Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e combination is killing me


  • This topic is locked This topic is locked
37 replies to this topic

#1 Weeps

Weeps

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 18 February 2012 - 12:32 AM

Ladies and Gentlemen of the VTSM forum,

I need help. I thought I had a pretty simple rootkit infection, but tdsskiller/mbam has proven ineffective. MSE is able to identify and ostensibly remove the infection, but doing so makes the computer unbootable and system repair unable to complete, forcing a system restore to the infected state. Infection extends back to the oldest restore point. Win7 64 bit, running MSE and MS firewall with mbam for antimalware. SFC/scannow shows clear. google redirects on firefox and chrome, occasional slowdowns, windows defender is unable to start on boot, otherwise the system seems to be running fine. No rootkits recognized by tdsskiller. As mentioned in the title, MSE shows win32/conedex.b, win32/sirefef.p, win64/sirefef.m, and win64/sirefef.e

Here's the DDS log. Please let me know what else I should supply. Thank you in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by wstrawn at 16:51:52 on 2012-02-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.1285 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Novell\Client\cusrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\X64\3\LXDDserv.exe
C:\WINDOWS\SYSTEM32\LXDDCOMS.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Prey\platform\windows\cron.exe
C:\Program Files\Immunet Protect\3.0.5\iptray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Wes\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files\VistaSwitcher\vswitch64.exe
c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Prey\platform\windows\bin\bash.exe
C:\Prey\platform\windows\bin\curl.exe
C:\Users\Wes\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [RemotelessHelper] "C:\Program Files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [Prey Laptop Tracker] C:\Prey\platform\windows\cron.exe --log
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Immunet Protect] "C:\Program Files\Immunet Protect\3.0.5\iptray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D79371A8-EE74-4A0F-98FD-601BE13B4694} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D79371A8-EE74-4A0F-98FD-601BE13B4694}\34963736F61303830323 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D79371A8-EE74-4A0F-98FD-601BE13B4694}\C496D65644F676 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D79371A8-EE74-4A0F-98FD-601BE13B4694}\E4544574541425 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F9808928-111C-4F92-BF80-DBA6E021509A} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 ncv1_0
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun-x64: [Prey Laptop Tracker] C:\Prey\platform\windows\cron.exe --log
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Immunet Protect] "C:\Program Files\Immunet Protect\3.0.5\iptray.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F}
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\w8dxnrhq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npEModelPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Wes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Wes\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\system32\drivers\nipbcfk.sys --> C:\Windows\system32\drivers\nipbcfk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\system32\DRIVERS\ImmunetProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetProtect.sys [?]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/21 21:54:21];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-8-26 146928]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/30 18:17:07];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-1-30 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-8-30 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 lxdd_device;lxdd_device;C:\WINDOWS\SYSTEM32\LXDDCOMS.EXE -service --> C:\WINDOWS\SYSTEM32\LXDDCOMS.EXE -service [?]
R2 LXDDCATSCustConnectService;LXDDCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxddserv.exe [2007-5-25 34224]
R2 NCFSD;Novell Client File System Redirector;C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-5-9 94224]
R2 NCIOCTL;Novell Xplat IoCtl Driver;C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2007-11-15 58896]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys --> C:\Windows\system32\drivers\NiViPxiKl.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S1 nkujcixp;nkujcixp;\??\C:\Windows\system32\drivers\nkujcixp.sys --> C:\Windows\system32\drivers\nkujcixp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-9-9 79144]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdate1c9c6d5e2621c00;Google Update Service (gupdate1c9c6d5e2621c00);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-26 133104]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-26 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 lvalarmk;lvalarmk;\??\C:\Windows\system32\drivers\lvalarmk.sys --> C:\Windows\system32\drivers\lvalarmk.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-4-10 342320]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S3 ni1006k;NI PXI-1006 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1006k.sys --> C:\Windows\system32\drivers\ni1006k.sys [?]
S3 ni1045k;NI PXI-1045 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1045kl.sys --> C:\Windows\system32\drivers\ni1045kl.sys [?]
S3 ni1065k;NI PXI-1065 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1065k.sys --> C:\Windows\system32\drivers\ni1065k.sys [?]
S3 ni488lock;NI-488.2 Locking Service;\??\C:\Windows\system32\drivers\ni488lock.sys --> C:\Windows\system32\drivers\ni488lock.sys [?]
S3 nicdrk;nicdrk;\??\C:\Windows\system32\drivers\nicdrkl.sys --> C:\Windows\system32\drivers\nicdrkl.sys [?]
S3 nicsrk;nicsrk;\??\C:\Windows\system32\drivers\nicsrkl.sys --> C:\Windows\system32\drivers\nicsrkl.sys [?]
S3 nidimk;nidimk;\??\C:\Windows\system32\drivers\nidimkl.sys --> C:\Windows\system32\drivers\nidimkl.sys [?]
S3 nidmxfk;nidmxfk;\??\C:\Windows\system32\drivers\nidmxfkl.sys --> C:\Windows\system32\drivers\nidmxfkl.sys [?]
S3 nidsark;nidsark;\??\C:\Windows\system32\drivers\nidsarkl.sys --> C:\Windows\system32\drivers\nidsarkl.sys [?]
S3 niemrk;niemrk;\??\C:\Windows\system32\drivers\niemrkl.sys --> C:\Windows\system32\drivers\niemrkl.sys [?]
S3 niesrk;niesrk;\??\C:\Windows\system32\drivers\niesrkl.sys --> C:\Windows\system32\drivers\niesrkl.sys [?]
S3 nifslk;nifslk;\??\C:\Windows\system32\drivers\nifslkl.sys --> C:\Windows\system32\drivers\nifslkl.sys [?]
S3 nimru2k;nimru2k;\??\C:\Windows\system32\drivers\nimru2kl.sys --> C:\Windows\system32\drivers\nimru2kl.sys [?]
S3 nimsdrk;nimsdrk;\??\C:\Windows\system32\drivers\nimsdrkl.sys --> C:\Windows\system32\drivers\nimsdrkl.sys [?]
S3 nimstsk;nimstsk;\??\C:\Windows\system32\drivers\nimstskl.sys --> C:\Windows\system32\drivers\nimstskl.sys [?]
S3 nimxpk;nimxpk;\??\C:\Windows\system32\drivers\nimxpkl.sys --> C:\Windows\system32\drivers\nimxpkl.sys [?]
S3 ninshsdk;ninshsdk;\??\C:\Windows\system32\drivers\ninshsdkl.sys --> C:\Windows\system32\drivers\ninshsdkl.sys [?]
S3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys --> C:\Windows\system32\drivers\nipalfwedl.sys [?]
S3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys --> C:\Windows\system32\drivers\nipalusbedl.sys [?]
S3 nipxigpk;NI PXI Generic Chassis Pilot;\??\C:\Windows\system32\drivers\nipxigpk.sys --> C:\Windows\system32\drivers\nipxigpk.sys [?]
S3 niscdk;niscdk;\??\C:\Windows\system32\drivers\niscdkl.sys --> C:\Windows\system32\drivers\niscdkl.sys [?]
S3 nisdigk;nisdigk;\??\C:\Windows\system32\drivers\nisdigkl.sys --> C:\Windows\system32\drivers\nisdigkl.sys [?]
S3 nisftk;nisftk;\??\C:\Windows\system32\drivers\nisftkl.sys --> C:\Windows\system32\drivers\nisftkl.sys [?]
S3 nispdk;nispdk;\??\C:\Windows\system32\drivers\nispdkl.sys --> C:\Windows\system32\drivers\nispdkl.sys [?]
S3 nissrk;nissrk;\??\C:\Windows\system32\drivers\nissrkl.sys --> C:\Windows\system32\drivers\nissrkl.sys [?]
S3 nistc2k;nistc2k;\??\C:\Windows\system32\drivers\nistc2kl.sys --> C:\Windows\system32\drivers\nistc2kl.sys [?]
S3 nistcrk;nistcrk;\??\C:\Windows\system32\drivers\nistcrkl.sys --> C:\Windows\system32\drivers\nistcrkl.sys [?]
S3 niswdk;niswdk;\??\C:\Windows\system32\drivers\niswdkl.sys --> C:\Windows\system32\drivers\niswdkl.sys [?]
S3 nitiork;nitiork;\??\C:\Windows\system32\drivers\nitiorkl.sys --> C:\Windows\system32\drivers\nitiorkl.sys [?]
S3 niufurk;niufurk;\??\C:\Windows\system32\drivers\niufurkl.sys --> C:\Windows\system32\drivers\niufurkl.sys [?]
S3 NiViFWK;NI-VISA FireWire Driver;C:\Windows\system32\drivers\NiViFWKl.sys --> C:\Windows\system32\drivers\NiViFWKl.sys [?]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys --> C:\Windows\system32\drivers\NiViPciKl.sys [?]
S3 niwfrk;niwfrk;\??\C:\Windows\system32\drivers\niwfrkl.sys --> C:\Windows\system32\drivers\niwfrkl.sys [?]
S3 nixsrk;nixsrk;\??\C:\Windows\system32\drivers\nixsrkl.sys --> C:\Windows\system32\drivers\nixsrkl.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 rspSanity;rspSanity;C:\Windows\system32\DRIVERS\rspSanity64.sys --> C:\Windows\system32\DRIVERS\rspSanity64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-17 15:25:50 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A1A4C3E-6693-4DFA-8032-EEF9F6A13579}\offreg.dll
2012-02-17 15:20:49 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A1A4C3E-6693-4DFA-8032-EEF9F6A13579}\mpengine.dll
2012-02-16 15:30:34 48464 ----a-w- C:\Windows\System32\drivers\nkujcixp.sys
2012-02-15 15:30:37 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 15:06:10 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 15:05:32 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 15:05:31 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 16:35:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-14 16:35:10 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6020917-D05C-4C0D-B180-7A73721B509F}\gapaengine.dll
2012-02-14 16:31:40 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6048FFD8-141E-40E6-B03F-A19763D245F0}\mpengine.dll
2012-02-13 05:13:32 -------- d-----w- C:\Program Files\iPod
2012-02-13 05:13:30 -------- d-----w- C:\Program Files\iTunes
2012-02-12 22:39:50 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-02-08 19:14:04 -------- d-----w- C:\Users\Wes\AppData\Roaming\SQL Maestro Group
2012-02-08 19:05:13 -------- d-----w- C:\Program Files (x86)\SQL Maestro Group
2012-01-23 06:43:12 -------- d-----w- C:\Program Files (x86)\AquaSnap
2012-01-19 21:11:50 -------- d--h--w- C:\ProgramData\Common Files
2012-01-19 21:02:40 -------- d-----w- C:\ProgramData\MFAData
2012-01-19 20:47:55 116016 ----a-w- C:\Windows\System32\drivers\96424688.sys
.
==================== Find3M ====================
.
2012-02-17 20:26:23 15 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-12 21:14:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-22 15:29:09 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-12-21 01:57:33 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-30 17:53:30 57120 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
2011-11-30 17:53:30 32544 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
2010-08-15 06:22:44 4868096 ----a-w- C:\Program Files\iFunBox.exe
2010-08-15 06:22:44 4868096 ----a-w- C:\Program Files (x86)\iFunBox.exe
.
============= FINISH: 16:57:39.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:49 AM

Posted 18 February 2012 - 03:04 AM

Hi Weeps!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:


Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Edited by SweetTech, 18 February 2012 - 03:14 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 18 February 2012 - 04:56 AM

ST,

Thanks for the super-fast response! Let's continue with the cleaning process despite the crimeware flag. Thanks for reminding me, though, that it's time to roll my passwords over this month :thumbup2: from another computer, I promise.

So far so good on computer performance--google redirects seem to be under control now on both firefox and chrome. I did get a popup tab with ISP search results for mediashare when OTL completed. MSE active protection continues to warn of two threats--didn't think about this until now, should I disable?

Requested logs:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-18 04:21:12
-----------------------------
04:21:12.841 OS Version: Windows x64 6.1.7601 Service Pack 1
04:21:12.842 Number of processors: 2 586 0x170A
04:21:12.843 ComputerName: WSTRAWN-LT UserName: wstrawn
04:22:10.390 Initialize success
04:22:47.795 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:22:47.800 Disk 0 Vendor: ST9500420ASG 0002SDM1 Size: 476940MB BusType: 11
04:22:47.829 Disk 0 MBR read successfully
04:22:47.834 Disk 0 MBR scan
04:22:47.838 Disk 0 Windows 7 default MBR code
04:22:47.942 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 156 MB offset 63
04:22:48.002 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 321536
04:22:48.053 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461413 MB offset 31792635
04:22:48.070 Service scanning
04:22:50.490 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
04:22:53.717 Modules scanning
04:22:53.732 Disk 0 trace - called modules:
04:22:53.776 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
04:22:53.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cba790]
04:22:53.848 3 CLASSPNP.SYS[fffff88001b8543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004719560]
04:22:53.866 Scan finished successfully
04:23:52.431 Disk 0 MBR has been saved successfully to "C:\Users\Wes\Desktop\MBR.dat"
04:23:52.644 The log file has been saved successfully to "C:\Users\Wes\Desktop\aswMBR.txt"

Farbar Service Scanner Version: 14-02-2012
Ran by wstrawn (administrator) on 18-02-2012 at 04:24:44
Running from "C:\Users\Wes\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 10:06] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

OTL logfile created on: 2/18/2012 4:26:20 AM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Wes\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 20.41% Memory free
7.93 Gb Paging File | 3.91 Gb Available in Paging File | 49.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.60 Gb Total Space | 102.95 Gb Free Space | 22.85% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.24 Gb Free Space | 34.95% Space Free | Partition Type: NTFS

