libsapu16vc90.dll
2012-02-01 17:38 . 2011-04-15 20:00 4975616 ----a-w- c:\windows\SysWow64\librfc32u.dll
2012-02-01 17:38 . 2010-02-26 12:02 946176 ----a-w- c:\windows\SysWow64\icuuc34.dll
2012-02-01 17:38 . 2010-02-26 12:02 8847360 ----a-w- c:\windows\SysWow64\icudt34.dll
2012-02-01 17:38 . 2010-02-26 12:02 843776 ----a-w- c:\windows\SysWow64\icuin34.dll
2012-02-01 17:37 . 2012-02-01 17:37 -------- d-----w- c:\program files (x86)\Common Files\ESRI
2012-02-01 17:37 . 2010-03-22 10:05 1228800 ----a-w- c:\windows\SysWow64\wdba.dll
2012-02-01 17:34 . 2012-02-01 17:37 -------- d-----w- c:\program files (x86)\SAP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-01-16 03:08 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 09:24 . 2011-12-06 21:23 333176 ----a-w- c:\windows\SysWow64\MMInstaller.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_20.17.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-14 05:16 . 2011-11-03 22:32 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-16 03:48 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-16 03:48 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-12-14 05:16 . 2011-11-03 22:37 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-12-14 05:16 . 2011-11-03 22:37 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-02-16 03:48 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 04:54 . 2012-02-17 00:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-03 01:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-17 00:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-03 01:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-03 01:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 00:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-09 16:43 . 2012-02-20 02:02 45668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-20 23:39 51256 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-14 19:50 . 2012-02-20 23:39 14824 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-361715329-2846929227-1508170076-1001_UserData.bin
- 2011-12-14 05:16 . 2011-11-04 01:35 96256 c:\windows\system32\mshtmled.dll
+ 2012-02-16 03:48 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
- 2011-12-14 05:16 . 2011-11-04 01:41 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-16 03:48 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-16 03:48 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
- 2011-12-14 05:16 . 2011-11-04 01:41 85504 c:\windows\system32\jsproxy.dll
+ 2010-05-04 09:24 . 2012-02-17 00:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-04 09:24 . 2012-02-10 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-04 09:24 . 2012-02-10 16:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-04 09:24 . 2012-02-17 00:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-10 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 00:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-02-03 01:08 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-02-19 23:23 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-16 02:56 . 2012-01-16 02:56 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-16 02:55 . 2012-01-16 02:55 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-04 02:12 . 2012-02-16 03:53 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-04 03:10 . 2012-02-17 00:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 03:10 . 2011-10-14 03:13 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\42d44cc48edbf4d5b19af6d6afc6cd62\System.Windows.Presentation.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\5c5a54c265c044f359659e6eeff29171\System.Web.ApplicationServices.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\5febe9c0db17256605a3c0b906d124a3\System.Windows.Presentation.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\d948214592e9ee62eefecfc06ac37690\System.Web.ApplicationServices.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\361744396ee71dcc435c93226a8a6754\System.ServiceModel.Channels.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC8F9.tmp\Microsoft.WSMan.Runtime.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\265f654b8eed2ac1e42d225a30433c37\System.Windows.Presentation.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\62889e05923a83fa32400e7f3b28f9c6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\c1577aa4e5874f1debc9a63343e5a0d7\PresentationFontCache.ni.exe
+ 2012-02-17 00:25 . 2012-02-17 00:25 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\697c9c4ec947a0a5e21bc9e4c6471b74\PresentationCFFRasterizer.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\2d80e48139b13bf06e85c0c1db06bc20\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\df5c0dac9e7db175acc8a9755942f87f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8a9356f77bd1d1155202f59119ee57c9\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4e53199f22c13aa3e4bc6f063da0aee7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0f361440d7cbda4bf5b44bfbd4623812\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\8cd347067dbe1ec5a79c9d261d2d75d9\LoadMxf.ni.exe
+ 2012-02-17 00:55 . 2012-02-17 00:55 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f15fa2345f2673b95ac0570da21525f2\WindowsLiveWriter.ni.exe
+ 2012-02-17 01:18 . 2012-02-17 01:18 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bcfabefedbeb1188aa4e53769aeac91b\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\df6e2f050af3e7a7676650240ef9d7e5\System.Windows.Presentation.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e66fcffbc602b284e20b6c49f4ac64b6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2463cb2600fc129e38f67974f3553368\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bef92fc6725738f2a261600dab88cd66\PresentationFontCache.ni.exe
+ 2012-02-17 00:29 . 2012-02-17 00:29 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\dcdbd6714f689d7be2a15fe8ed1bc095\PresentationCFFRasterizer.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\7834abeef71f9188bb9d9253d8f807ab\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ef668f1802501935d634458ef637f5e7\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a66c7d26f61bb8e12960441a77159102\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\61a8d567fe6450b5b77584b0044a6979\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\52785c0dca46f1e08b5cf9299fba9ae0\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\183073b14873e3b18951879ae4a8b425\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\824d2cc6a8193a2458ce90e579c8b8f5\Microsoft.Vsa.ni.dll
