Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan win32/sirefef.AG


  • This topic is locked This topic is locked
20 replies to this topic

#1 Brian S

Brian S

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 23 May 2012 - 10:39 AM

On my personal computer (Windows XP Home), Microsoft Security Essentials is finding a trojan win32/sirefef.ag. However, after removal, the trojan shows up again. Malware AntiMalware Bytes does not find the trojan. I have tried running EmiSoft, but can not download the latest updates.

I have also tried all 3 programs in Windows safe mode to no avail. Any suggestions?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 23 May 2012 - 12:24 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Brian S

Brian S
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 24 May 2012 - 07:51 AM

My computer seems to start up fine, but I can open about 1 webpage before my internet stops responding. The Trojan seems to mess with IE 7 and Google Chrome so that I can't use them. I have saved the files to a flash drive and will it try that way.

Edited by Brian S, 24 May 2012 - 08:05 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 24 May 2012 - 10:58 AM

How is it going?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 24 May 2012 - 10:59 AM

double post

Edited by gringo_pr, 24 May 2012 - 10:59 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Brian S

Brian S
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 24 May 2012 - 01:29 PM

Ran the programs. DeFogger kept cycling back to the Disable screen, but I assume that is normal. It did say it was Finished. Also, I assume I only need to run 1 of the 3 DDS programs, correct?

Security Check:

Results of screen317's Security Check version 0.99.38
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
E
m
s
i
s
o
f
t
ECHO is off.
A
n
t
i
M
a
l
w
a
r
e
ECHO is off.
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpyHunter
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 13
Java version out of date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Emsisoft Anti-Malware a2service.exe
``````````End of Log````````````


DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 12:54:09 on 2012-05-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1439 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Emsisoft Anti-Malware *Enabled/Outdated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\documents and settings\user\application data\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\documents and settings\user\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238974342703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1327995398390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238984114801&h=f6f6ce86c8aa5a6acfac3d54643eea29/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: Interfaces\{85CDCAA2-0C04-4D40-9BCA-30F34F57638C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{882BF58B-D4E0-41FB-A9A7-A6367F6C1AC1} : DhcpNameServer = 192.168.1.22 192.168.5.26
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-3 123957]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-5-21 17904]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-3 46900]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-5-21 3065120]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-5-4 737184]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-5-21 51632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-24 17:10:53 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e0e465a-92d1-46f7-a19a-efa3ac48b3b1}\offreg.dll
2012-05-23 21:09:04 110080 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{b3cb613c-58d3-4692-b2da-8f3eac6288d4}\IconF7A21AF7.exe
2012-05-23 21:09:04 110080 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{b3cb613c-58d3-4692-b2da-8f3eac6288d4}\IconD7F16134.exe
2012-05-23 21:09:04 110080 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{b3cb613c-58d3-4692-b2da-8f3eac6288d4}\IconCF33A0CE.exe
2012-05-23 21:08:57 -------- d-----w- C:\sh4ldr
2012-05-23 21:08:57 -------- d-----w- c:\program files\Enigma Software Group
2012-05-23 21:07:51 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-23 21:07:49 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-05-21 17:22:38 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-21 17:22:27 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-05-21 17:20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-21 17:20:13 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-21 17:19:15 -------- d-----w- c:\documents and settings\user\local settings\application data\PCHealth
2012-05-20 08:34:06 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e0e465a-92d1-46f7-a19a-efa3ac48b3b1}\mpengine.dll
2012-05-20 01:49:39 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-05-23 21:09:07 1409 ----a-w- c:\windows\QTFont.for
2012-05-20 02:27:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-20 02:27:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 12:54:57.46 ===============


DDS Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2009 8:46:39 AM
System Uptime: 5/24/2012 12:09:23 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D946GZIS
Processor: Intel® Core™2 CPU 6320 @ 1.86GHz | | 1864/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 115.224 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
aioscnnr
C4USelfUpdater
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A1200 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CardRd81
CCHelp
CCScore
center
Citrix XenApp Plugin for Hosted Apps
Compatibility Pack for the 2007 Office system
CR2
Emsisoft Anti-Malware
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
essentials
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Google Chrome
High Definition Audio Driver Package - KB888111
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Java™ 6 Update 13
Kodak AIO Printer
KODAK AiO Software
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Notifier
NTI DVD-Maker
ocr
OfotoXMI
OTtBP
OTtBPSDK
PCDLNCH
PowerDVD
PowerQuest Drive Image 7.0
PreReq
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SFR
SFR2
Spotify
SpyHunter
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/24/2012 12:54:12 PM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
5/24/2012 12:20:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.309.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/23/2012 3:54:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.309.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/22/2012 7:35:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.309.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/22/2012 7:28:39 PM, error: Service Control Manager [7024] - The V2i Protector service terminated with service-specific error 2147746132 (0x80040154).
5/22/2012 7:27:35 PM, error: Service Control Manager [7022] - The V2i Protector service hung on starting.
5/22/2012 7:23:54 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.309.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/22/2012 7:23:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/22/2012 7:15:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter PQIMount SASDIFSV SASKUTIL