Computer Name: WSTRAWN-LT | User Name: wstrawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 04:18:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wes\Desktop\OTL.exe
PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Wes\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/10/24 21:31:54 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/10/14 01:01:44 | 001,707,576 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2010/11/20 07:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/08/26 05:18:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2010/03/30 15:11:42 | 000,567,296 | ---- | M] () -- C:\Prey\platform\windows\bin\bash.exe
PRC - [2010/03/30 15:11:42 | 000,296,448 | ---- | M] () -- C:\Prey\platform\windows\bin\curl.exe
PRC - [2010/03/30 15:11:42 | 000,216,648 | ---- | M] () -- C:\Prey\platform\windows\cron.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Wes\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/04/27 13:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/05 16:06:04 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2007/10/28 10:35:48 | 000,425,984 | ---- | M] (Bao_Nguyen) -- C:\Program Files (x86)\Switcher\Switcher.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/13 12:39:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2012/01/13 12:38:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/12 16:14:26 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 01:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/31 18:16:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 17:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/04 20:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 20:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 20:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 20:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/03/30 15:11:42 | 000,567,296 | ---- | M] () -- C:\Prey\platform\windows\bin\bash.exe
MOD - [2010/03/30 15:11:42 | 000,296,448 | ---- | M] () -- C:\Prey\platform\windows\bin\curl.exe
MOD - [2010/03/30 15:11:42 | 000,216,648 | ---- | M] () -- C:\Prey\platform\windows\cron.exe
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Wes\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
MOD - [2009/04/27 13:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
MOD - [2008/05/16 12:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2008/05/16 12:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2008/05/16 12:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 08:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 17:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/30 12:53:30 | 000,411,648 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV:64bit: - [2011/10/18 21:02:24 | 000,456,736 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/26 21:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/10 16:25:46 | 000,342,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2010/01/21 03:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\elservice.dll -- (lmimirr)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/09 06:01:32 | 000,079,144 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007/08/16 11:03:58 | 000,019,728 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV:64bit: - [2007/08/16 11:00:08 | 000,117,520 | ---- | M] () [Auto | Running] -- C:\Program Files\Novell\Client\cusrvc.exe -- (cusrvc)
SRV:64bit: - [2007/05/25 09:42:22 | 000,034,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\SPOOL\DRIVERS\X64\3\\LXDDserv.exe -- (LXDDCATSCustConnectService)
SRV:64bit: - [2007/05/25 09:42:12 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LXDDCOMS.EXE -- (lxdd_device)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/31 20:57:13 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/08/31 17:50:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/20 13:49:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/01 17:49:14 | 000,608,360 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2008/11/18 14:27:56 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2008/11/11 15:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/11/11 15:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2008/11/11 15:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\nipalsm.exe -- (ni488enumsvc)
SRV - [2008/06/20 16:53:56 | 000,129,144 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/06/18 16:57:40 | 000,192,112 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2008/04/02 16:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/11/06 15:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/10/23 09:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\LXDDCOMS.EXE -- (lxdd_device)
SRV - [2007/05/09 15:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/17 17:06:24 | 000,048,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ewdfetxp.sys -- (ewdfetxp)
DRV:64bit: - [2012/02/16 10:30:35 | 000,048,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\nkujcixp.sys -- (nkujcixp)
DRV:64bit: - [2011/11/30 12:53:30 | 000,057,120 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV:64bit: - [2011/11/30 12:53:30 | 000,032,544 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV:64bit: - [2011/10/18 20:50:18 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/23 09:09:43 | 000,284,232 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/24 17:37:00 | 000,022,016 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/26 23:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/26 23:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 21:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/23 17:07:28 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2010/07/13 08:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/21 03:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 11:30:28 | 007,520,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/08/24 11:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/11 23:41:25 | 000,068,640 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 22:52:13 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/06/05 04:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/08 16:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/12/16 01:58:44 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2008/12/16 01:58:26 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2008/12/16 01:57:02 | 000,883,288 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2008/11/11 13:53:32 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2008/11/11 13:52:52 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2008/11/11 13:50:38 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/04 18:05:54 | 000,017,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni488lock.sys -- (ni488lock)
DRV:64bit: - [2008/08/21 20:04:58 | 000,016,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2008/08/07 17:23:56 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2008/08/01 12:30:20 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2008/07/31 20:23:32 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2008/07/31 20:23:28 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2008/07/31 20:23:28 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2008/07/31 20:23:26 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2008/07/31 20:23:24 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2008/07/31 20:23:24 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2008/07/31 20:23:22 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2008/07/30 09:59:06 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2008/07/30 09:58:52 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2008/07/30 04:26:06 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2008/07/30 04:26:06 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2008/07/29 19:21:38 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nifslkl.sys -- (nifslk)
DRV:64bit: - [2008/07/28 15:08:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2008/07/25 11:04:12 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2008/07/25 09:44:48 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2008/07/25 09:44:42 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2008/07/24 17:38:30 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2008/07/24 11:32:34 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2008/07/23 13:00:28 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2008/07/23 12:55:40 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2008/07/23 12:54:58 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2008/06/25 11:02:26 | 000,022,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2008/06/23 18:11:36 | 000,022,152 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/06/20 21:28:52 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2008/06/20 21:28:02 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2008/06/20 21:28:00 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2008/06/16 04:25:20 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/16 04:25:14 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/16 04:25:12 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/16 04:25:10 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/13 15:51:44 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2008/06/13 15:51:10 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2008/06/13 15:50:42 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2008/06/13 15:49:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2008/06/13 15:48:36 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2008/05/09 15:45:16 | 000,094,224 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV:64bit: - [2007/11/15 13:01:38 | 000,058,896 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/08/16 11:02:40 | 000,030,224 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2010/08/26 11:18:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/21 21:54:21] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/12/18 09:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/09/11 13:36:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/30 18:17:07] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/21 16:43:42 | 000,036,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wes\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wes\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/13 00:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/12 18:10:19 | 000,000,000 | ---D | M]

[2011/11/09 19:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes\AppData\Roaming\Mozilla\Extensions
[2010/09/24 15:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2012/01/09 10:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\w8dxnrhq.default\extensions
[2012/02/13 00:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\WES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8DXNRHQ.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\WES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8DXNRHQ.DEFAULT\EXTENSIONS\SHOWMEMORE@SUSKIND.XPI
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/05 19:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2007/02/08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wes\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wes\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wes\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Quake Live (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Wes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/09 20:41:54 | 000,439,121 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15101 more lines...
O2:64bit: - BHO: (no name) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NWTRAY] C:\Windows\SysNative\nwtray.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\3.0.5\iptray.exe (Immunet)
O4 - HKLM..\Run: [Prey Laptop Tracker] C:\Prey\platform\windows\cron.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000..\Run: [RemotelessHelper] C:\Program Files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe ()
O4 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D79371A8-EE74-4A0F-98FD-601BE13B4694}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9808928-111C-4F92-BF80-DBA6E021509A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll ()
O30 - LSA: Authentication Packages - (ncv1_0) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{040e38f2-47b9-11de-bd8f-00234ed36b91}\Shell - "" = AutoRun
O33 - MountPoints2\{040e38f2-47b9-11de-bd8f-00234ed36b91}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{5f5b2997-bba5-11df-b520-002219e58a36}\Shell - "" = AutoRun
O33 - MountPoints2\{5f5b2997-bba5-11df-b520-002219e58a36}\Shell\AutoRun\command - "" = F:\sldim\sldim.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\F:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 04:17:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Wes\Desktop\OTL.exe
[2012/02/18 04:16:37 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Wes\Desktop\aswMBR.exe
[2012/02/18 00:39:46 | 000,000,000 | ---D | C] -- C:\Users\Wes\AppData\Local\Secunia PSI
[2012/02/18 00:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/02/18 00:37:24 | 001,754,456 | ---- | C] (Secunia) -- C:\Users\Wes\Desktop\PSISetup.exe
[2012/02/17 17:06:24 | 000,048,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ewdfetxp.sys
[2012/02/17 16:24:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Wes\Desktop\dds.scr
[2012/02/16 10:30:34 | 000,048,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nkujcixp.sys
[2012/02/16 03:00:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 03:00:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 03:00:53 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 03:00:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 03:00:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 03:00:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 03:00:50 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 03:00:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 03:00:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 03:00:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 03:00:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 10:05:32 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 00:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/13 00:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/13 00:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/08 14:14:04 | 000,000,000 | ---D | C] -- C:\Users\Wes\AppData\Roaming\SQL Maestro Group
[2012/02/08 14:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQL Maestro Group
[2012/02/08 14:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQL Maestro Group
[2012/01/23 23:20:20 | 000,000,000 | ---D | C] -- C:\Users\Wes\Desktop\win7
[2012/01/23 16:03:31 | 000,000,000 | ---D | C] -- C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/23 01:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AquaSnap
[2012/01/21 15:33:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/19 16:11:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/01/19 16:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/19 15:47:55 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\96424688.sys
[2012/01/19 11:22:10 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\Wes\Desktop\OTC.exe
[2011/12/28 15:27:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2011/12/28 15:27:27 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2011/12/28 15:27:27 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2011/12/28 15:27:27 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2011/12/28 15:27:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2011/12/28 15:27:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2011/12/28 15:27:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2011/12/28 15:27:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
[2011/12/28 15:27:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
[2011/12/28 15:27:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2011/12/28 15:27:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
[2011/12/28 15:27:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2011/12/28 15:27:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
[2011/12/28 15:27:26 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2011/12/28 15:27:26 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
[2010/09/21 10:12:38 | 004,868,096 | ---- | C] (i-Funbox.com) -- C:\Program Files\iFunBox.exe
[2010/09/15 15:06:59 | 004,868,096 | ---- | C] (i-Funbox.com) -- C:\Program Files (x86)\iFunBox.exe
[2009/06/05 22:52:13 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Wes\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 04:45:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{307A2313-033D-4920-97F1-A5A57CC00460}.job
[2012/02/18 04:35:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/18 04:31:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000UA.job
[2012/02/18 04:23:52 | 000,000,512 | ---- | M] () -- C:\Users\Wes\Desktop\MBR.dat
[2012/02/18 04:18:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wes\Desktop\OTL.exe
[2012/02/18 04:18:05 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Wes\Desktop\aswMBR.exe
[2012/02/18 04:17:24 | 000,337,039 | ---- | M] () -- C:\Users\Wes\Desktop\FSS.exe
[2012/02/18 02:45:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000UA.job
[2012/02/18 00:39:33 | 000,001,112 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/02/18 00:37:38 | 001,754,456 | ---- | M] (Secunia) -- C:\Users\Wes\Desktop\PSISetup.exe
[2012/02/17 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/17 17:06:24 | 000,048,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ewdfetxp.sys
[2012/02/17 16:51:40 | 000,000,000 | ---- | M] () -- C:\Users\Wes\defogger_reenable
[2012/02/17 16:24:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Wes\Desktop\dds.scr
[2012/02/17 15:31:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000Core.job
[2012/02/17 15:26:23 | 000,000,015 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/02/17 15:08:00 | 003,777,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/17 15:08:00 | 000,718,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/02/17 15:08:00 | 000,711,754 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/02/17 15:08:00 | 000,695,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/17 15:08:00 | 000,514,060 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012/02/17 15:08:00 | 000,512,962 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012/02/17 15:08:00 | 000,175,778 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/02/17 15:08:00 | 000,138,260 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/02/17 15:08:00 | 000,133,856 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/17 15:08:00 | 000,109,616 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012/02/17 15:08:00 | 000,106,452 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012/02/17 14:45:08 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000Core.job
[2012/02/17 14:43:51 | 000,010,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 14:43:51 | 000,010,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 01:33:17 | 000,002,397 | ---- | M] () -- C:\Users\Wes\Desktop\Google Chrome.lnk
[2012/02/17 00:41:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/02/16 10:30:35 | 000,048,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nkujcixp.sys
[2012/02/16 10:19:45 | 000,015,368 | ---- | M] () -- C:\Windows\SysNative\.rsp
[2012/02/16 10:19:45 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\.lck
[2012/02/16 10:15:00 | 000,458,752 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/02/16 10:14:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 10:14:33 | 000,456,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 10:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/16 10:13:40 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_trash.cmd
[2012/02/16 10:13:23 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 00:15:15 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/13 00:14:59 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/26 14:53:39 | 000,006,370 | ---- | M] () -- C:\Users\Wes\.recently-used.xbel
[2012/01/23 15:43:32 | 759,269,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/19 23:40:37 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/19 15:47:55 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\96424688.sys
[2012/01/19 11:22:15 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Wes\Desktop\OTC.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 04:23:52 | 000,000,512 | ---- | C] () -- C:\Users\Wes\Desktop\MBR.dat
[2012/02/18 04:16:58 | 000,337,039 | ---- | C] () -- C:\Users\Wes\Desktop\FSS.exe
[2012/02/18 00:39:33 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/02/18 00:39:33 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/02/17 16:51:40 | 000,000,000 | ---- | C] () -- C:\Users\Wes\defogger_reenable
[2012/02/13 00:15:15 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/13 00:14:59 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/12 17:39:50 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_trash.cmd
[2012/01/26 14:53:39 | 000,006,370 | ---- | C] () -- C:\Users\Wes\.recently-used.xbel
[2012/01/23 16:03:36 | 000,002,397 | ---- | C] () -- C:\Users\Wes\Desktop\Google Chrome.lnk
[2012/01/23 15:43:32 | 759,269,266 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/19 23:40:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/19 23:40:36 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/28 15:27:28 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2011/12/28 15:27:28 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2011/04/24 02:18:52 | 000,009,872 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp29.html
[2011/02/17 11:21:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/16 22:08:40 | 000,010,652 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp31.html
[2011/02/02 10:18:07 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2011/01/31 21:02:51 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/01/25 21:53:13 | 003,848,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/18 18:39:51 | 000,009,150 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp48.html
[2011/01/15 16:13:02 | 000,001,293 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp1.html
[2010/10/18 01:18:27 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe
[2010/10/18 01:18:27 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe
[2010/09/17 13:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/01 15:46:24 | 000,000,411 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/08/05 23:16:48 | 000,000,600 | ---- | C] () -- C:\Users\Wes\AppData\Roaming\winscp.rnd
[2010/06/22 13:59:01 | 000,209,352 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/17 21:31:25 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/04/30 12:43:09 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2010/04/30 12:33:56 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys
[2010/04/30 12:33:56 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys
[2010/03/18 02:13:58 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\grwinsthlp.exe
[2010/03/02 00:42:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/01/31 04:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2009/10/21 12:05:09 | 000,153,088 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/08/19 08:57:52 | 000,902,416 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll
[2009/08/19 08:57:52 | 000,279,824 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll
[2009/08/19 08:57:52 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll
[2009/08/19 08:57:52 | 000,165,136 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll
[2009/08/19 08:57:51 | 000,111,888 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll
[2009/08/19 08:57:51 | 000,024,848 | ---- | C] () -- C:\Windows\SysWow64\loginw32.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:54:11 | 000,014,094 | ---- | C] () -- C:\Windows\scunin.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/05 22:52:14 | 000,099,384 | ---- | C] () -- C:\Users\Wes\AppData\Roaming\inst.exe
[2009/06/05 22:52:14 | 000,007,859 | ---- | C] () -- C:\Users\Wes\AppData\Roaming\pcouffin.cat
[2009/06/05 22:52:13 | 000,001,167 | ---- | C] () -- C:\Users\Wes\AppData\Roaming\pcouffin.inf
[2009/05/30 23:52:01 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
[2009/05/30 23:52:01 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
[2009/05/30 23:52:01 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2009/05/30 22:23:37 | 000,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
[2009/05/29 21:30:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/10 11:18:42 | 000,060,416 | ---- | C] () -- C:\Windows\zlib1.dll
[2009/05/10 11:17:16 | 000,162,304 | ---- | C] () -- C:\Windows\libpng13.dll
[2009/05/09 14:57:14 | 000,122,368 | ---- | C] () -- C:\Windows\lua5.1.dll
[2009/04/26 20:14:23 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/26 20:14:23 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/04/26 15:31:37 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/04/26 15:31:14 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/04/26 15:31:13 | 002,246,144 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/04/25 15:15:41 | 000,000,196 | ---- | C] () -- C:\Users\Wes\AppData\Roaming\wklnhst.dat
[2009/04/20 13:36:01 | 000,004,268 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/22 08:16:32 | 000,409,513 | ---- | C] () -- C:\Windows\libpng-3.dll
[2008/12/22 07:07:58 | 000,844,800 | ---- | C] () -- C:\Windows\d3dx9.dll
[2008/07/31 20:16:08 | 000,049,696 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2008/07/30 04:25:54 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
[2008/06/13 15:47:30 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2008/05/12 09:57:20 | 000,189,712 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll
[2008/05/12 09:56:12 | 000,492,816 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2005/02/27 16:44:56 | 000,393,216 | ---- | C] () -- C:\Windows\SysWow64\jogl.dll
[2005/02/27 16:44:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jogl_cg.dll
[2005/02/01 09:10:30 | 000,000,016 | ---- | C] () -- C:\Users\Wes\AppData\Roaming\ExcelGrapher.dll

< End of report >

OTL Extras logfile created on: 2/18/2012 4:26:20 AM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Wes\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 20.41% Memory free
7.93 Gb Paging File | 3.91 Gb Available in Paging File | 49.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.60 Gb Total Space | 102.95 Gb Free Space | 22.85% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.24 Gb Free Space | 34.95% Space Free | Partition Type: NTFS