- 2012-02-12 20:17 . 2012-02-12 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 01:16 . 2012-02-21 01:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 01:16 . 2012-02-21 01:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-12 20:17 . 2012-02-12 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-14 05:16 . 2011-11-03 22:38 231936 c:\windows\SysWOW64\url.dll
+ 2012-02-16 03:48 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
- 2011-12-14 05:16 . 2011-11-03 22:34 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-02-16 03:48 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2011-12-14 05:16 . 2011-11-03 22:28 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-16 03:48 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2010-05-14 23:37 . 2012-02-21 01:01 345592 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-12-14 05:16 . 2011-11-04 01:43 237056 c:\windows\system32\url.dll
+ 2012-02-16 03:48 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-02-05 20:52 630682 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-20 04:19 630682 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-20 04:19 109728 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-05 20:52 109728 c:\windows\system32\perfc009.dat
+ 2012-02-16 03:48 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
- 2011-12-14 05:16 . 2011-11-04 01:39 818688 c:\windows\system32\jscript.dll
+ 2012-02-16 03:48 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
- 2011-12-14 05:16 . 2011-11-04 01:30 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-02-17 00:23 468832 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-01 21:59 468832 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2012-02-12 20:16 421040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-21 01:15 421040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-16 02:56 . 2012-01-16 02:56 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-16 02:55 . 2012-01-16 02:55 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-16 02:55 . 2012-01-16 02:55 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-11-04 02:12 . 2012-02-16 03:53 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-02-17 01:18 . 2012-02-17 01:18 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6bdb6c455153a223a2180c883ea5a06c\WindowsFormsIntegration.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\8df6331b51fe3ae5b9d0cf8c582d3f84\UIAutomationClient.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\6bc2cf9d31ae7e22349af3ddb1306c96\System.Xml.Linq.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\f9e5fcb862d898327924fcac2ff47c4d\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\5f61f0305f22aed705e0680f58fc5d89\System.Transactions.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\6afb4b90a21aae2e499f577b92102b85\System.ServiceProcess.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bfb5e1c0961fe330c89c043a188cc807\System.ServiceModel.Routing.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\671c48760746239f2dfb0b64a7413624\System.ServiceModel.Channels.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\d8342f4b914e190a9e5c89c7703dd11f\System.Security.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\9426384a1d2d2e815e093a0fe88da585\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\73d3849c909668636452b43f54edb54e\System.Runtime.Remoting.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\21fa922f90a47d10fd11107efff5ea4f\System.Net.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\c07fc2256ec2210bfd7f7abf1639833e\System.Messaging.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\655c314109b3ab211e13b88d0769651b\System.Management.Instrumentation.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\cf1c0c4152c5548179dd3e2870f25cc4\System.IO.Log.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\d8dc2ea040e12c679b5d779370a19e58\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\994e60f26b11755207e9c7ebb9fd688b\System.Dynamic.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\bc62e3c6c42db6e63c18038e9bac5a5c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\5373b5adf6f12ca3ac8806827259a986\System.Device.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\938f42c2d694b3935ca890fee7d0c8a7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\cde466cd9b88dc7857c40ac43bf7632c\System.Configuration.Install.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\081bebeff0574ed1969b05eafab5b342\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\e88489a8cc6a68a7ebb4617d1a20e5e7\System.AddIn.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\ba36345815c2011c3f054ebee01a0569\System.Activities.DurableInstancing.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\70edc7fbf7505880ab1652b35f6e9517\SMSvcHost.ni.exe
+ 2012-02-17 01:14 . 2012-02-17 01:14 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\9d160b8d7c69ce50ac1db59a8fa2bcb5\SMDiagnostics.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\dbb2bb145d0bac0d0615f52739ad2702\PresentationFramework.Aero.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\4d9a6f376f83a6ea5b71a678566ee1de\PresentationFramework.Royale.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3ec560f5f3b643e02b6025363034d624\PresentationFramework.Luna.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1767cdd5d245b5087045d1ad2fbdd8fd\PresentationFramework.Classic.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\3002d0322acd6f6dd016bd8105bedf51\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\385ffb17c4890d76682d1d0c81f39e09\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bfab3d0d973b05366401b15f6ab8febb\WindowsFormsIntegration.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\f4d55487b0e1eae2de72e1d8e14c4781\UIAutomationClient.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b16aace2ac6c7e7d6849f3a683776cd1\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\07db951fbbd939fc70b0b91a8fa83185\System.Transactions.