5/22/2012 7:07:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT PQIMount RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
5/22/2012 7:07:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:07:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:07:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:07:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:07:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/22/2012 7:07:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2012 12:26:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.309.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/20/2012 8:23:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/19/2012 9:19:46 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/19/2012 9:19:46 PM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 24 May 2012 - 02:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Microsoft Security Essentials
AV: Emsisoft Anti-Malware


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Brian S

Brian S
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 May 2012 - 07:49 AM

Emisoft, SuperAnti-Spyware, and SpyHunter were all removed from my computer. Ran ComboFix, but it would not connect to the internet to install/ update the Recovery Console. Program continued without it. After it finished, I updated definitions and ran Microsoft Security Essentials and it found Trojan:win32/sirefef.P and Trojan:win32/sirefef.K. Essentials removed the files. I shut the computer down, restarted at a later time, and ran Essentials again. Nothing was found. Tried opening the internet, it worked for the short time I was on it, then did a quick scan again with nothing showing up. Other than scanning the computer a few extra times in the next few days, anything else I need to do.

ComboFix Log:

ComboFix 12-05-24.03 - User 05/24/2012 20:43:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1569 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}
c:\documents and settings\User\Local Settings\Application Data\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}\@
c:\documents and settings\User\Local Settings\Application Data\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}\n
c:\windows\Installer\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}
c:\windows\Installer\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}\@
c:\windows\Installer\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}\n
c:\windows\Installer\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}\U\00000001.@
c:\windows\Installer\{3160e81c-cc5e-d824-2f0a-38ab5f00b9ce}\U\800000cb.@
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-23 21:08 . 2012-05-25 01:28 -------- d-----w- C:\sh4ldr
2012-05-23 21:08 . 2012-05-23 21:08 -------- d-----w- c:\program files\Enigma Software Group
2012-05-23 21:07 . 2012-05-25 01:28 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-23 21:07 . 2012-05-23 21:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-23 00:06 . 2012-05-23 00:07 -------- d-----w- c:\documents and settings\Administrator
2012-05-21 17:22 . 2012-05-25 01:30 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-21 17:22 . 2012-05-21 17:22 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-05-21 17:19 . 2012-05-21 17:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2012-05-20 08:34 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E0E465A-92D1-46F7-A19A-EFA3AC48B3B1}\mpengine.dll
2012-05-20 02:29 . 2012-05-20 02:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-20 01:49 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 01:28 . 2012-02-24 21:57 1409 ----a-w- c:\windows\QTFont.for
2012-05-20 02:27 . 2012-04-23 00:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 02:27 . 2012-01-31 07:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2007-07-27 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2007-07-27 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2012-02-01 05:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44 . 2011-04-18 21:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\documents and settings\User\Application Data\Spotify\Spotify.exe" [2012-05-12 9478320]
"Spotify Web Helper"="c:\documents and settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-12 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-02-04 77824]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [6/3/2003 6:52 PM 123957]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [6/3/2003 6:52 PM 46900]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 7:32 PM 394672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1993962763-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 07:21]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1993962763-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 07:21]
.
2012-05-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
AddRemove-{3BA50C09-CC50-469E-A183-01F5EA1AA532} - c:\documents and settings\All Users\Application Data\{30FBED0A-EAD7-4352-AEBB-39599213718B}\WeatherBugSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\sxs.dll
.
Completion time: 2012-05-24 20:51:45
ComboFix-quarantined-files.txt 2012-05-25 01:51
.
Pre-Run: 124,164,935,680 bytes free
Post-Run: 124,905,689,088 bytes free
.
- - End Of File - - AA267A92A06E16D581461705412F454D

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 25 May 2012 - 08:08 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Brian S

Brian S
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 May 2012 - 01:21 PM

No issues with running either program. Logs are below.

TDSS Killer:


12:32:11.0156 3476 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
12:32:11.0484 3476 ============================================================
12:32:11.0484 3476 Current date / time: 2012/05/25 12:32:11.0484
12:32:11.0484 3476 SystemInfo:
12:32:11.0484 3476
12:32:11.0484 3476 OS Version: 5.1.2600 ServicePack: 3.0
12:32:11.0484 3476 Product type: Workstation
12:32:11.0484 3476 ComputerName: D946GZ
12:32:11.0484 3476 UserName: User
12:32:11.0484 3476 Windows directory: C:\WINDOWS
12:32:11.0484 3476 System windows directory: C:\WINDOWS
12:32:11.0484 3476 Processor architecture: Intel x86
12:32:11.0484 3476 Number of processors: 2
12:32:11.0484 3476 Page size: 0x1000
12:32:11.0484 3476 Boot type: Normal boot
12:32:11.0484 3476 ============================================================
12:32:13.0328 3476 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:32:13.0484 3476 Drive \Device\Harddisk1\DR2 - Size: 0x7D800000 (1.96 Gb), SectorSize: 0x200, Cylinders: 0xFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:32:13.0484 3476 ============================================================
12:32:13.0484 3476 \Device\Harddisk0\DR0:
12:32:13.0484 3476 MBR partitions:
12:32:13.0484 3476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:32:13.0484 3476 \Device\Harddisk1\DR2:
12:32:13.0484 3476 MBR partitions:
12:32:13.0484 3476 ============================================================
12:32:13.0546 3476 C: <-> \Device\Harddisk0\DR0\Partition0
12:32:13.0546 3476 ============================================================
12:32:13.0546 3476 Initialize success
12:32:13.0546 3476 ============================================================
12:32:25.0859 3596 ============================================================
12:32:25.0859 3596 Scan started
12:32:25.0859 3596 Mode: Manual;
12:32:25.0859 3596 ============================================================
12:32:26.0171 3596 Abiosdsk - ok
12:32:26.0171 3596 abp480n5 - ok
12:32:26.0187 3596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:32:26.0187 3596 ACPI - ok
12:32:26.0218 3596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:32:26.0218 3596 ACPIEC - ok
12:32:26.0218 3596 adpu160m - ok
12:32:26.0234 3596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:32:26.0250 3596 aec - ok
12:32:26.0281 3596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:32:26.0281 3596 AFD - ok
12:32:26.0281 3596 Aha154x - ok
12:32:26.0296 3596 aic78u2 - ok
12:32:26.0296 3596 aic78xx - ok
12:32:26.0328 3596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:32:26.0328 3596 Alerter - ok
12:32:26.0343 3596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:32:26.0343 3596 ALG - ok
12:32:26.0343 3596 AliIde - ok
12:32:26.0343 3596 amsint - ok
12:32:26.0375 3596 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:32:26.0390 3596 AppMgmt - ok
12:32:26.0390 3596 asc - ok
12:32:26.0406 3596 asc3350p - ok
12:32:26.0406 3596 asc3550 - ok
12:32:26.0500 3596 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:32:26.0531 3596 aspnet_state - ok
12:32:26.0562 3596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:32:26.0562 3596 AsyncMac - ok
12:32:26.0562 3596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:32:26.0562 3596 atapi - ok
12:32:26.0578 3596 Atdisk - ok
12:32:26.0609 3596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:32:26.0625 3596 Atmarpc - ok
12:32:26.0656 3596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:32:26.0656 3596 AudioSrv - ok
12:32:26.0687 3596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:32:26.0687 3596 audstub - ok
12:32:26.0718 3596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:32:26.0718 3596 Beep - ok
12:32:26.0765 3596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:32:26.0812 3596 BITS - ok
12:32:26.0843 3596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:32:26.0843 3596 Browser - ok
12:32:26.0921 3596 catchme - ok
12:32:26.0953 3596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:32:26.0953 3596 cbidf2k - ok
12:32:27.0015 3596 CCALib8 (359e5a91d26d0439933bef1c29cedef7) C:\Program Files\Canon\CAL\CALMAIN.exe
12:32:27.0015 3596 CCALib8 - ok
12:32:27.0015 3596 cd20xrnt - ok
12:32:27.0031 3596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:32:27.0031 3596 Cdaudio - ok
12:32:27.0046 3596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:32:27.0046 3596 Cdfs - ok
12:32:27.0062 3596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:32:27.0062 3596 Cdrom - ok
12:32:27.0062 3596 Changer - ok
12:32:27.0093 3596 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:32:27.0093 3596 CiSvc - ok
12:32:27.0125 3596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:32:27.0125 3596 ClipSrv - ok
12:32:27.0187 3596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:32:27.0218 3596 clr_optimization_v2.0.50727_32 - ok
12:32:27.0234 3596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:32:27.0265 3596 clr_optimization_v4.0.30319_32 - ok
12:32:27.0265 3596 CmdIde - ok
12:32:27.0265 3596 COMSysApp - ok
12:32:27.0265 3596 Cpqarray - ok
12:32:27.0296 3596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:32:27.0312 3596 CryptSvc - ok
12:32:27.0312 3596 dac2w2k - ok
12:32:27.0312 3596 dac960nt - ok
12:32:27.0328 3596 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
12:32:27.0328 3596 DcCam - ok
12:32:27.0343 3596 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
12:32:27.0343 3596 DcFpoint - ok
12:32:27.0375 3596 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
12:32:27.0375 3596 DCFS2K - ok