Computer Name: WSTRAWN-LT | User Name: wstrawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0109EC80-3243-3486-7966-38825D88DAEE}" = WMV9/VC-1 Video Playback
"{023488B6-26E2-4FCC-B69A-5741710DF434}" = SolidWorks 2009 x64 Edition SP0
"{023F99FD-CCBF-472A-A450-E2C0B3A6BB9F}" = NI-DAQmx Documentation for 64 bit Windows
"{03634335-A984-FABC-EFDA-1A9663DB39CF}" = ATI Catalyst Install Manager
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{12E9A504-7F63-4211-A5B1-9A2669473D24}" = NI-MDBG 1.9.0f0 for 64 Bit Windows
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{22859902-78CE-40B0-9429-6FE7A00BBF85}" = NMAS Client
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Intel® PROSet/Wireless WiFi Driver
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{27B820C3-EFA5-4933-B321-D3FCA0E5CE5D}" = NI-MXDF 1.10.0f0 for 64 Bit Windows
"{2844A4FA-B106-49E0-BD30-15FA4A40C13F}" = NI VC2005MSMs x64
"{2A6BF5B1-F63D-4812-8B34-3BFF04A60FC0}" = NI Calibration Provider Help for 64 Bit Windows
"{2CDC0563-352D-47EE-ABBF-4F80E3A03E2B}" = NI FSL Installer for 64-Bit Windows 1.7.0
"{35B79922-A925-4A09-A96B-1D5A9158C257}" = NI-DAQmxEF for 64 Bit Windows 2.1.0
"{3638A213-4258-48D8-8244-718C29B3119E}" = NI-DAQmx Switch Core for 64 Bit Windows 1.15.0
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{43299C6F-7205-49C8-985C-37672ABAE202}" = NI-488.2 for Windows x64 version 2.6
"{43CBB774-3214-4804-B742-B0656441C6B1}" = NI STC for 64 Bit Windows 1.6.0
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E52A956-50D7-E70F-8E42-D828B7ED10B9}" = ccc-utility64
"{52DB1D16-C1EF-4794-845D-B35046F47F91}" = SolidWorks Motion 2009 SP0 x64 Edition
"{54031C8D-F80D-47BB-B3CA-5E9BD7750C27}" = NMAS Challenge Response Method
"{54A6545B-70EF-415D-BF7E-E25FCD2A564E}" = SolidWorks Simulation 2009 SP0 x64 Edition
"{54C0960F-21A2-4A48-B107-E78558A6A938}" = NI-653x Installer for 64 Bit Windows 1.9.0
"{559D2B32-5066-4762-A2F2-52831AC6F67B}" = NICI (64 bit)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60D87DC0-1A20-49DB-9395-089AA7C85D0F}" = NI MAX Support for 64 Bit Windows
"{64F74336-5A9E-492D-A2F4-BEE39C9FC141}" = NI-VISA x64 support 4.4.1
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{68996F7D-3F24-47CD-89CA-DC0B5BB15739}" = NI MXS 4.5.0 for 64 Bit Windows
"{6BC332AC-B06C-4628-8738-7591DA777C18}" = NI Timing for 64 Bit Windows 1.12.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{725CB19E-E5A9-4031-8E28-CE632488C4B5}" = NI-ORB 1.9.0f0 for 64 Bit Windows
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79FFA037-57F2-4541-BFDE-8813FDDB971F}" = NI SCXI for 64 Bit Windows 1.9.1
"{7A397CBE-62A0-4A0E-BC42-3F5A2DBEBC8D}" = NI-RPC 4.0.0f0 for 64 Bit Windows
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82CD33B2-1DE6-4663-B6F0-1592B2376F78}" = VS10Runtime64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{9437330A-E907-47CD-AC73-6DFEB74A6B48}" = NI-MRU 2.10.0f0 for 64 Bit Windows
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997E6FAF-1237-4C98-9B8F-5CA47FC8E938}" = NI PXI Platform Framework 1.0.1 64-bit
"{99D64E5F-8978-4251-AB65-F51C22AAEEE0}" = NI-PAL 2.4.0f0 for 64 Bit Windows
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{AB853C69-E70A-4F1A-A6D4-936272B6A030}" = NI Spy Windows 64 Support 2.6.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B9F13FEA-6329-4282-B0C8-86D85DDB7104}" = NI Common Digital for 64 Bit Windows 1.8.0
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CD6147BD-76B2-449D-AA3E-D598822E0A9D}" = NI MIO Device Drivers for 64 Bit Windows 1.15.0
"{CDB99574-5723-4F28-95AD-278385295F30}" = Soluto
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC55E8EE-74F8-494C-ACBE-A79DF3EE3CAB}" = NI Portable Configuration Support for 64 Bit Windows
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E7FE1FB8-7364-4B50-BF50-87DA133ECEC0}" = NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.4.0
"{EB2E4F88-6EBF-4354-80FF-8DAE2B08B204}" = NI-DIM 1.9.0f0 for 64 Bit Windows
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7D6EF2B-B6DD-423C-99C2-B79F482F3937}" = NI PXI Hardware 64-bit Support 2.4.2
"{FC6036F0-171F-46E7-9AC3-CB68044C5E9E}" = NI Dynamic Signal Acquisition for 64 Bit Windows 1.12.0
"{FDB284EF-3043-4A65-A94D-9F96F342FAB1}" = SolidWorks Explorer 2009 sp0 x64 Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Lexmark 2500 Series" = Lexmark 2500 Series
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Novell Client for Windows" = Novell Client for Windows
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
"VistaGlazz_is1" = VistaGlazz 2.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{022376C1-ADF1-4781-9374-1045F09C0DE4}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{026BAC3A-EE38-F6D5-17E4-A853C21A0433}" = Catalyst Control Center Graphics Previews Vista
"{02A9EEBF-E2B6-4EA6-87DE-7CE00683B4A0}" = NI-653x Installer 1.9.0
"{05753821-B1DF-434A-8C85-63921360BA89}" = NI Logos XT Support
"{06379784-4648-46BF-9426-0B10817F0AF5}" = PhotoView 360
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E4AD61E-94EA-455A-8038-B2C565F39EAD}" = NI Calibration Provider for MAX
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{117A1DAA-7205-49FF-8AE0-0DBC33ADFE93}" = NI LabVIEW SignalExpress 3.0 Datatypes LabVIEW 8.6 Support
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D7ECFC-B252-4990-A6BC-1C550A046FE5}" = SolidWorks eDrawings 2009
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199DA648-61E8-45F1-B535-E69DF1113060}" = NI Remote Provider for MAX
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support
"{1C85CCAA-9616-439B-897D-8E618EA2EA61}" = NI Assistant Framework LabVIEW Code Generator 8.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{246C332D-644C-4745-98C2-64A15441E9BF}" = NI-488.2 Provider for MAX version 2.6
"{253FAB9F-3934-488B-82AD-4505CD416577}" = NI LabWindows/CVI 8.5.1 Run-Time Engine
"{261A065C-48BA-495E-809E-D0D4B8DC27C6}" = NI mDNS Responder 1.0.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{307A6254-252C-40D3-9EF4-FBC193D20274}" = NI Instrument I/O Assistant
"{31D97B83-B350-4963-9E66-485711792BB6}" = NI Assistant Framework
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35F7B2DD-1874-4FAC-A4BE-76E16446B468}" = NI License Manager
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DA47468-0803-4984-B9E8-05E6D8FFDF04}" = NI-VISA 4.4 MAX Provider
"{3F99A228-0BBD-40B6-8AEB-A6F689688969}" = NI LabWindows/CVI Code Generator
"{3F9BACB7-7F0F-4A9A-BB14-B8B2CEDAC1F8}" = NI-VISA Server 4.4
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42FF4B52-366B-4ED1-820C-F160D7878E18}" = AVL Workspace v5.1.1
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{47D69BB2-E0BD-41C6-B4FE-EEE5DFCD46E5}" = NI Timing Installer 1.12.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48338AB2-639E-4893-8186-38454FC5FB6E}" = NI Spy 2.6.0
"{49C0DD97-6F36-47B2-81EF-B7CE15A28560}" = NI-DAQ Document Set
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A7F0806-FA7A-4D0A-82E1-93EFCD5CA164}" = NI Assistant Framework LabVIEW 8.6 Support
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D0918D4-1046-47B9-9A8E-53778E84C511}" = NI MXS
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50F88190-99D8-4BE3-9D96-B80C6A60A5D1}" = NI Portable Configuration
"{51A6EDD9-CC43-4BF2-9210-4EBDF38C618A}" = NI MAX LabVIEW Support
"{52393FB0-79B6-4F01-8C85-62E35D3312D1}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{5477AC3E-E646-4519-8F0F-DF5CD84D1EEE}" = NI-DAQmx MAX Support 1.11.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{596AA1A8-7EF0-4489-97CC-08695F7EF935}" = NI LabVIEW SignalExpress 3.0 Tools
"{5D23734B-6D69-44DF-9014-C4F70FB82B1E}" = NI Measurement & Automation Explorer 4.5
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6B802656-8A52-4E5D-AB64-945E9A7942CA}" = NI Dynamic Signal Acquisition Installer 1.12.0
"{6E14AD54-2574-4DE6-81F0-2D4185B9371F}" = NI-VISA Runtime 4.4.1
"{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}" = Quake Live Mozilla Plugin
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{70D782EA-CA96-4631-AB35-84C776FF6DE1}" = NI-APAL Error Files 1.4.0f0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78F1FB09-DE70-43C3-8283-4A533DEAF821}" = NI-MXDF 1.10.0f0
"{7B505C4F-900B-494C-9B58-DA001DB1204C}" = NI-PAL 2.4.0f0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D64AB58-7676-49CA-86C8-F66675466057}" = NI DAQ Assistant 1.9.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86E281A2-789D-E9CD-2876-EEE146AC5E08}" = Catalyst Control Center InstallProxy
"{887C394F-F87E-451D-B696-7B3FE31738D4}" = NI-MDBG 1.9.0f0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6B4BC1-BC5F-49A1-9555-300AA6B74AF8}" = NI FSL Installer 1.7.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF4E6BE-9DEE-4A64-8A3C-96E7C67D6B86}" = NI AFW Channel Configuration Tool
"{8EB07ED3-455A-4963-8CCB-41F553A5B79D}" = NI-DAQmx Documentation
"{8EE42E0A-CD01-482D-8DB8-E9E63CAB88B3}" = NI-DAQmx OPC Support
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90667DE1-8DF6-4912-9FC6-1AF59CA4A06D}" = NI-DIM 1.9.0f0
"{90B9DD2D-1A5F-467F-988B-27317AFC307A}" = NI PXI Platform Framework 1.0.1
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{937614F5-ABD1-4068-92AB-4CA4AA1010D2}" = NI-488.2 2.6
"{94060464-BDD8-4363-A9F2-9DDF7DF9ADE4}" = NI-DAQmx - LabVIEW shared documentation
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96623EE1-DC15-4A81-935F-21B96B3DE81C}" = NI STC 1.2.0
"{96B319EC-AD79-4DBD-ABA0-063BC5853194}" = NI-DAQ C and VB6 API
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0CFC5C-99C3-4859-87EF-C7E56A531D78}" = NI Remote PXI Provider for MAX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CED85C4-6316-45CD-8B92-3775C27D9466}" = NI MXS 4.5.0f0 for LabVIEW Real-Time
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A52BFE95-969C-4FEF-B455-BE0F6E9CF126}" = NI Service Locator
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A953700F-BF72-4F22-884C-3D7B44C2229D}" = NI SCXI 1.9.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ADAD3A9A-8E72-405F-BB2E-535AA7C8A936}" = NI Logos 5.0
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AF5FB1B3-1E13-429C-9DE7-D2846DEDDACE}" = NI EULA Depot
"{B06767E6-7ABE-4E92-A81E-711CD65F813E}" = NI-DAQmx 8.8.0
"{B06B2F29-3773-447F-8532-58D64C077515}" = GibbsCAM 2007, v8.5
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B67435B5-EF93-4EE0-BFCD-74D5F3C3F23F}" = NI LabVIEW 8.6 MeasAppChm File
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA0DFE53-0966-4869-B762-A9FA2B1B6A85}" = NI MIO Device Drivers 1.15.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C07A16B0-FE47-4428-A580-34C6408CE7C4}" = NI-MRU 2.10.0f0
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{C5E59B58-F2AF-4E66-8F9E-7D73FE45FFD2}" = NI PXI Platform Services 2.4.2 Configuration Support
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD0DC801-828E-446E-A9FE-B32ED5B18A2F}" = NI-DAQ INF Files
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6FBE0D-CCF3-461E-94FD-C35B9666F6F6}" = NI Variable Engine
"{CFB0F311-C051-4760-A64A-12CA2609E91A}" = NI TDMS
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{D202EF11-60CD-4167-A708-9D80AC6D1D3C}" = NI MDF Support
"{D2533218-3B3D-46C6-ABAA-898EB2908589}" = IVI VISA COM Standard Components
"{D32F724F-1415-478E-B039-794C51C810C6}" = NI PXI Platform Services 2.4.2 Expert
"{D36285AF-32A6-40AA-836B-243950E1EDFD}" = NI Xerces Delay Load 2.7
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D451041F-08BF-4633-BA90-E6D8AF6C755B}" = IVI Shared Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4B17EC1-639B-4B54-8514-7335976BA26B}" = NI-DAQmxEF 2.1.0
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{D96FAF77-74D4-4127-8BB9-389C7A2A8D72}" = NI-ORB 1.9.0f0
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DC0D54D0-0B55-4586-811F-C0B8AEC700F8}" = NI-DAQmx support for LabVIEW
"{DD993C73-26D3-4E40-8FD8-3C9A5E52FE25}" = NI-VISA 4.4
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFDA16C4-E45D-4DAC-BAB9-FA0C4D4CD766}" = Photosynth 2.0109.0415.1554
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4380F50-473D-4C68-8E33-B9513FF693C9}" = NI-DAQmx Switch Core 1.15.0
"{E4637ACC-37D1-47F5-911B-01C38D3E6399}" = NI-RPC 4.0.0f0 for Phar Lap ETS
"{E4E0F121-E3AC-486C-8DE8-80B342DA3BC3}" = NI Common Digital 1.8.0
"{E758CD41-F57B-4CAE-999A-878070216BA0}" = NI OPC Support
"{E78A46BF-5B7A-462D-81E9-D51A36B0E8D2}" = Window Manager
"{EA3C9BD0-E520-4DA1-8BC0-DD607D667B22}" = NI LabVIEW SignalExpress 3.0 Licenses
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{EDF0DAD2-0D9E-403A-B562-5CC2795130E9}" = NI LabVIEW Broker
"{EE1671E1-ECB2-446B-A278-E8C56CFC839E}" = DWGeditor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30A86E1-6A82-4D9C-870F-7A81D999C405}" = NI Software Provider for MAX
"{F30CC091-B59D-4F72-98D5-AC926E220F23}" = NI-MXLC 1.2.0f0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4735C64-9A74-4E48-894B-1CA5D83B99C8}" = Vista/XP Virtual Desktops
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F7570A98-64A7-4F33-9714-AB93A05889BF}" = NI PXI Platform Services 2.4.2
"{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD5D4137-EEC7-4CD9-8A1C-DE62D33469BE}" = NI LabVIEW SignalExpress 3.0 Datatypes
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE159BC0-1D40-449B-A0AE-CB4F642CF3DC}" = NI-RPC 4.0.0f0
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AndreaMosaic" = AndreaMosaic 3.32.3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CamStudio" = CamStudio
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FragFX" = FragFX
"GoToAssist" = GoToAssist 8.0.0.514
"Immunet Protect" = Immunet 3.0
"InstallShield_{B06B2F29-3773-447F-8532-58D64C077515}" = GibbsCAM 2007, v8.5_NLO
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"IviSharedComponent" = IVI Shared Components
"IviVisaComStandardComponents" = IVI VISA COM Standard Components
"Jawbone Updater" = Jawbone Updater
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PolarClock3" = PolarClock3 Screen Saver
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"PuTTY_is1" = PuTTY version 0.60
"Rainmeter" = Rainmeter (remove only)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SIMPACK 8902" = SIMPACK 8902
"SolidWorks Installation Manager 20090-40000-1100-100" = SolidWorks 2009 SP0
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"SpotifyRemotelessHelper 1.0.6" = SpotifyRemotelessHelper 1.0.6
"SpotifyRemotelessHelper 1.0.7" = SpotifyRemotelessHelper 1.0.7
"SpotifyRemotelessHelper 1.0.9" = SpotifyRemotelessHelper 1.0.9
"SpotifyRemotelessHelper 1.1.0" = SpotifyRemotelessHelper 1.1.0
"SpotifyRemotelessHelper 1.1.1" = SpotifyRemotelessHelper 1.1.1
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"ViewpointMediaPlayer" = Viewpoint Media Player
"VistaSwitcher" = VistaSwitcher
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.8
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3461612616-2689495137-3471132024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Flux" = F.lux
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 2/18/2012 1:11:12 AM | Computer Name = wstrawn-LT | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

[ OSession Events ]
Error - 8/24/2010 10:41:18 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2010 10:41:21 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2010 10:41:30 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2010 10:41:33 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2010 10:41:36 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2010 10:41:45 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2010 10:41:51 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/31/2010 10:31:34 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/1/2010 7:22:00 PM | Computer Name = Wes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/31/2011 9:23:17 PM | Computer Name = wstrawn-LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/12/2012 4:16:55 PM | Computer Name = wstrawn-LT | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 2/13/2012 11:18:59 AM | Computer Name = wstrawn-LT | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/13/2012 12:13:09 PM | Computer Name = wstrawn-LT | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/13/2012 1:05:17 PM | Computer Name = wstrawn-LT | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/13/2012 1:05:38 PM | Computer Name = wstrawn-LT | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/13/2012 3:10:07 PM | Computer Name = wstrawn-LT | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/16/2012 11:14:43 AM | Computer Name = wstrawn-LT | Source = Service Control Manager | ID = 7000
Description = The Windows Firewall Authorization Driver service failed to start
due to the following error: %%183

Error - 2/16/2012 11:14:43 AM | Computer Name = wstrawn-LT | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Windows Firewall Authorization
Driver service which failed to start because of the following error: %%183

Error - 2/16/2012 11:17:35 AM | Computer Name = wstrawn-LT | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 2/16/2012 11:20:47 AM | Computer Name = wstrawn-LT | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:49 AM

Posted 18 February 2012 - 08:20 AM

Hi Weeps!