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f9977bade8fa997882aa57b430820765\System.ServiceProcess.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b6b9eeba0eaffb7691e9fd06c4f3dd10\System.ServiceModel.Routing.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\012cb4a4bd973425eac0dbe52cdcc721\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e558d70a5dbc430b5a2904eec156749d\System.Runtime.Remoting.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6ddba0a0ef4a512f8de2b3feacb8bd4a\System.Net.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ae04414918ec66af305d771a18d8b3c\System.Messaging.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b2990e7dd2ce6c1ec99e4f27f766beb0\System.Management.Instrumentation.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3ee79197b362398995eba1a67e83d865\System.IO.Log.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3e177995dd026b939dc8b6769c77e60f\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\746a79ac47809d2658daf85f2b5a2ad9\System.Dynamic.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4946d4a8b1301179885c0621ac7120ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\171d40509eccb741a5a4a0908b41c840\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\eca593b1efb8f28f8204c841d6f875f2\System.Device.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8cec191afd4e0abc87ed7e93f814f1fc\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\36c77d53335088d10774054af4dfc034\System.Configuration.Install.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a58dbf4346bc2bd65df689cb6b25326c\System.ComponentModel.Composition.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\3924f7fd82f46e76f3b89b9828c3587c\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\b323b1cd4f7e891c9b2def688895cd37\System.AddIn.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\89c1fb7b7684036e32dafff798d1a744\System.Activities.DurableInstancing.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\2dca989632203f2bc603d76492aff1f3\SMSvcHost.ni.exe
+ 2012-02-17 01:21 . 2012-02-17 01:21 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ed5c98553688c7bd5fa0459ddc629bf\SMDiagnostics.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\870a3f81e3fa889dfd5f63ea813d1bb5\PresentationFramework.Royale.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5bf1ff80129ae0bca17f47ccf3dbc0c4\PresentationFramework.Classic.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\590ab08a24d15cb6891608c80fdebb1a\PresentationFramework.Luna.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3af662b73b0b3390467aa31f415992c7\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4a9409b232987a471b8437cd0a35a3ea\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\600f8ca5fcc54f10623903952fcc10ac\WsatConfig.ni.exe
+ 2012-02-17 01:12 . 2012-02-17 01:12 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ddb96c334583dc79463edcb14ae16c99\WindowsFormsIntegration.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\152b577b846875cb3ac5e2097451daf0\UIAutomationClient.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\fb5fce5cf09733b71a796d1da399f07a\TaskScheduler.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\bc3bbe78635aeacaeea3b310ea5ff002\System.Xml.Linq.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\894b696a87ad47b5e18ac89954813a94\System.Web.Routing.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ed681c0aefa909f528d50d0d7f87b799\System.Web.RegularExpressions.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a6885ee42ea49eb80f1bd18a5252684d\System.Web.Entity.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\88ffeea88ac9ce23de0c5a27a95e773a\System.Web.Entity.Design.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7a311c3305dbbd5cfa2613997608a4ae\System.Web.DynamicData.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e5069f3c90b4413dd2f3dc226c80bc68\System.Web.Abstractions.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\caa6d0e3ec056ab964616da777c2fcb1\System.Transactions.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\872d9ab7e9259b407668c38b6112499e\System.ServiceProcess.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\ffc67ee81b75ac04dfc1fee6a7fef8c5\System.Security.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\bc8c5bdae37a113b2274279ceb94d6d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e238ca4ca02f9309283c98e1a4235bbd\System.Net.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\c340633057ed6b9ffcf2214cb348a1fa\System.Management.Instrumentation.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\c24a84d54ad05618cf6cab545c31b06b\System.IO.Log.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\f1fd4593259aaf5fd2b2e9a7aed2d8cb\System.Drawing.Design.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3c2c8f083f34a3c75e0aa17ef9ac4127\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\be6635364f1af379afff83dd877a4e03\System.Data.Services.Design.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\027959159200e828ccfddaef5f01b3a9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\e71e38d2ca2cd291467d890336f45931\System.Configuration.Install.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\8c954be3f8d070b1364844741ff4b4b1\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\bd9159951d0caa9bf5c90c44fc96661b\System.AddIn.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8bfc7a328911ae69686576bd24f4f771\SMSvcHost.ni.exe
+ 2012-02-17 00:55 . 2012-02-17 00:55 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\cc864feeea3e918e3d9790b301bb2004\PresentationFramework.Royale.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ab440c134c4d619f82ba6eab569c8fed\PresentationFramework.Luna.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e79d12dc8bede29dc337dba8d803bfa\PresentationFramework.Aero.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e6121dbd31ce6b51354b38075dc9007\PresentationFramework.Classic.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\9c808282a0cfdc5bafcb43e1778d97d6\napsnap.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\616ce317134d4225fc7eec80f9351855\napinit.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a4b5d98bf175a3f10c47f223195c34b0\MSBuild.ni.exe