12:32:27.0375 3596 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
12:32:27.0375 3596 DcLps - ok
12:32:27.0421 3596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:32:27.0437 3596 DcomLaunch - ok
12:32:27.0437 3596 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
12:32:27.0437 3596 DcPTP - ok
12:32:27.0484 3596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:32:27.0484 3596 Dhcp - ok
12:32:27.0515 3596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:32:27.0515 3596 Disk - ok
12:32:27.0515 3596 dmadmin - ok
12:32:27.0578 3596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:32:27.0625 3596 dmboot - ok
12:32:27.0640 3596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:32:27.0640 3596 dmio - ok
12:32:27.0656 3596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:32:27.0656 3596 dmload - ok
12:32:27.0671 3596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:32:27.0671 3596 dmserver - ok
12:32:27.0671 3596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:32:27.0671 3596 DMusic - ok
12:32:27.0703 3596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:32:27.0703 3596 Dnscache - ok
12:32:27.0750 3596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:32:27.0750 3596 Dot3svc - ok
12:32:27.0750 3596 dpti2o - ok
12:32:27.0781 3596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:32:27.0781 3596 drmkaud - ok
12:32:27.0812 3596 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:32:27.0812 3596 E100B - ok
12:32:27.0843 3596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:32:27.0843 3596 EapHost - ok
12:32:27.0859 3596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:32:27.0859 3596 ERSvc - ok
12:32:27.0875 3596 esgiguard - ok
12:32:27.0921 3596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:32:27.0921 3596 Eventlog - ok
12:32:27.0968 3596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:32:27.0968 3596 EventSystem - ok
12:32:27.0984 3596 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
12:32:27.0984 3596 Exportit - ok
12:32:28.0000 3596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:32:28.0000 3596 Fastfat - ok
12:32:28.0031 3596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:32:28.0046 3596 FastUserSwitchingCompatibility - ok
12:32:28.0046 3596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:32:28.0046 3596 Fdc - ok
12:32:28.0062 3596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:32:28.0062 3596 Fips - ok
12:32:28.0062 3596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:32:28.0062 3596 Flpydisk - ok
12:32:28.0093 3596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:32:28.0093 3596 FltMgr - ok
12:32:28.0203 3596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:32:28.0203 3596 FontCache3.0.0.0 - ok
12:32:28.0203 3596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:32:28.0203 3596 Fs_Rec - ok
12:32:28.0218 3596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:32:28.0218 3596 Ftdisk - ok
12:32:28.0250 3596 GearAspiWDM (c33f253f50dec8c8119f67bcde831f13) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
12:32:28.0265 3596 GearAspiWDM - ok
12:32:28.0265 3596 GEARSecurity (17b77d83c53ae007c11ed811d992e727) C:\WINDOWS\System32\GEARSec.exe
12:32:28.0265 3596 GEARSecurity - ok
12:32:28.0281 3596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:32:28.0281 3596 Gpc - ok
12:32:28.0312 3596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:32:28.0312 3596 HDAudBus - ok
12:32:28.0359 3596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:32:28.0359 3596 helpsvc - ok
12:32:28.0375 3596 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:32:28.0375 3596 HidServ - ok
12:32:28.0390 3596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:32:28.0390 3596 hidusb - ok
12:32:28.0421 3596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:32:28.0421 3596 hkmsvc - ok
12:32:28.0421 3596 hpn - ok
12:32:28.0468 3596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:32:28.0500 3596 HTTP - ok
12:32:28.0546 3596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:32:28.0546 3596 HTTPFilter - ok
12:32:28.0546 3596 i2omgmt - ok
12:32:28.0546 3596 i2omp - ok
12:32:28.0562 3596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:32:28.0562 3596 i8042prt - ok
12:32:28.0859 3596 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:32:29.0000 3596 ialm - ok
12:32:29.0109 3596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:32:29.0156 3596 idsvc - ok
12:32:29.0218 3596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:32:29.0218 3596 Imapi - ok
12:32:29.0265 3596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:32:29.0281 3596 ImapiService - ok
12:32:29.0281 3596 ini910u - ok
12:32:29.0531 3596 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:32:29.0656 3596 IntcAzAudAddService - ok
12:32:29.0687 3596 IntelIde - ok
12:32:29.0703 3596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:32:29.0718 3596 intelppm - ok
12:32:29.0718 3596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:32:29.0718 3596 Ip6Fw - ok
12:32:29.0750 3596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:32:29.0750 3596 IpFilterDriver - ok
12:32:29.0765 3596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:32:29.0765 3596 IpInIp - ok
12:32:29.0781 3596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:32:29.0781 3596 IpNat - ok
12:32:29.0796 3596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:32:29.0796 3596 IPSec - ok
12:32:29.0812 3596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:32:29.0812 3596 IRENUM - ok