Let's continue with the cleaning process despite the crimeware flag.

Okay, not a problem!

I did get a popup tab with ISP search results for mediashare when OTL completed. MSE active protection continues to warn of two threats--didn't think about this until now, should I disable?

You can keep it enabled for now. If it needs to be disabled, I'll let you know.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    O2:64bit: - BHO: (no name) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3461612616-2689495137-3471132024-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
    O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O33 - MountPoints2\{040e38f2-47b9-11de-bd8f-00234ed36b91}\Shell - "" = AutoRun
    O33 - MountPoints2\{040e38f2-47b9-11de-bd8f-00234ed36b91}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{5f5b2997-bba5-11df-b520-002219e58a36}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f5b2997-bba5-11df-b520-002219e58a36}\Shell\AutoRun\command - "" = F:\sldim\sldim.exe
    [2012/02/17 17:06:24 | 000,048,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ewdfetxp.sys
    [2012/02/16 10:30:34 | 000,048,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nkujcixp.sys
    [2012/02/17 21:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2012/02/17 17:06:24 | 000,048,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ewdfetxp.sys
    [2012/02/16 10:30:35 | 000,048,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nkujcixp.sys
    [2012/02/16 10:13:40 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_trash.cmd
    [2012/02/12 17:39:50 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_trash.cmd
    [2011/04/24 02:18:52 | 000,009,872 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp29.html
    [2011/02/16 22:08:40 | 000,010,652 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp31.html
    [2011/01/18 18:39:51 | 000,009,150 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp48.html
    [2011/01/15 16:13:02 | 000,001,293 | ---- | C] () -- C:\Users\Wes\AppData\Local\Temp1.html
    
    :Reg
    
    :Files
    C:\Windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. ComboFix log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 18 February 2012 - 08:22 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 19 February 2012 - 02:19 PM

St,

Otl custom scan hung @ Emptytemp, tried a restart and got a broken boot. Attempting to restore to an earlier restore point, otl restore point is broken as well.

#6 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 20 February 2012 - 12:22 AM

St,

computer is back up and running--finally found a restore date (8 days ago) that worked. I would assume we are back to square one. I will wait your advice on the next steps before taking any action myself.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:49 AM

Posted 20 February 2012 - 06:53 AM

Hi!

Sorry to hear you experienced a hiccup with running the OTL fix.

Please proceed with the ComboFix instructions in my previous post.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 20 February 2012 - 11:06 AM

ST,

1. Combofix behaved very strangely--the initialization window ran within moments of starting, but the actual scan didn't run until about ten hours later. Not sure if this is anything of import or just a weird glitch.

2. I was finally successful in getting a log file from the OTL custom scan.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3461612616-2689495137-3471132024-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3461612616-2689495137-3471132024-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3461612616-2689495137-3471132024-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send image to &Bluetooth Device...\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send image to &Bluetooth Device...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{040e38f2-47b9-11de-bd8f-00234ed36b91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{040e38f2-47b9-11de-bd8f-00234ed36b91}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{040e38f2-47b9-11de-bd8f-00234ed36b91}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{040e38f2-47b9-11de-bd8f-00234ed36b91}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f5b2997-bba5-11df-b520-002219e58a36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f5b2997-bba5-11df-b520-002219e58a36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f5b2997-bba5-11df-b520-002219e58a36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f5b2997-bba5-11df-b520-002219e58a36}\ not found.
File F:\sldim\sldim.exe not found.
File C:\Windows\SysNative\drivers\ewdfetxp.sys not found.
File C:\Windows\SysNative\drivers\nkujcixp.sys not found.
C:\Windows\Tasks\At1.job moved successfully.
File C:\Windows\SysNative\drivers\ewdfetxp.sys not found.
File C:\Windows\SysNative\drivers\nkujcixp.sys not found.
C:\Windows\SysNative\dds_log_trash.cmd moved successfully.
File C:\Windows\SysNative\dds_log_trash.cmd not found.
File C:\Users\Wes\AppData\Local\Temp29.html not found.
File C:\Users\Wes\AppData\Local\Temp31.html not found.
File C:\Users\Wes\AppData\Local\Temp48.html not found.
File C:\Users\Wes\AppData\Local\Temp1.html not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\tasks\At*.job not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wes\Desktop\cmd.bat deleted successfully.
C:\Users\Wes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.33.1 log created on 02202012_103516

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

Registry entries deleted on Reboot...

3. Combofix log

ComboFix 12-02-19.02 - wstrawn 02/20/2012 20:16:27.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.834 [GMT -5:00]
Running from: c:\users\Wes\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wes\GoToAssistDownloadHelper.exe
c:\users\Wes\videos\avidemux_2.5.3_win32.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\system32\elservice.dll
c:\windows\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lmimirr
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 01:37 . 2012-02-21 01:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-21 01:37 . 2012-02-21 01:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-21 01:37 . 2012-02-21 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 01:37 . 2012-02-21 01:37 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-02-21 01:37 . 2012-02-21 01:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-20 15:39 . 2012-02-20 15:39 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-20 15:35 . 2012-02-20 15:35 -------- d-----w- C:\_OTL
2012-02-20 14:58 . 2012-02-20 14:58 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-02-20 05:31 . 2012-02-20 05:31 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-20 05:06 . 2011-11-05 06:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcrt19.dll
2012-02-20 05:06 . 2011-11-05 06:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2012-02-20 04:50 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6231B30-6718-4191-BC84-3FE1DBBC7770}\mpengine.dll
2012-02-18 05:39 . 2012-02-18 05:39 -------- d-----w- c:\users\Wes\AppData\Local\Secunia PSI
2012-02-18 05:39 . 2012-02-19 12:20 -------- d-----w- c:\program files (x86)\Secunia
2012-02-08 19:14 . 2012-02-08 19:14 -------- d-----w- c:\users\Wes\AppData\Roaming\SQL Maestro Group
2012-02-08 19:05 . 2012-02-12 08:56 -------- d-----w- c:\program files (x86)\SQL Maestro Group
2012-01-23 06:43 . 2012-01-23 10:54 -------- d-----w- c:\program files (x86)\AquaSnap
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 01:30 . 2011-12-01 19:55 15 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-01-29 10:10 . 2009-10-04 05:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 20:47 . 2012-01-19 20:47 116016 ----a-w- c:\windows\system32\drivers\96424688.sys
2012-01-17 09:39 . 2012-02-20 10:07 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E85A70EA-3E58-4C7B-B6E7-F84453AAF782}\mpengine.dll
2012-01-12 21:14 . 2011-05-19 02:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2010-09-15 15:19 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-22 15:29 . 2011-12-22 15:29 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-21 01:57 . 2011-12-21 01:57 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-12-10 20:24 . 2009-06-12 03:58 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 17:53 . 2011-11-30 17:53 32544 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-11-30 17:53 . 2011-11-30 17:53 57120 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-11-24 04:52 . 2011-12-15 05:33 3145216 ----a-w- c:\windows\system32\win32k.sys
2010-08-15 06:22 . 2010-09-21 15:12 4868096 ----a-w- c:\program files\iFunBox.exe
2010-08-15 06:22 . 2010-09-15 20:06 4868096 ----a-w- c:\program files (x86)\iFunBox.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemotelessHelper"="c:\program files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2011-12-12 2280448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Prey Laptop Tracker"="c:\prey\platform\windows\cron.exe" [2010-03-30 216648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Immunet Protect"="c:\program files\Immunet Protect\3.0.5\iptray.exe" [2011-11-30 3508512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Wi-Fi Sync"="c:\program files (x86)\Wi-Fi Sync\wifisync.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"niDevMon"=c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdate1c9c6d5e2621c00;Google Update Service (gupdate1c9c6d5e2621c00);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [x]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [x]
R3 ni1065k;NI PXI-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [x]
R3 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [x]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [x]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [x]
R3 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [x]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [x]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [x]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [x]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [x]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [x]
R3 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2008-06-20 129144]
R3 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2008-06-18 192112]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [x]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [x]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [x]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [x]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [x]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [x]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [x]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [x]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [x]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [x]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [x]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [x]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [x]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [x]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [x]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [x]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [x]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [x]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [x]
R3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 36368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/21 21:54];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 16:18 146928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/30 18:17];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-09-11 18:36 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\SYSTEM32\LXDDCOMS.EXE [2007-05-25 567216]
S2 LXDDCATSCustConnectService;LXDDCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\X64\3\\LXDDserv.exe [2007-05-25 34224]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-05-09 94224]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2007-11-15 58896]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-10-19 456736]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2007-08-16 19728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nipxirmk
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - sptd
*Deregistered* - xtxplat
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000Core.job
- c:\users\Wes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 18:40]
.
2012-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000UA.job
- c:\users\Wes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 18:40]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 01:16]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 01:16]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000Core.job
- c:\users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 00:32]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000UA.job
- c:\users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 00:32]
.
2012-02-21 c:\windows\Tasks\User_Feed_Synchronization-{307A2313-033D-4920-97F1-A5A57CC00460}.job
- c:\windows\system32\msfeedssync.exe [2011-06-27 20:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"NWTRAY"="NWTRAY.EXE" [2008-07-21 35088]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF250.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lmimirr
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\w8dxnrhq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28780470.sys
SafeBoot-92520701.sys
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PolarClock3 - c:\windows\system32\PolarClock3.scr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,61,94,71,3f,33,e0,46,ad,96,59,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,61,94,71,3f,33,e0,46,ad,96,59,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-20 21:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 02:04
.
Pre-Run: 109,567,950,848 bytes free
Post-Run: 109,031,673,856 bytes free
.
- - End Of File - - 1747D923F32FE988B72020C564C81C6C


4. Google is no longer redirecting to abnow on firefox and chrome. I DID finally get a successful reboot after running OTL custom scan and again after combofix finally ran.

Edited by Weeps, 20 February 2012 - 09:12 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:49 AM

Posted 21 February 2012 - 02:28 AM

Hi Weeps!

1. Combofix behaved very strangely--the initialization window ran within moments of starting, but the actual scan didn't run until about ten hours later. Not sure if this is anything of import or just a weird glitch.

Thanks for bringing that to my attention. It sounds like it may have been related to the infection you have/had. It can be very stubborn.

I'm glad to hear that Google doesn't appear to be redirecting anymore. We are making some progress here, but do have some work to do still.

Lets continue.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
File::
c:\windows\system32\dds_log_trash.cmd
C:\Windows\SysNative\elservice.dll
Driver::
lmimirr
Netsvc::
lmimirr

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. MalwareBytes' Anti-Malware log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 February 2012 - 09:57 AM

ST,

1. I have been unable to get combofix to run again. Same basic pattern, the initialization window runs, but the command-prompt style scan window never shows.

3. Malwarebytes Scan log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wstrawn :: WSTRAWN-LT [administrator]

2/21/2012 10:06:33 AM
mbam-log-2012-02-21 (10-06-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 734880
Time elapsed: 8 hour(s), 52 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\00000001.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000c0.@.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cb.@.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cf.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir (Trojan.Siredef) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\elservice.dll.vir (Trojan.Siredef) -> Quarantined and deleted successfully.

(end)

4. Other than combofix's inability to run, the computer seems to be running very well. No popups, no redirects, idle cpu and memory use are down.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:49 AM

Posted 22 February 2012 - 11:36 AM

Hi!

Sorry to hear ComboFix still won't run for you.

Could you try downloading a new copy and save it to your C:\ drive with the name svchost and see if you can run the script then.

If not, run this OTL scan for me:

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 February 2012 - 03:19 PM

Still no luck on combofix. OTL scan went off without a hitch this time, though.

OTL logfile created on: 2/22/2012 1:47:46 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Wes\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 56.41% Memory free
7.93 Gb Paging File | 6.03 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.60 Gb Total Space | 97.70 Gb Free Space | 21.68% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.25 Gb Free Space | 35.02% Space Free | Partition Type: NTFS

Computer Name: WSTRAWN-LT | User Name: wstrawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk - C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Wes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe - (Logitech, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Wes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Wes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sidebar.exe.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Wes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Window Manager.lnk - C:\Users\Wes\AppData\Roaming\Microsoft\Installer\{E78A46BF-5B7A-462D-81E9-D51A36B0E8D2}\_2D0F386997B71C1B007905.exe - ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: FAStartup - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: FATrayAlert - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: RemotelessHelper - hkey= - key= - C:\Program Files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: SolutoService - C:\Program Files\Soluto\SolutoService.exe (Soluto)
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Users\Wes\Documents\d410 docs\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 20:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

#13 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 February 2012 - 12:01 AM

Combofix finally ran--still having trouble with that strange, multi-hour delay between initialization and scanning.