+ 2012-02-17 00:56 . 2012-02-17 00:56 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\04532b2b5174ca249e01a8b21d0ba6fd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5cd854d075caf8b50de3c803b4303e03\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b2438f632ab1dcbb1cb91c5a1226aaf1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d7f5b39fba028d2f9e2b3a772845a2a6\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\71542ecf96342dc1464fe471852be89a\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bafa5e2dc431bb12108395cf2e18773\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\c467a4d9eeda620e3e7602a9ecf9ae76\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe
+ 2012-02-17 00:55 . 2012-02-17 00:55 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\2ce02776e0f2f1770f4bb77e1f6d7472\MCESidebarCtrl.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe
+ 2012-02-17 00:55 . 2012-02-17 00:55 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll
+ 2012-02-17 00:54 . 2012-02-17 00:54 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-02-17 00:54 . 2012-02-17 00:54 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\105e77fbca8c5bb29988f3847b0d599f\WsatConfig.ni.exe
+ 2012-02-17 01:19 . 2012-02-17 01:19 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\378a75654ab243a7c87425580ef5247f\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e8295ba92cc9500c11e4326da94aa23d\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccd8a870d49f1f6901964f3009e44704\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bc3de6e386e49d56770ce7026b0b0b42\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa6f0d8e2ce841ad6cfa150e7d19cbbf\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8fb8f7ad92da63392ebd50214f98966c\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\613e9162c5a92e05695b8ec520b6a6f5\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\54a1c00276597643ced64cad94707c44\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\52df063720cfdfb7e286e6c575bcdc98\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dc4ea44bcc90dc7fdd088969895feb6\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\369786c29e4bb601f95f4c9f38ca4fb1\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\22e9d9744c2bf7881ac1662232d688c2\WindowsLive.Writer.Api.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\203986a6f0128bf77b62f19d8b1076cf\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\7d367b5b97b897ff0e52d30b0a02d4ba\WindowsLive.Client.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d0972fea9e965a565c3cff76982709db\UIAutomationClient.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ff345d3a2aaafb8a960c3d400e3c11a9\TaskScheduler.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\43e0731fbb58632563909f1fa5dfe063\System.Web.Routing.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\84ee5a23a20b65773686657254ea9831\System.Web.RegularExpressions.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\95f94674ddc4b1224df94bd7ae19c9ef\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4c569a365154300e49ab3450f74c2618\System.Web.Entity.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fb21c5770bc64fc4105787238842f70d\System.Web.Entity.Design.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\785e2ad4125cef423bc367b37fabb71c\System.Web.DynamicData.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\685fb72f0189330eda1d62176fb38996\System.Web.Abstractions.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2273d6ab12c9ae0d52842a84d586b8df\System.Net.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b5930434d0d624701114e014513c9041\System.Management.Instrumentation.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7651951311f9d134e6bc08be7dc9ddc7\System.IO.Log.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\eebb837dbb8e5781e448c72eeda27983\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\344d3289061b28a0f7fb19229f45bb9c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\6a6642467bcccf0345c5e9139e7fd9ae\System.Data.Services.Design.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c1cf8e31da405f07780fa7b0f28cc650\System.Data.Entity.Design.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\71400a36c8621388031e00075f2fc8e9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\47e25ae9163f4624a66f99ede0ea98fe\System.Configuration.Install.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\17b78ffee2144cf38f024e73b131158d\SMSvcHost.ni.exe
+ 2012-02-17 01:19 . 2012-02-17 01:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcb09488417e40b6f7f7737f737bbfd\PresentationFramework.Luna.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbd1929fa377b354903e37469838d9a1\PresentationFramework.Classic.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4ff6c887092d4db687441d71e2c812ff\PresentationFramework.Royale.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\62531ec9534c96e83de2bbd4edfd07e8\napsnap.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\bb49eea48fd5f546afc6d5be634d3cb9\napinit.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ac4095081957a001a6174c0b9f7f195\MSBuild.ni.exe
+ 2012-02-17 01:19 . 2012-02-17 01:19 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\bd5a72adac7a95585984d5bcce994b71\MMCFxCommon.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\928fb6b2401fffd8cc993578c3a04acd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\481b6ebea3e357f29a4ec0e8193d36d3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eda566c4dc6595779c3c9dfc359575ed\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4f6b6f33d84b7f438c3f3b66f0336d\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\951235283ff1d4a91ffaa92ea8693249\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5f7928a2ffe462f16e25f03be01966e9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2015eca4346e34310e958089b22a9c62\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6386ef67ed70f53fe6424246d256190d\Microsoft.ManagementConsole.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c8e128b5e6ceee852cb1f8c165c2177e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9795da40a8ee0bc54e91792de7422152\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\be7ad749a064283deab76fad38bf2930\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\f42105699650a206e2ae439ac54ad40a\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\886a8c3d4f00567df779318fea56f28a\mcstoredb.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\58ea1059f397ccd13d6a8d94d7be7830\EventViewer.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\9d5219961228fb5236c843ea75c69d39\ehRecObj.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe
+ 2012-02-17 01:19 . 2012-02-17 01:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\39ab6b73bdbaac85b90cc561761916f7\ComSvcConfig.ni.exe
+ 2012-02-17 01:18 . 2012-02-17 01:18 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\d89086a63a9d85aa9d719d7088e5ae69\BDATunePIA.ni.dll
- 2011-12-14 05:16 . 2011-11-03 22:39 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-02-16 03:48 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-02-16 03:48 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
- 2011-12-14 05:16 . 2011-11-03 22:40 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-16 03:48 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll
- 2011-12-14 05:16 . 2011-11-03 22:32 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-02-16 03:48 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
- 2011-12-14 05:16 . 2011-11-03 22:46 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-02-16 03:48 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll
- 2011-12-14 05:16 . 2011-11-04 01:44 1390080 c:\windows\system32\wininet.dll
+ 2012-02-16 03:48 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-02-16 03:48 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
- 2011-12-14 05:16 . 2011-11-04 01:46 1345536 c:\windows\system32\urlmon.dll
+ 2012-02-16 03:48 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll
- 2011-12-14 05:16 . 2011-11-04 01:36 2144256 c:\windows\system32\iertutil.dll
+ 2012-02-16 03:48 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-02-01 22:02 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-17 00:25 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-26 20:46 . 2011-10-26 20:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2012-02-15 03:58 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2011-08-09 22:12 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-10-26 20:46 . 2011-10-26 20:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2012-02-15 03:58 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-08-09 22:12 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-16 02:55 . 2012-01-16 02:55 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-16 02:56 . 2012-01-16 02:56 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 03:56 . 2012-02-16 03:56 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-26 22:36 . 2011-10-26 22:36 2829312 c:\windows\Installer\902b2.msp
+ 2012-02-03 21:13 . 2012-02-03 21:13 4988928 c:\windows\Installer\902a6.msp
+ 2010-11-04 02:12 . 2012-02-16 03:53 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-11-04 02:12 . 2012-02-16 03:53 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2010-11-04 02:12 . 2012-02-07 05:39 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-17 01:13 . 2012-02-17 01:13 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\9d5feeb6727e222673d5bd89f0620ddd\WindowsBase.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\68f44d619637fac197ee6c8ac9f2aec9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ff247393a6deb90d63811aa88c84dc7e\System.Xml.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e158bd31f13cbc20f6fc7c7f426113d7\System.Xaml.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\843d0370292b7b124f9b9231f87e8e6a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\be0e793afecb54a67a688e4528676e70\System.Web.Services.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\ae3a837b63de8d3f3fc63a7bfc16589a\System.Speech.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\aec154cbfb0eec1497fb89ebd6deb344\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\80b8b6324a73493227b2672b2d6820d3\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\717540eea541a2769a6cf621fd948678\System.Runtime.Serialization.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\dc7fbde064d5710780a6b8f27554dc57\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\31c34917df5f24f1ffdd62bfa23f2fb7\System.Printing.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\15112a35e0e355fc344792e49c41628f\System.Management.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\bffc049b6775c3f6f144917a4387a0be\System.IdentityModel.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0443ad47a6be56beca12a7a13261c8ed\System.Drawing.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d94ef12e883b2354af26f19ec7e25110\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\026c74ff72ba4fce837134953778e755\System.DirectoryServices.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\e8e5fcc8e7eb9ce898be3c22e8902ee4\System.Deployment.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\8d734fe538fe6f226eab465c8d8e3d5c\System.Data.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\83aa1c4f17f57067d3be29e560331349\System.Data.SqlXml.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\6a0bcd0e756819ea795b161d2156e9a8\System.Data.Services.Client.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\1548624d8ec5142825864c5f59be9b49\System.Data.Linq.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2672be84bcad1c772163d15db0e2864e\System.Configuration.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\228bb21cab2c9ce2f69d5e24a9352a3f\System.ComponentModel.Composition.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\36f5aa69b510e3aeb24ef402d12c20e0\System.Activities.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\7be5ac01354a0c03d5587607687de1e1\System.Activities.Presentation.ni.dll