12:32:29.0828 3596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:32:29.0828 3596 isapnp - ok
12:32:29.0828 3596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:32:29.0828 3596 Kbdclass - ok
12:32:29.0828 3596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:32:29.0828 3596 kbdhid - ok
12:32:29.0875 3596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:32:29.0875 3596 kmixer - ok
12:32:30.0000 3596 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
12:32:30.0000 3596 Kodak AiO Network Discovery Service - ok
12:32:30.0046 3596 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe
12:32:30.0046 3596 KodakCCS - ok
12:32:30.0078 3596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:32:30.0078 3596 KSecDD - ok
12:32:30.0078 3596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:32:30.0093 3596 lanmanserver - ok
12:32:30.0125 3596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:32:30.0125 3596 lanmanworkstation - ok
12:32:30.0125 3596 lbrtfdc - ok
12:32:30.0171 3596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:32:30.0171 3596 LmHosts - ok
12:32:30.0187 3596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:32:30.0187 3596 Messenger - ok
12:32:30.0203 3596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:32:30.0203 3596 mnmdd - ok
12:32:30.0234 3596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:32:30.0234 3596 mnmsrvc - ok
12:32:30.0250 3596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:32:30.0250 3596 Modem - ok
12:32:30.0265 3596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:32:30.0265 3596 Mouclass - ok
12:32:30.0296 3596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:32:30.0296 3596 mouhid - ok
12:32:30.0312 3596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:32:30.0312 3596 MountMgr - ok
12:32:30.0343 3596 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:32:30.0359 3596 MpFilter - ok
12:32:30.0468 3596 MpKsl53080530 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EBDAB3A-B111-4364-A030-B3D43F2ABCE5}\MpKsl53080530.sys
12:32:30.0468 3596 MpKsl53080530 - ok
12:32:30.0484 3596 mraid35x - ok
12:32:30.0515 3596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:32:30.0515 3596 MRxDAV - ok
12:32:30.0562 3596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:32:30.0578 3596 MRxSmb - ok
12:32:30.0593 3596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:32:30.0593 3596 MSDTC - ok
12:32:30.0609 3596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:32:30.0609 3596 Msfs - ok
12:32:30.0609 3596 MSIServer - ok
12:32:30.0640 3596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:32:30.0640 3596 MSKSSRV - ok
12:32:30.0656 3596 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:32:30.0656 3596 MsMpSvc - ok
12:32:30.0671 3596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:32:30.0671 3596 MSPCLOCK - ok
12:32:30.0671 3596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:32:30.0671 3596 MSPQM - ok
12:32:30.0703 3596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:32:30.0703 3596 mssmbios - ok
12:32:30.0734 3596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:32:30.0734 3596 Mup - ok
12:32:30.0765 3596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:32:30.0781 3596 napagent - ok
12:32:30.0796 3596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:32:30.0796 3596 NDIS - ok
12:32:30.0828 3596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:32:30.0828 3596 NdisTapi - ok
12:32:30.0828 3596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:32:30.0828 3596 Ndisuio - ok
12:32:30.0843 3596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:32:30.0843 3596 NdisWan - ok
12:32:30.0859 3596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:32:30.0859 3596 NDProxy - ok
12:32:30.0859 3596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:32:30.0859 3596 NetBIOS - ok
12:32:30.0875 3596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:32:30.0875 3596 NetBT - ok
12:32:30.0906 3596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:32:30.0906 3596 NetDDE - ok
12:32:30.0906 3596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:32:30.0921 3596 NetDDEdsdm - ok
12:32:30.0937 3596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:32:30.0937 3596 Netlogon - ok
12:32:30.0968 3596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:32:31.0015 3596 Netman - ok
12:32:31.0093 3596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:32:31.0093 3596 NetTcpPortSharing - ok
12:32:31.0125 3596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:32:31.0171 3596 Nla - ok
12:32:31.0187 3596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:32:31.0187 3596 Npfs - ok
12:32:31.0234 3596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:32:31.0281 3596 Ntfs - ok
12:32:31.0312 3596 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
12:32:31.0312 3596 NTIDrvr - ok
12:32:31.0312 3596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:32:31.0328 3596 NtLmSsp - ok
12:32:31.0375 3596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:32:31.0437 3596 NtmsSvc - ok
12:32:31.0453 3596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:32:31.0453 3596 Null - ok
12:32:31.0484 3596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:32:31.0484 3596 NwlnkFlt - ok
12:32:31.0500 3596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:32:31.0500 3596 NwlnkFwd - ok
12:32:31.0562 3596 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:32:31.0562 3596 ose - ok
12:32:31.0593 3596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:32:31.0593 3596 Parport - ok