ComboFix 12-02-19.02 - wstrawn 02/22/2012 23:17:50.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4061.1117 [GMT -5:00]
Running from: c:\users\Wes\Desktop\ComboFix.exe
Command switches used :: c:\users\Wes\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\elservice.dll"
"c:\windows\system32\dds_log_trash.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 04:38 . 2012-02-23 04:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-23 04:38 . 2012-02-23 04:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-23 04:38 . 2012-02-23 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-23 04:38 . 2012-02-23 04:38 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-02-23 04:38 . 2012-02-23 04:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-22 15:00 . 2012-02-23 04:41 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F98474B5-7254-4E0B-8AF8-AB70D3271E49}\offreg.dll
2012-02-22 14:56 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F98474B5-7254-4E0B-8AF8-AB70D3271E49}\mpengine.dll
2012-02-22 04:30 . 2012-02-22 04:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-22 04:30 . 2012-02-22 04:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-22 04:30 . 2012-02-22 04:30 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-22 04:30 . 2012-02-22 04:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-20 15:39 . 2012-02-20 15:39 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-20 15:35 . 2012-02-20 15:35 -------- d-----w- C:\_OTL
2012-02-20 14:58 . 2012-02-20 14:58 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-02-20 10:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-20 10:05 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-20 10:05 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-20 10:05 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-20 05:31 . 2012-02-20 05:31 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-18 05:39 . 2012-02-18 05:39 -------- d-----w- c:\users\Wes\AppData\Local\Secunia PSI
2012-02-18 05:39 . 2012-02-19 12:20 -------- d-----w- c:\program files (x86)\Secunia
2012-02-08 19:14 . 2012-02-08 19:14 -------- d-----w- c:\users\Wes\AppData\Roaming\SQL Maestro Group
2012-02-08 19:05 . 2012-02-12 08:56 -------- d-----w- c:\program files (x86)\SQL Maestro Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 04:47 . 2011-12-01 19:55 15 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-01-29 10:10 . 2009-10-04 05:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 20:47 . 2012-01-19 20:47 116016 ----a-w- c:\windows\system32\drivers\96424688.sys
2012-01-17 09:39 . 2012-02-20 10:07 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E85A70EA-3E58-4C7B-B6E7-F84453AAF782}\mpengine.dll
2012-01-12 21:14 . 2011-05-19 02:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-22 15:29 . 2011-12-22 15:29 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-21 01:57 . 2011-12-21 01:57 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-12-10 20:24 . 2009-06-12 03:58 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 17:53 . 2011-11-30 17:53 32544 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-11-30 17:53 . 2011-11-30 17:53 57120 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2010-08-15 06:22 . 2010-09-21 15:12 4868096 ----a-w- c:\program files\iFunBox.exe
2010-08-15 06:22 . 2010-09-15 20:06 4868096 ----a-w- c:\program files (x86)\iFunBox.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-21_01.52.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-15 08:09 . 2011-11-03 22:32 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-22 08:04 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-22 08:04 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-12-15 08:09 . 2011-11-03 22:37 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-22 08:04 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-12-15 08:09 . 2011-11-03 22:37 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-15 07:00 . 2012-02-22 08:19 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-15 07:00 . 2012-01-13 15:24 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-12-15 08:09 . 2011-11-04 01:35 96256 c:\windows\system32\mshtmled.dll
+ 2012-02-22 08:04 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
- 2011-12-15 08:09 . 2011-11-04 01:41 85504 c:\windows\system32\jsproxy.dll
+ 2012-02-22 08:04 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 04:46 . 2012-02-22 18:49 83816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-04-27 05:21 . 2012-02-22 08:21 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-02-22 11:16 . 2012-02-22 11:16 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\57cb485ab08b96f12873e220be9a5840\System.Windows.Presentation.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\b3f53da5b017f9b867201893553a6b01\System.Web.ApplicationServices.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\604691fa729c36593aa141b07addb1da\System.Windows.Presentation.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\df5e961346901ef1662daac2708f3888\System.Web.ApplicationServices.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce55cdba82e9103fc891b17d90f5a38f\System.ServiceModel.Channels.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\265f654b8eed2ac1e42d225a30433c37\System.Windows.Presentation.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\62889e05923a83fa32400e7f3b28f9c6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 48640 c:\windows\assembly\NativeImages_v2.0.50727_64\SldServiceClients\ab70f41b89f2979e64ae2b273d5323b0\SldServiceClients.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 45568 c:\windows\assembly\NativeImages_v2.0.50727_64\SldService\306861bf42eccdd309f463be346d144e\SldService.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\SldJobs\43d9ddcb0cf45e8459c772bc766839ee\SldJobs.ni.dll
- 2012-02-16 15:49 . 2012-02-16 15:49 82944 c:\windows\assembly\NativeImages_v2.0.50727_64\SketchWPF\1b40a6547e1565898f0870ff8c0cb09f\SketchWPF.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 82944 c:\windows\assembly\NativeImages_v2.0.50727_64\SketchWPF\1b40a6547e1565898f0870ff8c0cb09f\SketchWPF.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 48128 c:\windows\assembly\NativeImages_v2.0.50727_64\SketchUI\cec9081243aeba1da09b1aff4dd0a0fc\SketchUI.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 37376 c:\windows\assembly\NativeImages_v2.0.50727_64\SketchOperation\53418362882b8b31f93b447663363151\SketchOperation.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\SheetMetalWPF\1783c85cae7b3395a65b016817dc6c67\SheetMetalWPF.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 44544 c:\windows\assembly\NativeImages_v2.0.50727_64\SheetMetalUi\66af1e38d5cd81e902fad7923154cf35\SheetMetalUi.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 95232 c:\windows\assembly\NativeImages_v2.0.50727_64\RefGeomUI\62c43e054bed14c3a041ee2d6c7b825a\RefGeomUI.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 34304 c:\windows\assembly\NativeImages_v2.0.50727_64\RefGeomOperation\99e38de7c64ba3584ce2a451b97b586c\RefGeomOperation.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\c1577aa4e5874f1debc9a63343e5a0d7\PresentationFontCache.ni.exe
+ 2012-02-22 10:42 . 2012-02-22 10:42 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\697c9c4ec947a0a5e21bc9e4c6471b74\PresentationCFFRasterizer.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\OperationBase\fad92a9d797e6c0b4aba98364624874b\OperationBase.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\2d80e48139b13bf06e85c0c1db06bc20\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\df5c0dac9e7db175acc8a9755942f87f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8a9356f77bd1d1155202f59119ee57c9\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4e53199f22c13aa3e4bc6f063da0aee7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0f361440d7cbda4bf5b44bfbd4623812\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 35328 c:\windows\assembly\NativeImages_v2.0.50727_64\Manipulator\ef5c421307d7ffe92dfe2e30fb087a3d\Manipulator.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 69632 c:\windows\assembly\NativeImages_v2.0.50727_64\FeatureWPF\e4ff5cb5d82b897be6034651364544c3\FeatureWPF.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 52736 c:\windows\assembly\NativeImages_v2.0.50727_64\FeatureUI\476a331ac53089e29b9ae50e747d6507\FeatureUI.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 34816 c:\windows\assembly\NativeImages_v2.0.50727_64\FeatureOperation\99e372df7c591655d2a0ba7e9db3a6ff\FeatureOperation.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 80384 c:\windows\assembly\NativeImages_v2.0.50727_64\EnvironmentWPF\38e486c092c6d728bc80204b9baab664\EnvironmentWPF.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\EnvironmentUI\86671f3012a9af2e3fed0b8271d7fbb4\EnvironmentUI.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 30720 c:\windows\assembly\NativeImages_v2.0.50727_64\EnvironmentOperation\aedd52745c8969e0ac7fe75420f04e91\EnvironmentOperation.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 31232 c:\windows\assembly\NativeImages_v2.0.50727_64\EnvironmentCore\77d24eee2a7410fd4ce4c9c3b18b575d\EnvironmentCore.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 68096 c:\windows\assembly\NativeImages_v2.0.50727_64\DveSupport\3348f7183a4790152f051fae5a8ba3fb\DveSupport.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 53760 c:\windows\assembly\NativeImages_v2.0.50727_64\DebugControls\9f9b79ee4ef67c69765fa44fcc66787a\DebugControls.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 48640 c:\windows\assembly\NativeImages_v2.0.50727_64\asmfeaturewpf\6095adc888b7227f45aef5c11cb69caf\asmfeaturewpf.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\asmfeatureui\618cfe517f86fce424dea80dfc03965d\asmfeatureui.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\8328d29d518f6c8ece7aa42e4edc03bf\WindowsLiveWriter.ni.exe
+ 2012-02-22 10:48 . 2012-02-22 10:48 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d6c0eef5ed0b5a5ac9fe9eff34a258e\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\df6e2f050af3e7a7676650240ef9d7e5\System.Windows.Presentation.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e66fcffbc602b284e20b6c49f4ac64b6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2463cb2600fc129e38f67974f3553368\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 85504 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLPS\46d0b5aecab3f5b413fcbcd93ffa456a\SQLPS.ni.exe
+ 2012-02-22 10:54 . 2012-02-22 10:54 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bef92fc6725738f2a261600dab88cd66\PresentationFontCache.ni.exe
+ 2012-02-22 10:37 . 2012-02-22 10:37 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\dcdbd6714f689d7be2a15fe8ed1bc095\PresentationCFFRasterizer.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\PerformanceCounter\d0b36d9296170bf4f7ed39d6ec5606c1\PerformanceCounter.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\3c1719f56a7c715fc3ed6a32c6232f92\PCGUsersCenter.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\2ab6601de05117643d87cdc659d1f845\PCGRSPProbe.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\5b0c4f6cd418b465d5057154171ba491\PCGHIDProbe.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGEntities\5117197fefd3865273f2c6c771ebc1f1\PCGEntities.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 63488 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\a5a82a77b2aa1a7d7bdb3e7fe17c0409\PCGConfiguration.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\7834abeef71f9188bb9d9253d8f807ab\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ef668f1802501935d634458ef637f5e7\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a66c7d26f61bb8e12960441a77159102\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\61a8d567fe6450b5b77584b0044a6979\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\52785c0dca46f1e08b5cf9299fba9ae0\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\183073b14873e3b18951879ae4a8b425\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\824d2cc6a8193a2458ce90e579c8b8f5\Microsoft.Vsa.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fc9b2facf27945b029a19546e9d0fb63\Microsoft.SqlServer.CustomControls.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 89088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ea2a5b1c253e6d51ebdc6397aa4bc99b\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e60326899a56f3e3cef563c61cbc37cd\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 84480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e163c73e354f26bb48e6937dae45679c\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d587a6b6a0f1fe877c459e1a587a7ad2\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 69120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d2ee8dbe03b591009b1540c500e26b22\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 52224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c716372f839094658457bffbe67c3407\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b99af8e588490d13f62b5835855fc66c\Microsoft.SqlServer.DlgGrid.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b947653794ed472d2dc0a395dd409444\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b11ce533a0d0b82225a1fa047f000a00\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ae2e4d58f218b843be18040385d151d8\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a7167f8da44b45db7a20a0a783b858d7\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\86bb3b0199c1cadc57aa55af9f3bb450\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\68419feed1512e7a2c07279a0bed3ed6\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\61021aa9fb1dfb6f5986192eb56e80af\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5efd18e11c15a514e255e9c02987aca2\Microsoft.SqlServer.Management.PowerShellTasks.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5d48c156fea5c5ebc5c7415390f291e2\Microsoft.SqlServer.DTEnum.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5c0c29bbfeb6e2a13f5aeb8b74dec2ae\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\486b616c17ae6279cf7dd0858970c265\Microsoft.SqlServer.Dts.Design.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\23efc2732d4e9d1fdaae06ba4905a343\Microsoft.SqlServer.ForEachFromVarEnumerator.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13d98cf3a4fcb0c87d136a3eeba109ad\Microsoft.SqlServer.TableTransferGeneratorTask.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 96256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13738e1627f929e4cfb1ef8b72087be7\Microsoft.SqlServer.OlapEnum.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\117686b9adf794ac920aa8af2702e732\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 69632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\09bc9ba79a0d31cd11f8ee226be68938\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0805cdd82847e669db658decd13f6097\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 55808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\071c8558eae61e60bfe054e5e34e83c2\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\555eb0461aa5704ccc2313385f2d3b90\Microsoft.DataWarehouse.Interfaces.ni.dll
- 2012-02-21 01:47 . 2012-02-21 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-23 04:41 . 2012-02-23 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-23 04:41 . 2012-02-23 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-21 01:47 . 2012-02-21 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-22 08:04 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
- 2011-12-15 08:09 . 2011-11-03 22:38 231936 c:\windows\SysWOW64\url.dll
+ 2012-02-22 08:04 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2011-12-15 08:09 . 2011-11-03 22:34 716800 c:\windows\SysWOW64\jscript.dll
- 2011-12-15 08:09 . 2011-11-03 22:28 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-22 08:04 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-22 08:04 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
- 2011-12-15 08:09 . 2011-11-04 01:43 237056 c:\windows\system32\url.dll
- 2010-10-18 03:16 . 2012-01-13 17:42 711754 c:\windows\system32\perfh00E.dat
+ 2010-10-18 03:16 . 2012-02-22 08:27 711754 c:\windows\system32\perfh00E.dat
- 2010-10-18 03:32 . 2012-01-13 17:42 718912 c:\windows\system32\perfh00C.dat
+ 2010-10-18 03:32 . 2012-02-22 08:27 718912 c:\windows\system32\perfh00C.dat
- 2010-10-18 02:25 . 2012-01-13 17:42 512962 c:\windows\system32\perfh00B.dat
+ 2010-10-18 02:25 . 2012-02-22 08:27 512962 c:\windows\system32\perfh00B.dat
- 2009-07-14 02:36 . 2012-01-13 17:42 695582 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-22 08:27 695582 c:\windows\system32\perfh009.dat
- 2010-10-18 03:32 . 2012-01-13 17:42 514060 c:\windows\system32\perfh001.dat
+ 2010-10-18 03:32 . 2012-02-22 08:27 514060 c:\windows\system32\perfh001.dat
- 2010-10-18 03:16 . 2012-01-13 17:42 175778 c:\windows\system32\perfc00E.dat
+ 2010-10-18 03:16 . 2012-02-22 08:27 175778 c:\windows\system32\perfc00E.dat
+ 2010-10-18 03:32 . 2012-02-22 08:27 138260 c:\windows\system32\perfc00C.dat
- 2010-10-18 03:32 . 2012-01-13 17:42 138260 c:\windows\system32\perfc00C.dat
- 2010-10-18 02:25 . 2012-01-13 17:42 109616 c:\windows\system32\perfc00B.dat
+ 2010-10-18 02:25 . 2012-02-22 08:27 109616 c:\windows\system32\perfc00B.dat
+ 2009-07-14 02:36 . 2012-02-22 08:27 133856 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-13 17:42 133856 c:\windows\system32\perfc009.dat
+ 2010-10-18 03:32 . 2012-02-22 08:27 106452 c:\windows\system32\perfc001.dat
- 2010-10-18 03:32 . 2012-01-13 17:42 106452 c:\windows\system32\perfc001.dat
- 2011-12-15 08:09 . 2011-11-04 01:39 818688 c:\windows\system32\jscript.dll
+ 2012-02-22 08:04 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
+ 2012-02-22 08:04 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
- 2011-12-15 08:09 . 2011-11-04 01:30 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2012-02-20 15:40 458280 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-02-22 10:33 458280 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-05 18:04 . 2012-02-23 04:39 522184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-05 18:04 . 2012-02-21 01:45 522184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-02-21 01:45 427188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-23 04:39 427188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-04-27 05:21 . 2012-02-22 08:21 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-11-11 08:06 . 2012-01-13 17:24 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-11-11 08:06 . 2012-02-22 08:21 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-02-22 11:16 . 2012-02-22 11:16 322048 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\40540c03291e3ac5b25872fe89456f76\WindowsFormsIntegration.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\79c0d930b22d57b3795a23e8cf4ae339\UIAutomationClient.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 525824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\f5b529f1da649c5998c523d3412708a3\System.Xml.Linq.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 254976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\833eb7ed2b9b4f4a43c7ecef9d39b154\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\faf6ee08bef617b1b4eb64e80fc9dd3f\System.Transactions.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 280576 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a114236d0bac4da2245a8a1a911df9be\System.ServiceProcess.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 107520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\cbb0d18f1a2faaef43579d108cb9769d\System.ServiceModel.Channels.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 507904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3abcdd3dbf4e5a15da6bdb16533be12b\System.ServiceModel.Routing.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 939520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\b7c45b29b15a4e877acae90d9423f258\System.Security.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\d2100d0654823a28dc51545364dede90\System.Runtime.Remoting.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 930304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\07550d3ae4740eed489ab8a65cf7b460\System.Net.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\2426139390142365d7de219ebf74b099\System.Messaging.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\226f38bfd875eca371d175f09d0027e1\System.Management.Instrumentation.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\2161d0fe5c4fa4b6b87ba9fb107739c4\System.IO.Log.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\c2b796d1d8d510e5ca48af8bc2eea00c\System.IdentityModel.Selectors.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\459e21f276317217908defaaaadea691\System.EnterpriseServices.Wrapper.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 511488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\1c8544cb8a02b676edf325b317d75229\System.Dynamic.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 628736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\839c851c31cc41fa44a7370aeb2993bc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\915d6e86437ddbf18b542ac79842c8e2\System.Device.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\2e8cbe484bcbc57dae63a3a2a462a2c3\System.Data.DataSetExtensions.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 181248 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\66485b6f04f9f55dfef98627a86d5a84\System.Configuration.Install.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a7ebe959846915257abc4c8211081ccc\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\0eb88c82dad6f5f207a96dbc6014ae42\System.AddIn.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 553472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\381c3330a6775e014e5b87d268508ec1\System.Activities.DurableInstancing.ni.dll