+ 2012-02-17 01:16 . 2012-02-17 01:16 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8d549e47084ec2661c944a1eeb9a2be5\System.Activities.Core.Presentation.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8d8f46afc9b2b65144f29a609f63398e\ReachFramework.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\735f127d0957bacdfe6522f0b8a2dcb0\PresentationUI.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\710482e876a08aaf596a1418b13eb349\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6b82e7a7001a661cb712067b75b7c5ec\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\60ff6c1510fb0e2d70e616650eb7ae47\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2e6537fafd64c81032b0aaebb7d3180a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f38dbc9d7ebe981a7c22b72dffb4a2af\Microsoft.JScript.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1cf22b5ea0ef63e71b6416a36b656b8a\Microsoft.CSharp.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\de58d9a7cb1ebe18d9519943fb351105\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f0d119151e7a4d59698125eb4b4275ee\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4d39c6a77db47caf40787ec818691ded\System.Web.Services.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\572316066654286b4629c0a680a76e1b\System.Speech.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4d1a64fc317c7d5de7321ef42d9443aa\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26150ab602b494d300ae488f81dbef9b\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7aa036e91909e1bc5e1d35b673defab2\System.Runtime.Serialization.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a2011e79b6ef1c5381d110f75685008c\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\dcbff6c9c548b51344cc4ad4893646b2\System.Printing.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38b6bf7d0ee6cea88d785e52e991627c\System.IdentityModel.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94f406f804865ec1ef81acaf426e48ca\System.DirectoryServices.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d612e5ab6df30b2018730c781e979ce8\System.Deployment.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\79ff5fcb68fc0f3dce4571f8fa950a51\System.Data.SqlXml.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\6bbce53ef9b6e8b9204929342f503647\System.Data.Services.Client.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\ae45172466a99ef79ed2ab3ae5ad0ef9\System.Data.Linq.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\3d60413b16725524801275d92249169b\System.Activities.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\bb8932dfd01f4c645f9902fd703cde49\System.Activities.Presentation.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d92c6df050f16ca2610191d283d826bb\System.Activities.Core.Presentation.ni.dll
+ 2012-02-17 01:22 . 2012-02-17 01:22 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6f94955023126311d6aaa840f8852023\ReachFramework.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a593524fad58317c70d237d214a25204\PresentationUI.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\70a16497eb1cc16502203fb15014fd35\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5c70caccfbb0d9706fc30b6cd9fc05f2\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2308d9bc9e1b4fa300140d447aa34d51\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\38b6c0eb820c7b8ce3efb4bdfb6ba480\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\5beb57c4dedf5103ee84b16d0d269093\Microsoft.JScript.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\bc7e22b7991a4f23c6bb9e83e2241d05\Microsoft.CSharp.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\a6d9b6658c7778345cc60fe0d9bb6e64\WindowsBase.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\dac9f71ca1332da2a359e2d07589b7e9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\e04d9231de2f5d2ababdb425df670e63\System.Xml.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5571a92171f93c8a4806b9f1805f1c56\System.WorkflowServices.ni.dll
+ 2012-02-17 00:27 . 2012-02-17 00:27 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\3b2e60a9cfedffc4c850f1d0ef17e5e1\System.Workflow.Runtime.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\809f0c7c2d0233f086f83b75f6aa9560\System.Workflow.ComponentModel.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f09110bd4c01129e8ef2e345e8b58920\System.Workflow.Activities.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\28c5f5bb725935286936596e3f5f4f38\System.Web.Services.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2b012fd0a270bdac848843047bb93312\System.Web.Mobile.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cf203792167bd243b057b8daf79e0d98\System.Web.Extensions.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\7f261dc1eaa3e4e0b93c44678888dd44\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\a49bc70b640e21c9bcecbd8122203283\System.Speech.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\8ef813ce3f85ea3b3f499d734ac8019e\System.ServiceModel.Web.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\8b193e216f8cf8cd74d7f63cc3ebd2d9\System.Runtime.Remoting.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\1194371f7bf016fa5f5db6a6003af63e\System.Printing.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c52a4ed4a4d301b51cae24e0d0b28ac\System.Drawing.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cc26a70ca09b5e09736df4f2f4af045a\System.DirectoryServices.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\48a91957a4b86c3bcebec68eb1471def\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6d33e51aa1dd1c4c8ac5bff1c7ad7b4b\System.Deployment.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\bc98c6a47226c05d244f7ffb07b6d6bf\System.Data.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\134d55401aae7ef73c10ad743774127f\System.Data.SqlXml.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\2dd10ff57a987aa347518b0abfcaf8b3\System.Data.Services.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\0177f6ff2b3faf1805b3ba63e0e20ad0\System.Data.Services.Client.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\7892bc65d0be332ab0d4f5dae01d2c3c\System.Data.OracleClient.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\dd28d55dd94fb4d1e4dca6393e4b15a4\System.Data.Linq.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\caf124d5431e8d8aba046e54a8b7dea5\System.Data.Entity.Design.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\da9e586395168489e96323c7cbd635a3\System.Configuration.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c2b60ec84728f2a0b99f2113ed7eba37\ReachFramework.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d5b793b7c0429d61e51fe917d1066df8\PresentationUI.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0618574a66f03040f765c43693bf58f6\PresentationBuildTasks.ni.dll