12:32:31.0609 3596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:32:31.0609 3596 PartMgr - ok
12:32:31.0640 3596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:32:31.0640 3596 ParVdm - ok
12:32:31.0656 3596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:32:31.0671 3596 PCI - ok
12:32:31.0671 3596 PCIDump - ok
12:32:31.0687 3596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:32:31.0687 3596 PCIIde - ok
12:32:31.0703 3596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:32:31.0703 3596 Pcmcia - ok
12:32:31.0703 3596 PDCOMP - ok
12:32:31.0703 3596 PDFRAME - ok
12:32:31.0718 3596 PDRELI - ok
12:32:31.0718 3596 PDRFRAME - ok
12:32:31.0718 3596 perc2 - ok
12:32:31.0718 3596 perc2hib - ok
12:32:31.0765 3596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:32:31.0765 3596 PlugPlay - ok
12:32:31.0765 3596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:32:31.0765 3596 PolicyAgent - ok
12:32:31.0796 3596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:32:31.0796 3596 PptpMiniport - ok
12:32:31.0828 3596 PQIMount (2c4c21f42a50bec51c50e1674e590a57) C:\WINDOWS\system32\drivers\PQIMount.sys
12:32:31.0890 3596 PQIMount - ok
12:32:31.0906 3596 PQV2i (6a566d0f05a23bc9491b3440945c50a2) C:\WINDOWS\system32\drivers\PQV2i.sys
12:32:32.0015 3596 PQV2i - ok
12:32:32.0015 3596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:32:32.0015 3596 ProtectedStorage - ok
12:32:32.0031 3596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:32:32.0031 3596 PSched - ok
12:32:32.0046 3596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:32:32.0046 3596 Ptilink - ok
12:32:32.0062 3596 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:32:32.0062 3596 PxHelp20 - ok
12:32:32.0062 3596 ql1080 - ok
12:32:32.0062 3596 Ql10wnt - ok
12:32:32.0062 3596 ql12160 - ok
12:32:32.0078 3596 ql1240 - ok
12:32:32.0078 3596 ql1280 - ok
12:32:32.0078 3596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:32:32.0078 3596 RasAcd - ok
12:32:32.0109 3596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:32:32.0109 3596 RasAuto - ok
12:32:32.0109 3596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:32:32.0125 3596 Rasl2tp - ok
12:32:32.0156 3596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:32:32.0156 3596 RasMan - ok
12:32:32.0171 3596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:32:32.0171 3596 RasPppoe - ok
12:32:32.0187 3596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:32:32.0187 3596 Raspti - ok
12:32:32.0187 3596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:32:32.0203 3596 Rdbss - ok
12:32:32.0203 3596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:32:32.0203 3596 RDPCDD - ok
12:32:32.0218 3596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:32:32.0218 3596 rdpdr - ok
12:32:32.0250 3596 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:32:32.0250 3596 RDPWD - ok
12:32:32.0281 3596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:32:32.0281 3596 RDSessMgr - ok
12:32:32.0312 3596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:32:32.0312 3596 redbook - ok
12:32:32.0343 3596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:32:32.0343 3596 RemoteAccess - ok
12:32:32.0375 3596 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:32:32.0375 3596 RemoteRegistry - ok
12:32:32.0375 3596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:32:32.0375 3596 RpcLocator - ok
12:32:32.0421 3596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:32:32.0421 3596 RpcSs - ok
12:32:32.0468 3596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:32:32.0468 3596 RSVP - ok
12:32:32.0500 3596 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:32:32.0500 3596 RTLE8023xp - ok
12:32:32.0515 3596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:32:32.0515 3596 SamSs - ok
12:32:32.0531 3596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:32:32.0546 3596 SCardSvr - ok
12:32:32.0562 3596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:32:32.0562 3596 Schedule - ok
12:32:32.0578 3596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:32:32.0578 3596 Secdrv - ok
12:32:32.0593 3596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:32:32.0593 3596 seclogon - ok
12:32:32.0593 3596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:32:32.0593 3596 SENS - ok
12:32:32.0609 3596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:32:32.0609 3596 serenum - ok
12:32:32.0625 3596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:32:32.0625 3596 Serial - ok
12:32:32.0640 3596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:32:32.0640 3596 Sfloppy - ok
12:32:32.0687 3596 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:32:32.0687 3596 SharedAccess - ok
12:32:32.0734 3596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:32:32.0734 3596 ShellHWDetection - ok
12:32:32.0734 3596 Simbad - ok
12:32:32.0750 3596 Sparrow - ok
12:32:32.0781 3596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:32:32.0781 3596 splitter - ok
12:32:32.0812 3596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:32:32.0812 3596 Spooler - ok
12:32:32.0859 3596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:32:32.0859 3596 sr - ok
12:32:32.0890 3596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:32:32.0937 3596 srservice - ok
12:32:32.0968 3596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:32:32.0968 3596 Srv - ok
12:32:33.0000 3596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:32:33.0015 3596 SSDPSRV - ok
12:32:33.0015 3596 STacSV - ok
12:32:33.0093 3596 STHDA (8e70f2575740232409b03dd86a255043) C:\WINDOWS\system32\drivers\sthda.sys