+ 2012-02-22 08:44 . 2012-02-22 08:44 430080 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\bd3be0c279118bfc76399eb3aff704df\SMSvcHost.ni.exe
+ 2012-02-22 08:51 . 2012-02-22 08:51 184832 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\33618b9734deea5fbecb39ab62f32fca\SMDiagnostics.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e23c178819bb06012d6744f7900c9efb\PresentationFramework.Classic.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 745984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\95fa31c302785fe46d9bd1d6a480869b\PresentationFramework.Luna.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 555520 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78cc0c87a0624198b908c4e26a40edf5\PresentationFramework.Aero.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 387584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1dbe73e60643d1d6c7e181e0938db9ef\PresentationFramework.Royale.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e8c16fc2337980a47f43c2fe6c36b119\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\4e2b337fb518166eeb43cd403f75b1c7\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\5b2066cece646c758c73a13cca7c82b7\WindowsFormsIntegration.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1bc856ec98668f28b06dc195e6f73603\UIAutomationClient.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a6f500c40e3fa7da71110af6c0a60ac\System.Xml.Linq.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\ca11ffdc7fa5af9ba6902d72b0b932c2\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f1a00750deae84241a140f4e4233fe71\System.ServiceModel.Routing.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ecf10c574f8bd9a05b021e7880a1041c\System.Net.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f751ad889c61578ae7e1d656e798cd72\System.Messaging.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\98ec4a836fdbe4d88306206d6fc326ec\System.Management.Instrumentation.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3aada4dce5c9f819d192b0bba0a298bc\System.IO.Log.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\015d3fcedc60e04e3fce6aa3b63057d9\System.IdentityModel.Selectors.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\30bdf637fad5e84fc46d7322f487c801\System.Dynamic.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e05bc4bfe46686b77f1e28b466f79363\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9ada0ce9819a2eeb6d3b7d4942cf278f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\fa66f17c3937c91c1b480c24aa602812\System.Device.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8b353356367e7da5d31e49057a59c749\System.Data.DataSetExtensions.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ac4bd5fece3ee7b1632817a509bcd909\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\768ccd38c2bf1f7045e79ac03cb679f1\System.ComponentModel.Composition.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\266d00e0694b48964ead82a67657462b\System.AddIn.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\754d38ef09a80e6bc721a0039d72b65b\System.Activities.DurableInstancing.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\024df3845eee3a86a396d972162fffc4\SMSvcHost.ni.exe
+ 2012-02-22 10:56 . 2012-02-22 10:56 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ba4bc24df463a622c0e918d8c49672ed\SMDiagnostics.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\daec0a92c216faca879f205a2e8e8169\PresentationFramework.Aero.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\446fc2e471272940ddac8c8c949000cf\PresentationFramework.Classic.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b96029bc172f2b207470514f068e6a10\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\d6386aaa2c8ab67caaee9684c3842c04\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\600f8ca5fcc54f10623903952fcc10ac\WsatConfig.ni.exe
+ 2012-02-22 11:01 . 2012-02-22 11:01 189440 c:\windows\assembly\NativeImages_v2.0.50727_64\WPFRes\ddb466327ece07f437c44754c692a9d5\WPFRes.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ddb96c334583dc79463edcb14ae16c99\WindowsFormsIntegration.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 140800 c:\windows\assembly\NativeImages_v2.0.50727_64\UiBase\cb5bb87f6adfb2bc7d173771c56c887d\UiBase.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\152b577b846875cb3ac5e2097451daf0\UIAutomationClient.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\fb5fce5cf09733b71a796d1da399f07a\TaskScheduler.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 284672 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\c68c8e0f810833490aa3c9ab4f1f7a17\TaskScheduler.ni.dll
+ 2012-02-22 11:08 . 2012-02-22 11:08 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\bc3bbe78635aeacaeea3b310ea5ff002\System.Xml.Linq.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\894b696a87ad47b5e18ac89954813a94\System.Web.Routing.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ed681c0aefa909f528d50d0d7f87b799\System.Web.RegularExpressions.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a6885ee42ea49eb80f1bd18a5252684d\System.Web.Entity.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\88ffeea88ac9ce23de0c5a27a95e773a\System.Web.Entity.Design.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7a311c3305dbbd5cfa2613997608a4ae\System.Web.DynamicData.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e5069f3c90b4413dd2f3dc226c80bc68\System.Web.Abstractions.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\caa6d0e3ec056ab964616da777c2fcb1\System.Transactions.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\872d9ab7e9259b407668c38b6112499e\System.ServiceProcess.ni.dll
+ 2012-02-22 10:40 . 2012-02-22 10:40 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\ffc67ee81b75ac04dfc1fee6a7fef8c5\System.Security.ni.dll
+ 2012-02-22 10:42 . 2012-02-22 10:42 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\bc8c5bdae37a113b2274279ceb94d6d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e238ca4ca02f9309283c98e1a4235bbd\System.Net.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\c340633057ed6b9ffcf2214cb348a1fa\System.Management.Instrumentation.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\c24a84d54ad05618cf6cab545c31b06b\System.IO.Log.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\f1fd4593259aaf5fd2b2e9a7aed2d8cb\System.Drawing.Design.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3c2c8f083f34a3c75e0aa17ef9ac4127\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\be6635364f1af379afff83dd877a4e03\System.Data.Services.Design.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\027959159200e828ccfddaef5f01b3a9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\e71e38d2ca2cd291467d890336f45931\System.Configuration.Install.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\8c954be3f8d070b1364844741ff4b4b1\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\bd9159951d0caa9bf5c90c44fc96661b\System.AddIn.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8bfc7a328911ae69686576bd24f4f771\SMSvcHost.ni.exe
+ 2012-02-22 11:03 . 2012-02-22 11:03 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 438272 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\bb295a05a467ce0e3efbbe3dd32afe16\ServiceModelReg.ni.exe
+ 2012-02-22 11:05 . 2012-02-22 11:05 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\b92e9816d6f35ffb11dc27e00dfa9f98\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 119808 c:\windows\assembly\NativeImages_v2.0.50727_64\RefPlaneWPF\edc49ba70ebd2781ccfacc452f953f73\RefPlaneWPF.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\cc864feeea3e918e3d9790b301bb2004\PresentationFramework.Royale.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ab440c134c4d619f82ba6eab569c8fed\PresentationFramework.Luna.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e79d12dc8bede29dc337dba8d803bfa\PresentationFramework.Aero.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e6121dbd31ce6b51354b38075dc9007\PresentationFramework.Classic.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\9c808282a0cfdc5bafcb43e1778d97d6\napsnap.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\279a67c6b9b3e553846c8d5a90060401\napsnap.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 154624 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\a27fd4d71fc638f76cb7e7dc21197aef\napinit.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\616ce317134d4225fc7eec80f9351855\napinit.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a4b5d98bf175a3f10c47f223195c34b0\MSBuild.ni.exe
+ 2012-02-22 11:04 . 2012-02-22 11:04 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\04532b2b5174ca249e01a8b21d0ba6fd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5cd854d075caf8b50de3c803b4303e03\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b2438f632ab1dcbb1cb91c5a1226aaf1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\593d4852da5730b2745a902cb765bf9b\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\3d43619866c6867be1396abed412ead0\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\2bd4bf486059581106a5d16bd9fe853f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 318976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\23a1aeed1d0c341d10190166f16923aa\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d7f5b39fba028d2f9e2b3a772845a2a6\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\71542ecf96342dc1464fe471852be89a\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bafa5e2dc431bb12108395cf2e18773\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\b232ba7650e5449bb5dfa5c1818763ef\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\6380c4a4aa90e1047f6b160077983dbb\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\c467a4d9eeda620e3e7602a9ecf9ae76\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\6a6fa7724d13030a9e6fa097b8bf2e81\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\4ad25d1d04dc7511507cc7c7f2863e65\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 637952 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\c27f0346fb350d3542aef1552b15af30\EventViewer.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 529408 c:\windows\assembly\NativeImages_v2.0.50727_64\Controls\d49ae6316107fc17b0728c135439db42\Controls.ni.dll
- 2012-02-16 15:49 . 2012-02-16 15:49 529408 c:\windows\assembly\NativeImages_v2.0.50727_64\Controls\d49ae6316107fc17b0728c135439db42\Controls.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-02-22 11:01 . 2012-02-22 11:01 216576 c:\windows\assembly\NativeImages_v2.0.50727_64\CmdInterface\1fc0673b1e1cdf2a48e1eb80082051b5\CmdInterface.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\105e77fbca8c5bb29988f3847b0d599f\WsatConfig.ni.exe
+ 2012-02-22 10:49 . 2012-02-22 10:49 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\899843a41e9c13c1a7dc9deeaa0f9f89\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ff11f424419cdcba84097c29cc68ef0e\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f507323a090a169410beaeabb67c3408\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e77de924ae1d5c69f66d2130f585fefc\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a9be61917cf2c1e604323fa152fa9462\WindowsLive.Writer.Api.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9731ebd6d1c19c48c2e75e989203aa03\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\931cbd5925c6d660eaa58ea70d56ede5\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\924074195b951b0f374041fa53387fa2\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e091d1ab5af23e7aee28df5955e19a8\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7292afad81273f1e93eea7f080ae05c1\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\54123378518700215d393562814b3cb8\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3451240cfc9ebbce2c2d8252ebf37380\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\026660e81c711ac299424eec446da282\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\09f92ca54d82e6ef7d88c63385e44ad4\WindowsLive.Client.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d0972fea9e965a565c3cff76982709db\UIAutomationClient.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ff345d3a2aaafb8a960c3d400e3c11a9\TaskScheduler.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\9fe13b41847402115a0004ac89d8a851\TaskScheduler.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\43e0731fbb58632563909f1fa5dfe063\System.Web.Routing.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\84ee5a23a20b65773686657254ea9831\System.Web.RegularExpressions.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\95f94674ddc4b1224df94bd7ae19c9ef\System.Web.Extensions.Design.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4c569a365154300e49ab3450f74c2618\System.Web.Entity.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fb21c5770bc64fc4105787238842f70d\System.Web.Entity.Design.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\785e2ad4125cef423bc367b37fabb71c\System.Web.DynamicData.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\685fb72f0189330eda1d62176fb38996\System.Web.Abstractions.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
+ 2012-02-22 10:36 . 2012-02-22 10:36 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2273d6ab12c9ae0d52842a84d586b8df\System.Net.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b5930434d0d624701114e014513c9041\System.Management.Instrumentation.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7651951311f9d134e6bc08be7dc9ddc7\System.IO.Log.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.Wrapper.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\eebb837dbb8e5781e448c72eeda27983\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\344d3289061b28a0f7fb19229f45bb9c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\0c3b57997c5ed60c51bbf5db303ea44b\System.Data.SqlServerCe.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\6a6642467bcccf0345c5e9139e7fd9ae\System.Data.Services.Design.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c1cf8e31da405f07780fa7b0f28cc650\System.Data.Entity.Design.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\71400a36c8621388031e00075f2fc8e9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-22 10:36 . 2012-02-22 10:36 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\47e25ae9163f4624a66f99ede0ea98fe\System.Configuration.Install.ni.dll
+ 2012-02-22 10:54 . 2012-02-22 10:54 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 125952 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\fe893664997b76d5c024698c220e8d9d\SolutoUpdateService.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 677376 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\96e2ed1bc5ad952cace4ef58ad871df9\SolutoCleanup.ni.dll
+ 2012-02-22 10:54 . 2012-02-22 10:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\17b78ffee2144cf38f024e73b131158d\SMSvcHost.ni.exe
+ 2012-02-22 10:49 . 2012-02-22 10:49 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
+ 2012-02-22 10:54 . 2012-02-22 10:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\21f8b867036a8236e3de47d79c22c57d\ServiceModelReg.ni.exe
+ 2012-02-22 10:52 . 2012-02-22 10:52 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\124694ed0b6b01394a6cd81e0827748e\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcb09488417e40b6f7f7737f737bbfd\PresentationFramework.Luna.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbd1929fa377b354903e37469838d9a1\PresentationFramework.Classic.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4ff6c887092d4db687441d71e2c812ff\PresentationFramework.Royale.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 137216 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\deeaff9d99d842785c50a8fe8ee5da1f\PCGUpgrader.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 329216 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\7e1c7c3722ba83914da01d47e63568db\PCGSAProbe.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 186368 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\1d1fcf8a8a54881f42c6f6b5e895d814\PCGPrestoSerializer.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 644096 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\664c6895aa5ec52e4791583dc4232333\PCGPostBootResources.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 172032 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\5410097f172faf6ae25cfa851a33a44b\PCGDriverProbe.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 766464 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\3136f2e8df45487439db3831633011b0\PCGDataAggregation.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 892928 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\47b6badbef72740dde4dcc12784439c3\PCGClientCommunication.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 362496 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\1bbc9de0bd1c9aa7bda8e7321cfb2060\PCGCatalogItemFootprint.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 117248 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\52dd0d9d3ffc9de93ed2d6541887d05b\PCGCatalogItemCache.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 794624 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\1bfa18504f70f34f444ae47fe40e39be\PCGBrowsersProbe.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\a06b9110b3123e52b23e3fa7afefb208\PCGBootVisualizingCore.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 195584 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\327d42725145afc3bc0fd26b3922a6e1\PCGBootVisualizingCommon.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 725504 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\b1825291a336a227dddafca14c19ada5\napsnap.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\62531ec9534c96e83de2bbd4edfd07e8\napsnap.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\bb49eea48fd5f546afc6d5be634d3cb9\napinit.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0868837c4a5e5b632b97bc7511c55f79\napinit.ni.dll
- 2012-02-16 16:50 . 2012-02-16 16:50 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ac4095081957a001a6174c0b9f7f195\MSBuild.ni.exe
+ 2012-02-22 10:51 . 2012-02-22 10:51 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ac4095081957a001a6174c0b9f7f195\MSBuild.ni.exe