+ 2012-02-17 01:10 . 2012-02-17 01:10 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\24f9a2d494b01bcbc6919f60a278c715\Narrator.ni.exe
+ 2012-02-17 01:10 . 2012-02-17 01:10 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8988116626390eae76ef9e492c0e2894\MMCEx.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\e05059a258a8b75d8981f29ecd9baf72\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ecc930a57b339ba3d126b05b2d756a01\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\713f3cf6037ed7047485c738934f9054\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5e550f8b6414d82551174d1dd0f8f15c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\2ec15928bc76c2a6af54ad507c513cd4\Microsoft.Ink.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a468e7062f69218aada710149fe64a9f\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5831e8e7ec7a294d7daf5d20ea697176\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\57f2870b60df33107c4360c356da72b7\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\34b4db9f6a72b19fe1842e9f6fdad5b7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c463ccf17b00f16ed8e60a6ba1cb46e5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\99f03be29e7f6de2f4bc278b83f0761b\System.WorkflowServices.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ee22bb1fef89981da77783c69aa1f154\System.Workflow.Runtime.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5fc69203193c26b91b068695b00bcebf\System.Workflow.ComponentModel.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e5bfe89d19b368c5eb64bdf2c3c29d7a\System.Workflow.Activities.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0eada94e6fc22ecdf69ec412fe7df0b9\System.Web.Mobile.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8ae9ee071050afc6dce19f5248817d66\System.Web.Extensions.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8e4b0ae89bdfbe3eac1b79dacef4ef79\System.Speech.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e20ce129c23781d9a8430b63edc3c24e\System.Printing.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f4d8c56c790b998bd1bb971905bfae78\System.Management.Automation.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d7621134717a86f5062dcf80206ab164\System.Data.SqlXml.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5\System.Data.Services.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3763b8ac5fa0a96ad5100a53b10b4449\System.Data.Services.Client.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c3e0c299c00016b5ffb5006bc32dd0db\System.Data.OracleClient.ni.dll
+ 2012-02-17 01:21 . 2012-02-17 01:21 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1fe993f1045190570a2c69cb32f9d62d\System.Data.Linq.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:21 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\932542a144496e3a9cb9155270fd4492\System.Data.Entity.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9f09338d4240f6ea19318665fcea008f\ReachFramework.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\10d61b241fbf27d82942eecb454105e1\PresentationUI.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2c547794ac1c167fe24904e6848d5cc\PresentationBuildTasks.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\308236e39e3ad82c6b5bfa2d955735e3\Narrator.ni.exe
+ 2012-02-17 01:20 . 2012-02-17 01:20 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b792eec16fb24a0f73ca20e1551bfcbf\MMCEx.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\44f2bd588202e6bdacf0b867c7011057\MIGUIControls.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86fa49490bc929adf75488903f0dac4b\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\413c3be0ba8ed04984a0bb3044e0c2e0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f66392066352b804d8022664e7bf8de\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\558d4558f0857891cf0d41d818e7b490\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll
+ 2012-02-17 01:20 . 2012-02-17 01:20 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\09cea564f5888335ef97bd104d7e4ea6\Microsoft.JScript.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ca0dacd1a4dc23e5d7bb3e6548282b6b\Microsoft.Ink.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e566cc5fe7ad95b0a9fca152b335b551\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2b23923536c41d0fb8ab658f6c9a95c1\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b8459651fae37b63ab314350a8eff8a\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\103b0155f85ff08fc9940bd0c3aa0128\mcstore.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\c28c1427f0691e070b77b4ad97000e4c\mcepg.ni.dll
- 2011-08-09 22:12 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-15 03:58 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-15 03:58 . 2012-01-04 08:59 12872704 c:\windows\SysWOW64\shell32.dll
+ 2012-02-16 03:48 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-02-16 04:15 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-02-15 03:58 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2012-02-16 03:48 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll
+ 2010-05-17 04:42 . 2012-02-16 03:51 54585368 c:\windows\system32\MRT.exe
+ 2012-02-16 03:48 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll
+ 2010-05-14 19:59 . 2012-02-21 01:15 43320256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-361715329-2846929227-1508170076-1001-8192.dat
+ 2012-02-17 00:27 . 2012-02-17 00:27 20333056 c:\windows\Installer\52670.msp
+ 2012-02-16 03:57 . 2012-02-16 03:57 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\bbcac65b1d0045229354424a7595e258\System.ni.dll
+ 2012-02-17 01:15 . 2012-02-17 01:15 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\97347a1967260991cca95e94b5ba2d41\System.Windows.Forms.ni.dll
+ 2012-02-17 01:18 . 2012-02-17 01:18 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\49314ff27e3a21bbb1fb675a295f6571\System.ServiceModel.ni.dll