+ 2012-02-22 10:51 . 2012-02-22 10:51 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\bd5a72adac7a95585984d5bcce994b71\MMCFxCommon.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\928fb6b2401fffd8cc993578c3a04acd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\edee2b0ab0fa88c4d595a5f0a0a225d0\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 219648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e9a5c49a1df4d6d5987abeaa68a2a060\Microsoft.VisualStudio.Configuration.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 822784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cb4e33e2c4446f74ed9a221eff1a8b73\Microsoft.VisualStudio.Shell.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 819200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c0065f340135f26059539f17432ee979\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a02d9acecaf9de87aeaf5596a76444a0\Microsoft.VisualStudio.Configuration.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 596480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9b99deb09c828c6f2254b8e0c6cbe6f7\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 664576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\74c07e60e319ed112f1b085672b498d9\Microsoft.VisualStudio.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 513024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5b1695bd0171fac07871a0de95633845\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 876032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4e0f3c34e0cd987cb3a3e5df10a605c9\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\481b6ebea3e357f29a4ec0e8193d36d3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 532480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fb9183cbe5e0d25eccd22a4a7b3af432\Microsoft.SqlServer.GridControl.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fa7db42478a357b912e6e94941568769\Microsoft.SqlServer.Management.PSProvider.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 137216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f9f9596ee1e75f1ce7d629d2aa299fa1\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f90d14369e565cbb2b47f3658b1c9afb\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f8915731f97cfca8b3f801949335c0a9\Microsoft.SqlServer.SQLTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 347648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ddd505f5974dcf9da2f2c6708ed4acc8\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 103424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d995c890ff6fa97bec1ff831859110c3\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c90c76bec08d1f127fae7b81b606d7a7\Microsoft.SqlServer.Management.RegisteredServers.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c73e8cf0c4dd278531980f232ce21b53\Microsoft.SqlServer.XMLTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 221184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9c6de68c1f7dde8d88bcbd131225a8cc\Microsoft.SqlServer.PackageFormatUpdate.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 288768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97744c114eca98352e047e16d2b98110\Microsoft.SqlServer.Management.CollectorTasks.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\929d835455b98c9132bda268125a7d09\Microsoft.SqlServer.DataStorage.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 999936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8691d886a1cf47b87f687865ba056b8b\Microsoft.SqlServer.WizardFramework.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 183296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\844f3192a81b289956134dc5eef3e798\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 144896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\719206ae0b45ec1aed9eafe517e37797\Microsoft.SqlServer.ADONETDest.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 248320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6f92015b402ef8418777ace04bef4c00\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 536576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6e5eebd5e0f556196be88c50cb2bc616\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6bac34f918380ec1e340060e4c5d0aa5\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 190464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4bae590790cf1967382971f1d182e435\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 674304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3a985e0943cb39e7e7df5bc8d7e3cfcc\Microsoft.SqlServer.Management.Controls.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 100352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\36dea1e2cc798452d582ced29b91a986\Microsoft.SqlServer.Management.PSSnapins.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 751104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\356f6c621091ab7f8378067761f69aeb\Microsoft.SqlServer.ManagedDTS.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 165376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\338bb86fa130c878a77911f7f7b00490\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 251904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\15780653e5ee6969e52ed94b6876455f\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\088de0c18a4312693327a7ee0b90f8b7\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 406016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\00e045aae6140004acc64141816a4e91\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.ServiceHo#\a5cb044919003db7c475f68e1ee0e649\Microsoft.ServiceHosting.ServiceRuntime.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\f21a2f175222c7013ca506b501fa5509\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\d8e67eaed0a599bbfee9457ce90b94bc\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\ac290c81209bcf6b08c83ac124c3beac\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\1283a0b3fbd29041b1304f262c75057d\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eda566c4dc6595779c3c9dfc359575ed\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4f6b6f33d84b7f438c3f3b66f0336d\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\951235283ff1d4a91ffaa92ea8693249\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5f7928a2ffe462f16e25f03be01966e9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2015eca4346e34310e958089b22a9c62\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 232960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\37012ba674a455ff78c00a5a249d649d\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6386ef67ed70f53fe6424246d256190d\Microsoft.ManagementConsole.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\6d1d13360464eef30dccee6a5ddb490e\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\241190f25d3bf25083923b2a95c662df\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exception#\15816c3e6f2f1ffcaa2d9da84f7cb6aa\Microsoft.ExceptionMessageBox.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c8e128b5e6ceee852cb1f8c165c2177e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9795da40a8ee0bc54e91792de7422152\Microsoft.Build.Utilities.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\be7ad749a064283deab76fad38bf2930\Microsoft.Build.Engine.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\f42105699650a206e2ae439ac54ad40a\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\354595cf5dfa74fcfb62013b6bf0669e\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\294ab3f3cce04bc658e33afd8781a780\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 513024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\86abee72f8bdecc8d8e868ac118a4430\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 596992 c:\windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\6f7e923a0a1b90f80b678333278ebb9d\Ionic.Zip.Reduced.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 538112 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\d1da92f7c472f6ce0238b170e44b2aff\EventViewer.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\58ea1059f397ccd13d6a8d94d7be7830\EventViewer.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\39ab6b73bdbaac85b90cc561761916f7\ComSvcConfig.ni.exe
- 2011-12-15 08:09 . 2011-11-03 22:39 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-02-22 08:04 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
- 2011-12-15 08:09 . 2011-11-03 22:40 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-22 08:04 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-22 08:04 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-02-22 08:04 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
- 2011-12-15 08:09 . 2011-11-03 22:32 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-02-22 08:04 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll
- 2011-12-15 08:09 . 2011-11-03 22:46 9705472 c:\windows\SysWOW64\ieframe.dll
- 2011-12-15 08:09 . 2011-11-04 01:44 1390080 c:\windows\system32\wininet.dll
+ 2012-02-22 08:04 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
- 2011-12-15 08:09 . 2011-11-04 01:46 1345536 c:\windows\system32\urlmon.dll
+ 2012-02-22 08:04 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-02-22 08:04 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll
+ 2012-02-22 08:04 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
- 2011-12-15 08:09 . 2011-11-04 01:36 2144256 c:\windows\system32\iertutil.dll
- 2012-02-16 15:21 . 2012-02-20 04:55 5911791 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-02-16 15:21 . 2012-02-22 10:36 5911791 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-08-11 04:09 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-02-20 10:05 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-08-11 04:09 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-20 10:05 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-26 21:36 . 2011-10-26 21:36 2829312 c:\windows\Installer\e19224.msp
+ 2012-02-03 20:13 . 2012-02-03 20:13 4988928 c:\windows\Installer\e1921a.msp
- 2009-04-27 05:21 . 2012-01-13 17:24 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-27 05:21 . 2012-01-13 17:24 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-27 05:21 . 2012-02-22 08:21 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-22 08:47 . 2012-02-22 08:47 5176320 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\2601973c90d08621a9f62821b87ae21f\WindowsBase.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\bb421617dc86f57e8a8330ce3b9b5444\UIAutomationClientsideProviders.ni.dll
+ 2012-02-22 08:45 . 2012-02-22 08:45 7038976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\3ee571c7a2e72cbe7a0b55a3364471d9\System.Xml.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 2447360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\04da8e27f67ecd5936e344454f88e4fe\System.Xaml.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 5627392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\27da4661213d305b1cee8da8cccfce8a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 2222592 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\cdc84cf075ba1511544f6fd0a6fe3955\System.Web.Services.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 2733568 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\6304bbafb30fbf3451392f86a82f6236\System.Speech.ni.dll
+ 2012-02-22 11:16 . 2012-02-22 11:16 1561600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\59310863c523dc4c161feeb2e9aaa4da\System.ServiceModel.Discovery.ni.dll
+ 2012-02-22 11:15 . 2012-02-22 11:15 1904640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3f282bf586b9c526cb49cae87061ef09\System.ServiceModel.Activities.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 3404288 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\f869c87b67266ac13d3db520d0c55f88\System.Runtime.Serialization.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 1346560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\35b10bb3231a72ddf01ffb85863f2db6\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-22 11:11 . 2012-02-22 11:11 1422336 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\caa7b375b8787616bd08cf51764ced51\System.Printing.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\c86ca28d220cc6ec82d326ac6f70331c\System.Management.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\11042862b93914f5b186914ec2f7efd2\System.IdentityModel.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 1096704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\459e21f276317217908defaaaadea691\System.EnterpriseServices.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9cb0648c04e4358cf0a4973e97db37b7\System.Drawing.ni.dll
+ 2012-02-22 08:51 . 2012-02-22 08:51 1622016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\96c400b209f628336eb3807e67a6189a\System.DirectoryServices.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\55630d38c0739d1cb9fc9e2e1d17b7ac\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 2400256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\275fb57ad2a55c4ad09e3f1ef7829269\System.Deployment.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 8580608 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\c4575c7e4c0009069af50894f1f9a01a\System.Data.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\45bd621b46ed61076d59d68c1f78a2d7\System.Data.SqlXml.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 1791488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\ae2c9ee9bc81049a7f85c188694ff9ed\System.Data.Services.Client.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 3380736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\c116116451103f1b07986795e56706d8\System.Data.Linq.ni.dll
+ 2012-02-22 08:45 . 2012-02-22 08:45 1255424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\6ac32c5e1a8db93d188d94ca1995dd9f\System.Configuration.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 1002496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\d084d7fb68d92d3364ab0ed2991e60e8\System.ComponentModel.Composition.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 5680640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\8056ed57fd143941f8af0dcd55a08c4f\System.Activities.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 4887040 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\55cf8ca05f84ad61fa5b630a6c0de064\System.Activities.Presentation.ni.dll
+ 2012-02-22 11:12 . 2012-02-22 11:12 2005504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\a2c7cdcb56954361d9c0ab72c0441e3a\System.Activities.Core.Presentation.ni.dll
+ 2012-02-22 11:11 . 2012-02-22 11:11 4127232 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\bfbb9ec87b751a9163ab5b3dd66cfc1b\ReachFramework.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 2032128 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\123090a7e24db9f917bdfda9044353aa\PresentationUI.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\d3afe04c9ffa08d8c5dcd083646141d4\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 2314752 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\c5a1cd2cb5ff83584c33c876c2ada84f\Microsoft.VisualBasic.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\54da267363a8b0bb13cd29943e110112\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-22 08:46 . 2012-02-22 08:46 1510400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\f1a8cd1f16c865cfaf7a0dc9b0ad04bb\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-22 11:14 . 2012-02-22 11:14 3312128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\194d5699d25e7537c603c9204834b1e3\Microsoft.JScript.ni.dll
+ 2012-02-22 08:45 . 2012-02-22 08:45 2009088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\11ec53fea6391c8ef87701c69e7a2bc8\Microsoft.CSharp.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e06dfa0ecf8c6c4f9848eedb9f8db0c5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-22 08:32 . 2012-02-22 08:32 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f9d4746b5e5edf68c3001feaa0f03893\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ce22f267e17c7749c6a0dd2aa3403484\System.Web.Services.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7a9b2475f61a6db6393750142765c5f1\System.Speech.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b663714058d4a0c1fcaa56e4ac223be5\System.ServiceModel.Discovery.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\685616ff1660152acefb312db7061435\System.ServiceModel.Activities.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9db486997d651f0646a089ff6cfb605e\System.Runtime.Serialization.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f56869ede7c0fddb751c39e050dd62a8\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1393672b78ebd95ec154740a55fe600b\System.Printing.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a0204aa75b8665f3c674ff18eebbf13f\System.IdentityModel.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\b828e979c92841bd6a2ddd05ee2b0b73\System.DirectoryServices.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\c100e2bfd00aa5b9f3c8e4ab6e2bfaf8\System.Deployment.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\cc02699121b243dc52e77197ad973fc3\System.Data.SqlXml.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\81b00eddd2b081f8f7546a290d5ad9ef\System.Data.Services.Client.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3d105e94140b8c742ed50a2c6194394c\System.Data.Linq.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\9ecc40af067f2aca2dda1f71500020fa\System.Activities.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\17f4e3e5193e8b645d7405eda38596be\System.Activities.Presentation.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d0abf08a9033e02b1ac26da22a51b586\System.Activities.Core.Presentation.ni.dll
+ 2012-02-22 10:57 . 2012-02-22 10:57 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9e16cb68553721cdf0bfdb8a74f428ef\ReachFramework.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\f511ee77a639501cf892d90f33927451\PresentationUI.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a2762026b87e1d578b0ad3ea3edd1a0e\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\910f1781ed5873e2f9ffec2b687c3e99\Microsoft.VisualBasic.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1d3556e5e6be255dde120df39bd18709\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a05d0a2bece90cfc10cb64ff7fe39e94\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\101b3fc8861dc9ed88896666432ae7c0\Microsoft.JScript.ni.dll
+ 2012-02-22 08:33 . 2012-02-22 08:33 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\5e4d35f27edcdebe56cc5bb5b5174275\Microsoft.CSharp.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 1976320 c:\windows\assembly\NativeImages_v2.0.50727_64\wpfsupport\ab8262828ef6226e9b9b3822c95aefbd\wpfsupport.ni.dll
+ 2012-02-22 10:40 . 2012-02-22 10:40 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\a6d9b6658c7778345cc60fe0d9bb6e64\WindowsBase.ni.dll
+ 2012-02-22 11:10 . 2012-02-22 11:10 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\dac9f71ca1332da2a359e2d07589b7e9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-22 10:40 . 2012-02-22 10:40 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\e04d9231de2f5d2ababdb425df670e63\System.Xml.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5571a92171f93c8a4806b9f1805f1c56\System.WorkflowServices.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\3b2e60a9cfedffc4c850f1d0ef17e5e1\System.Workflow.Runtime.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\809f0c7c2d0233f086f83b75f6aa9560\System.Workflow.ComponentModel.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f09110bd4c01129e8ef2e345e8b58920\System.Workflow.Activities.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\28c5f5bb725935286936596e3f5f4f38\System.Web.Services.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2b012fd0a270bdac848843047bb93312\System.Web.Mobile.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cf203792167bd243b057b8daf79e0d98\System.Web.Extensions.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\7f261dc1eaa3e4e0b93c44678888dd44\System.Web.Extensions.Design.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\a49bc70b640e21c9bcecbd8122203283\System.Speech.ni.dll
+ 2012-02-22 11:08 . 2012-02-22 11:08 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\8ef813ce3f85ea3b3f499d734ac8019e\System.ServiceModel.Web.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\8b193e216f8cf8cd74d7f63cc3ebd2d9\System.Runtime.Remoting.ni.dll
+ 2012-02-22 10:43 . 2012-02-22 10:43 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\1194371f7bf016fa5f5db6a6003af63e\System.Printing.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.ni.dll
+ 2012-02-22 10:41 . 2012-02-22 10:41 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c52a4ed4a4d301b51cae24e0d0b28ac\System.Drawing.ni.dll
+ 2012-02-22 10:43 . 2012-02-22 10:43 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cc26a70ca09b5e09736df4f2f4af045a\System.DirectoryServices.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\48a91957a4b86c3bcebec68eb1471def\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-22 10:41 . 2012-02-22 10:41 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6d33e51aa1dd1c4c8ac5bff1c7ad7b4b\System.Deployment.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\bc98c6a47226c05d244f7ffb07b6d6bf\System.Data.ni.dll
+ 2012-02-22 10:40 . 2012-02-22 10:40 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\134d55401aae7ef73c10ad743774127f\System.Data.SqlXml.ni.dll
+ 2012-02-22 11:08 . 2012-02-22 11:08 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\2dd10ff57a987aa347518b0abfcaf8b3\System.Data.Services.ni.dll
+ 2012-02-22 11:09 . 2012-02-22 11:09 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\0177f6ff2b3faf1805b3ba63e0e20ad0\System.Data.Services.Client.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\7892bc65d0be332ab0d4f5dae01d2c3c\System.Data.OracleClient.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\dd28d55dd94fb4d1e4dca6393e4b15a4\System.Data.Linq.ni.dll
+ 2012-02-22 11:08 . 2012-02-22 11:08 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\caf124d5431e8d8aba046e54a8b7dea5\System.Data.Entity.Design.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll
+ 2012-02-22 10:40 . 2012-02-22 10:40 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\da9e586395168489e96323c7cbd635a3\System.Configuration.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\cf28410026302db9a0edb5e3c19386c5\SrpUxSnapIn.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 7669760 c:\windows\assembly\NativeImages_v2.0.50727_64\sldcoreu\1d41903a33aee5b264f92b01455bef38\sldcoreu.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 3309568 c:\windows\assembly\NativeImages_v2.0.50727_64\Sketchcplu\01d935d92b38eedcc22bcdbadaf3f0db\Sketchcplu.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 2731520 c:\windows\assembly\NativeImages_v2.0.50727_64\sheetmetalcplu\03bab77669af02d3e467423a4b644627\sheetmetalcplu.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 2451968 c:\windows\assembly\NativeImages_v2.0.50727_64\refgeomcplu\a8d82b01216ec1c121e8f049e08eff68\refgeomcplu.ni.dll
+ 2012-02-22 10:43 . 2012-02-22 10:43 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c2b60ec84728f2a0b99f2113ed7eba37\ReachFramework.ni.dll
+ 2012-02-22 10:43 . 2012-02-22 10:43 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d5b793b7c0429d61e51fe917d1066df8\PresentationUI.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0618574a66f03040f765c43693bf58f6\PresentationBuildTasks.ni.dll
+ 2012-02-22 11:07 . 2012-02-22 11:07 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\49cf2c30b2ccabc24a7e9771416a705e\Narrator.ni.exe
+ 2012-02-22 11:07 . 2012-02-22 11:07 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\24f9a2d494b01bcbc6919f60a278c715\Narrator.ni.exe
+ 2012-02-22 11:07 . 2012-02-22 11:07 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8988116626390eae76ef9e492c0e2894\MMCEx.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\e05059a258a8b75d8981f29ecd9baf72\Microsoft.VisualBasic.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ecc930a57b339ba3d126b05b2d756a01\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\713f3cf6037ed7047485c738934f9054\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\2ec15928bc76c2a6af54ad507c513cd4\Microsoft.Ink.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\7c9b82506032312a1cbc644fffa73b17\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll
+ 2012-02-22 11:05 . 2012-02-22 11:05 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll
+ 2012-02-22 11:04 . 2012-02-22 11:04 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 2813952 c:\windows\assembly\NativeImages_v2.0.50727_64\featurecplu\0bfbea82f956905dd1f8158e1b40c0d8\featurecplu.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\environmentcplu\13e715146abfb155a0660f5d2b9a89f0\environmentcplu.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 3371520 c:\windows\assembly\NativeImages_v2.0.50727_64\couplingBase\254dd39e41daf62d7b44ff113f1c2e93\couplingBase.ni.dll
+ 2012-02-22 11:02 . 2012-02-22 11:02 2764288 c:\windows\assembly\NativeImages_v2.0.50727_64\asmfeaturecplu\fd8b4d476df7afe8b31e57e4997e5b8d\asmfeaturecplu.ni.dll
+ 2012-02-22 11:01 . 2012-02-22 11:01 3622912 c:\windows\assembly\NativeImages_v2.0.50727_64\apicoupleru\de13aa8bd76f009d1815dab14a8c8149\apicoupleru.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f00b551b4ea61a6d45c21e11677edb15\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e4eff9f4f7e27d7bb2517fd42f024723\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cd5a404baf5facd8eedc14e0dc39e34a\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\09c256592e3646315f12de048fd541a4\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-22 10:36 . 2012-02-22 10:36 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
+ 2012-02-22 10:56 . 2012-02-22 10:56 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c463ccf17b00f16ed8e60a6ba1cb46e5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-22 10:36 . 2012-02-22 10:36 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
+ 2012-02-22 10:36 . 2012-02-22 10:36 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\99f03be29e7f6de2f4bc278b83f0761b\System.WorkflowServices.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ee22bb1fef89981da77783c69aa1f154\System.Workflow.Runtime.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5fc69203193c26b91b068695b00bcebf\System.Workflow.ComponentModel.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e5bfe89d19b368c5eb64bdf2c3c29d7a\System.Workflow.Activities.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0eada94e6fc22ecdf69ec412fe7df0b9\System.Web.Mobile.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8ae9ee071050afc6dce19f5248817d66\System.Web.Extensions.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8e4b0ae89bdfbe3eac1b79dacef4ef79\System.Speech.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e20ce129c23781d9a8430b63edc3c24e\System.Printing.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f4d8c56c790b998bd1bb971905bfae78\System.Management.Automation.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
+ 2012-02-22 10:36 . 2012-02-22 10:36 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d7621134717a86f5062dcf80206ab164\System.Data.SqlXml.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5\System.Data.Services.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3763b8ac5fa0a96ad5100a53b10b4449\System.Data.Services.Client.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c3e0c299c00016b5ffb5006bc32dd0db\System.Data.OracleClient.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1fe993f1045190570a2c69cb32f9d62d\System.Data.Linq.ni.dll
+ 2012-02-22 10:55 . 2012-02-22 10:55 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\932542a144496e3a9cb9155270fd4492\System.Data.Entity.ni.dll
+ 2012-02-22 10:39 . 2012-02-22 10:39 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
+ 2012-02-22 10:54 . 2012-02-22 10:54 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\eab7902f5c21a08d88e11ccc3a728a12\SrpUxSnapIn.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 1483776 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoService\5a08f3b98823b04d49dc7c1993debb3d\SolutoService.ni.exe
+ 2012-02-22 10:50 . 2012-02-22 10:50 7185920 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoConsole\f58da34679ad4f37382e6f5b1d08321d\SolutoConsole.ni.exe
+ 2012-02-22 10:49 . 2012-02-22 10:49 1990144 c:\windows\assembly\NativeImages_v2.0.50727_32\Soluto\f9c63c739aa529b089515804a52739aa\Soluto.ni.exe
+ 2012-02-22 10:38 . 2012-02-22 10:38 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9f09338d4240f6ea19318665fcea008f\ReachFramework.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\10d61b241fbf27d82942eecb454105e1\PresentationUI.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2c547794ac1c167fe24904e6848d5cc\PresentationBuildTasks.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 2845696 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\7ce2b29935cdcb4405a457e908a8bab4\PCGPreCompiled.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 2413568 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\5d0c73d9e43d56a6bf76e682aa4a0e9c\PCGFramework.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 3788800 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\e88c59da8b23087389ddd0e6646f4661\PCGDatabase.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 1259520 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\74832fea660b4bfaf21d7dcd60b175c0\PCGCommunication.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 3680256 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\f7a6e335c3dd982b96c21770317ed4bb\PCGClientCommon.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 1038336 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\18ce1a8c4aace0f262e9aa583afc06ad\PCGAzureShared.ni.dll
+ 2012-02-22 10:49 . 2012-02-22 10:49 1554944 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\2596628bac954e363e75a89b7d1c421b\Newtonsoft.Json.Net35.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\308236e39e3ad82c6b5bfa2d955735e3\Narrator.ni.exe
+ 2012-02-22 10:53 . 2012-02-22 10:53 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\28fb676d22b5c29c090d8a09df872b2a\Narrator.ni.exe
+ 2012-02-22 10:53 . 2012-02-22 10:53 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b792eec16fb24a0f73ca20e1551bfcbf\MMCEx.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\44f2bd588202e6bdacf0b867c7011057\MIGUIControls.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 1832448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f9925c5dcf2729044de11ddcad6cd372\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 3930112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e8e72d4e7e35257e55486b21a0a0074b\Microsoft.VisualStudio.Editors.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\35bbd370bf2042a1ddb2b4c6a9fca64a\Microsoft.VisualStudio.Design.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 1873920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\12d267373f81ceef6668c0d59f2322eb\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2012-02-22 10:53 . 2012-02-22 10:53 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 6121984 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f602264eb0a2f568df8c101bcc427261\Microsoft.SqlServer.Smo.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 3478016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\999af5439151fbfde325fa1332d9b862\Microsoft.SqlServer.Replication.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 1509888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8cdcec0ada9f86c9c62c64e09ed414eb\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 1127424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\61a7d90d9a345fa9ca0416b090a3fef1\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 1128448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1fde9af484c54513e057ada6b84327f9\Microsoft.SqlServer.Dmf.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86fa49490bc929adf75488903f0dac4b\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-22 10:48 . 2012-02-22 10:48 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\413c3be0ba8ed04984a0bb3044e0c2e0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f66392066352b804d8022664e7bf8de\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-22 10:47 . 2012-02-22 10:47 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\09cea564f5888335ef97bd104d7e4ea6\Microsoft.JScript.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ca0dacd1a4dc23e5d7bb3e6548282b6b\Microsoft.Ink.ni.dll
+ 2012-02-22 10:52 . 2012-02-22 10:52 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\de23c7b3c400d92565312e85b6b0b00e\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 1604096 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\410a1c682b9c16005ac91917f93b32ff\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e566cc5fe7ad95b0a9fca152b335b551\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2b23923536c41d0fb8ab658f6c9a95c1\Microsoft.Build.Tasks.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b8459651fae37b63ab314350a8eff8a\Microsoft.Build.Engine.ni.dll
+ 2012-02-22 10:51 . 2012-02-22 10:51 2952192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\a2a717e70385960d2443e4f326e8ca3c\Microsoft.AnalysisServices.ni.dll
+ 2012-02-22 10:46 . 2012-02-22 10:46 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSWizard\30d9ec05caef28c2f320de02ef34d7bf\DTSWizard.ni.exe
+ 2012-02-22 10:51 . 2012-02-22 10:51 1086976 c:\windows\assembly\NativeImages_v2.0.50727_32\AmCharts.Windows\647056925cca0e1db76bc2ffcd42bd45\AmCharts.Windows.ni.dll
+ 2012-02-20 10:05 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-08-11 04:09 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-22 08:04 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2012-02-22 08:04 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll
+ 2010-09-15 15:14 . 2012-02-22 08:07 54585368 c:\windows\system32\MRT.exe
+ 2012-02-22 08:04 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll
- 2010-09-01 19:01 . 2012-02-21 01:11 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-01 19:01 . 2012-02-22 04:18 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-21 01:11 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-22 04:18 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-08 03:21 . 2012-02-23 04:39 19700572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3461612616-2689495137-3471132024-1000-12288.dat
+ 2012-02-22 08:31 . 2012-02-22 08:31 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\b0fb08b12d22c8f5a5cf76de090816e2\System.ni.dll
+ 2012-02-22 11:11 . 2012-02-22 11:11 17288192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\29001e9b4d0e438dc6fb0ac097e7da38\System.Windows.Forms.ni.dll
+ 2012-02-22 11:15 . 2012-02-22 11:15 24483840 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\01dcb185cd001144d8173ac34ff3f36a\System.ServiceModel.ni.dll
+ 2012-02-22 11:13 . 2012-02-22 11:13 18434048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\b0488d97a8c3ce3a34d31308aaba1782\System.Data.Entity.ni.dll
+ 2012-02-22 08:45 . 2012-02-22 08:45 10422272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\5b416d5f99db23c816e7309bfda5a429\System.Core.ni.dll
+ 2012-02-22 08:50 . 2012-02-22 08:50 23242240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eb7944e7e05af8441f6d8c948953e906\PresentationFramework.ni.dll
+ 2012-02-22 08:48 . 2012-02-22 08:48 15102976 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\77e55544eed1e7b6b350f2bf272346bd\PresentationCore.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
+ 2012-02-22 11:00 . 2012-02-22 11:00 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
+ 2012-02-22 10:59 . 2012-02-22 10:59 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\a275181f49dcdf245ec6a9d9287bb6c6\System.Data.Entity.ni.dll
+ 2012-02-22 08:35 . 2012-02-22 08:35 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
+ 2012-02-22 08:34 . 2012-02-22 08:34 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
+ 2012-02-22 10:40 . 2012-02-22 10:40 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\d5bc322d03a6628891b1e1232c4815af\System.ni.dll
+ 2012-02-22 10:42 . 2012-02-22 10:42 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\87a79dd88275c7e7536a0476f2ed79aa\System.Windows.Forms.ni.dll
+ 2012-02-22 10:44 . 2012-02-22 10:44 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\3ea6f4cb8bba38f9d66275c36dd8825e\System.Web.ni.dll
+ 2012-02-22 11:03 . 2012-02-22 11:03 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll
+ 2012-02-22 11:06 . 2012-02-22 11:06 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll
+ 2012-02-22 10:45 . 2012-02-22 10:45 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\0ad116b6a293e4fad1add26610df466d\System.Design.ni.dll
+ 2012-02-22 11:08 . 2012-02-22 11:08 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\00b730e56986ad4f378e420fa8606395\System.Data.Entity.ni.dll
+ 2012-02-22 10:43 . 2012-02-22 10:43 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\be975224912fc63f0398ad0c969ba144\PresentationFramework.ni.dll
+ 2012-02-22 10:41 . 2012-02-22 10:41 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0fa603af6ee814498c20f46e00e5f891\PresentationCore.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
+ 2012-02-22 10:50 . 2012-02-22 10:50 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
+ 2012-02-22 10:38 . 2012-02-22 10:38 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
+ 2012-02-22 10:37 . 2012-02-22 10:37 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemotelessHelper"="c:\program files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2011-12-12 2280448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Prey Laptop Tracker"="c:\prey\platform\windows\cron.exe" [2010-03-30 216648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Immunet Protect"="c:\program files\Immunet Protect\3.0.5\iptray.exe" [2011-11-30 3508512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Wi-Fi Sync"="c:\program files (x86)\Wi-Fi Sync\wifisync.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"niDevMon"=c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-10-19 456736]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdate1c9c6d5e2621c00;Google Update Service (gupdate1c9c6d5e2621c00);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [x]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [x]
R3 ni1065k;NI PXI-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [x]
R3 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
R3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [x]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [x]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [x]
R3 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2008-08-22 12696]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [x]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [x]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [x]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [x]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [x]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [x]
R3 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2008-06-20 129144]
R3 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2008-06-18 192112]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [x]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [x]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [x]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [x]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [x]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [x]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [x]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [x]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [x]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [x]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [x]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [x]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [x]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [x]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [x]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [x]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [x]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [x]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [x]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [x]
R3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 36368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/21 21:54];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 16:18 146928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/30 18:17];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-09-11 18:36 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\SYSTEM32\LXDDCOMS.EXE [2007-05-25 567216]
S2 LXDDCATSCustConnectService;LXDDCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\X64\3\\LXDDserv.exe [2007-05-25 34224]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-05-09 94224]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2007-11-15 58896]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [x]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2007-08-16 19728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nipxirmk
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - sptd
*Deregistered* - xtxplat
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000Core.job
- c:\users\Wes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 18:40]
.
2012-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000UA.job
- c:\users\Wes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 18:40]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 01:16]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-27 01:16]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000Core.job
- c:\users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 00:32]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461612616-2689495137-3471132024-1000UA.job
- c:\users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 00:32]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{307A2313-033D-4920-97F1-A5A57CC00460}.job
- c:\windows\system32\msfeedssync.exe [2011-06-27 20:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"NWTRAY"="NWTRAY.EXE" [2008-07-21 35088]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lmimirr
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Wes\AppData\Roaming\Mozilla\Firefox\Profiles\w8dxnrhq.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,61,94,71,3f,33,e0,46,ad,96,59,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,61,94,71,3f,33,e0,46,ad,96,59,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-02-22 23:56:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-23 04:55
ComboFix2.txt 2012-02-21 02:05
.
Pre-Run: 104,947,400,704 bytes free
Post-Run: 104,660,185,088 bytes free
.
- - End Of File - - EDDF3B44F294E45480E60FDF459E7878

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:49 AM

Posted 23 February 2012 - 01:23 AM

Hi Weeps!

Sorry to hear you're still experiencing that issue with ComboFix.

Something wacky is still going on with your computer. This infection isn't going away.

I see a few things in a previous OTL log, that I'd like to see are still on your machine, to do this, I'm going to need a new OTL log file from you to review.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$."
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Weeps

Weeps
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 February 2012 - 10:14 AM

ST,

The OTL custom scan seems to be erroring out: "List index out of bounds (1614)" as it tries to scan chrome settings. Any advice?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users