+ 2012-02-17 01:17 . 2012-02-17 01:17 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\78e35b4bf12ee4833ed720a490e958f2\System.Data.Entity.ni.dll
+ 2012-02-17 01:12 . 2012-02-17 01:12 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\fcefa2871c7dc4d397ff8c6f92abf0d5\System.Core.ni.dll
+ 2012-02-17 01:14 . 2012-02-17 01:14 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0dddbe96a81cd6869f9643fa2809d71\PresentationFramework.ni.dll
+ 2012-02-17 01:13 . 2012-02-17 01:13 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\efb6d518bb284cdc29a96068726320c0\PresentationCore.ni.dll
+ 2012-02-16 03:57 . 2012-02-16 03:57 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b711fe4f8f23da12b205be1d231d4e2e\System.ServiceModel.ni.dll
+ 2012-02-17 01:23 . 2012-02-17 01:23 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\0816c3b4ab4f25931be80ef29db36024\System.Data.Entity.ni.dll
+ 2012-02-16 03:58 . 2012-02-16 03:58 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
+ 2012-02-16 03:58 . 2012-02-16 03:58 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\d5bc322d03a6628891b1e1232c4815af\System.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\87a79dd88275c7e7536a0476f2ed79aa\System.Windows.Forms.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\3ea6f4cb8bba38f9d66275c36dd8825e\System.Web.ni.dll
+ 2012-02-17 00:55 . 2012-02-17 00:55 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll
+ 2012-02-17 00:57 . 2012-02-17 00:57 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll
+ 2012-02-17 00:26 . 2012-02-17 00:26 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\0ad116b6a293e4fad1add26610df466d\System.Design.ni.dll
+ 2012-02-17 01:11 . 2012-02-17 01:11 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\00b730e56986ad4f378e420fa8606395\System.Data.Entity.ni.dll
+ 2012-02-17 00:25 . 2012-02-17 00:25 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\be975224912fc63f0398ad0c969ba144\PresentationFramework.ni.dll
+ 2012-02-17 00:24 . 2012-02-17 00:24 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0fa603af6ee814498c20f46e00e5f891\PresentationCore.ni.dll
+ 2012-02-17 00:56 . 2012-02-17 00:56 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
+ 2012-02-17 01:19 . 2012-02-17 01:19 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll
+ 2012-02-17 00:29 . 2012-02-17 00:29 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
+ 2012-02-17 00:28 . 2012-02-17 00:28 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SAP_WUS_UNT"="c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe" [2011-04-14 95600]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIPI"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0010804]
Ime File REG_SZ freeime.ime
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ UNISPIM6.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [2011-04-14 121200]
S2 TSUSVC;Tencent Software Update Service;c:\program files (x86)\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe [2008-12-09 116040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\HPCeeScheduleForYanfei.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: c:\users\Yanfei\AppData\Roaming\FlashGetBHO\GetAllFlvUrl.htm
IE: Download all by FlashGet3 - c:\users\Yanfei\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Yanfei\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: ?????? - c:\program files (x86)\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Yanfei\AppData\Roaming\Mozilla\Firefox\Profiles\qx6fa5xu.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79DD782F-DD9B-90C8-01AB82140B2B65EB}\{DE7D83BF-EB3B-F5D9-D52C430ACBAFB5F9}\{D743F1FE-35C6-E579-63E67F5CCF1E1FA7}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-02-20 19:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 01:20
ComboFix2.txt 2012-02-12 20:23
.
Pre-Run: 110,410,563,584 bytes free
Post-Run: 110,004,248,576 bytes free
.
- - End Of File - - AC1F3D067F4A28E832CD70671CF20760

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 20 February 2012 - 09:34 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brian10

brian10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 21 February 2012 - 10:40 PM

Here you go. Thanks

Update for Microsoft Office 2007 (KB2508958)
???? 7.1?
?????????6.6
??QQ2010
Torrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
CyberLink DVD Suite
D3DX10
DHTML Editing Component
DVD Menu Pack for HP MediaSmart Video
ECL Viewer
ESU for Microsoft Windows 7
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Quick Launch Buttons
HP Setup
HP Update
HP User Guides 0153
HP Wireless Assistant
Hulu Desktop
IDT Audio
InstaCodecs
Java Auto Updater
Java™ 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
K-Lite Codec Pack 5.9.0 (Full)
LabelPrint
LightScribe System Software
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007 Subscription
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.25)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyITLab ActiveX Installer 2, 9, 8, 65535
Power2Go
PowerDirector
PPTV V3.1.1.0010
QLBCASL
QQ????1.0 Beta3
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Recovery Manager
SAP Business Explorer
SAP GUI for Windows 7.20
SAP JNet
SAPSetup Automatic Workstation Update Service
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SmartWebPrinting
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoStudio
VitalSource Bookshelf
VLC media player 1.1.10
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR 4.01 (32 ?)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 21 February 2012 - 10:56 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Torrent
Adobe Reader 9.5.0 MUI
Java 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 24 February 2012 - 12:46 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 brian10

brian10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 24 February 2012 - 08:49 AM

Thank, yes, I am still interested, but didn't get the chance to perform these steps yet. On my desktop, these steps made the most noticible difference in performance. I will get to them within the next 24 hrs.

Thanks,
Brian

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 AM

Posted 24 February 2012 - 11:13 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users