12:32:33.0109 3596 STHDA - ok
12:32:33.0156 3596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:32:33.0156 3596 stisvc - ok
12:32:33.0234 3596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:32:33.0234 3596 swenum - ok
12:32:33.0250 3596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:32:33.0250 3596 swmidi - ok
12:32:33.0250 3596 SwPrv - ok
12:32:33.0250 3596 symc810 - ok
12:32:33.0250 3596 symc8xx - ok
12:32:33.0250 3596 sym_hi - ok
12:32:33.0265 3596 sym_u3 - ok
12:32:33.0265 3596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:32:33.0265 3596 sysaudio - ok
12:32:33.0296 3596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:32:33.0296 3596 SysmonLog - ok
12:32:33.0328 3596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:32:33.0359 3596 TapiSrv - ok
12:32:33.0406 3596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:32:33.0421 3596 Tcpip - ok
12:32:33.0453 3596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:32:33.0453 3596 TDPIPE - ok
12:32:33.0453 3596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:32:33.0453 3596 TDTCP - ok
12:32:33.0468 3596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:32:33.0484 3596 TermDD - ok
12:32:33.0515 3596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:32:33.0515 3596 TermService - ok
12:32:33.0546 3596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:32:33.0546 3596 Themes - ok
12:32:33.0562 3596 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
12:32:33.0562 3596 tifsfilter - ok
12:32:33.0593 3596 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
12:32:33.0593 3596 timounter - ok
12:32:33.0609 3596 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:32:33.0625 3596 TlntSvr - ok
12:32:33.0625 3596 TosIde - ok
12:32:33.0625 3596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:32:33.0625 3596 TrkWks - ok
12:32:33.0640 3596 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
12:32:33.0656 3596 UBHelper - ok
12:32:33.0671 3596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:32:33.0671 3596 Udfs - ok
12:32:33.0671 3596 ultra - ok
12:32:33.0703 3596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:32:33.0718 3596 Update - ok
12:32:33.0734 3596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:32:33.0750 3596 upnphost - ok
12:32:33.0750 3596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:32:33.0765 3596 UPS - ok
12:32:33.0781 3596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:32:33.0781 3596 usbccgp - ok
12:32:33.0796 3596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:32:33.0796 3596 usbehci - ok
12:32:33.0812 3596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:32:33.0812 3596 usbhub - ok
12:32:33.0828 3596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:32:33.0828 3596 usbprint - ok
12:32:33.0843 3596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:32:33.0843 3596 usbscan - ok
12:32:33.0843 3596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:32:33.0859 3596 USBSTOR - ok
12:32:33.0875 3596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:32:33.0875 3596 usbuhci - ok
12:32:34.0000 3596 V2i Protector (d04b0e50847104007979a57fc3115899) C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
12:32:34.0046 3596 V2i Protector - ok
12:32:34.0062 3596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:32:34.0062 3596 VgaSave - ok
12:32:34.0062 3596 ViaIde - ok
12:32:34.0062 3596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:32:34.0062 3596 VolSnap - ok
12:32:34.0109 3596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:32:34.0140 3596 VSS - ok
12:32:34.0203 3596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:32:34.0218 3596 W32Time - ok
12:32:34.0218 3596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:32:34.0218 3596 Wanarp - ok
12:32:34.0234 3596 WDICA - ok
12:32:34.0265 3596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:32:34.0265 3596 wdmaud - ok
12:32:34.0312 3596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:32:34.0312 3596 WebClient - ok
12:32:34.0390 3596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:32:34.0390 3596 winmgmt - ok
12:32:34.0421 3596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:32:34.0437 3596 WmdmPmSN - ok
12:32:34.0484 3596 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:32:34.0484 3596 Wmi - ok
12:32:34.0484 3596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:32:34.0500 3596 WmiApSrv - ok
12:32:34.0578 3596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:32:34.0609 3596 WMPNetworkSvc - ok
12:32:34.0765 3596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:32:34.0796 3596 WPFFontCache_v0400 - ok
12:32:34.0859 3596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:32:34.0859 3596 WS2IFSL - ok
12:32:34.0890 3596 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:32:34.0890 3596 wscsvc - ok
12:32:34.0890 3596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:32:34.0890 3596 wuauserv - ok
12:32:34.0921 3596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:32:34.0921 3596 WudfPf - ok
12:32:34.0937 3596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:32:34.0937 3596 WudfRd - ok
12:32:34.0953 3596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:32:34.0968 3596 WudfSvc - ok
12:32:35.0000 3596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:32:35.0046 3596 WZCSVC - ok
12:32:35.0078 3596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:32:35.0078 3596 xmlprov - ok
12:32:35.0109 3596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:32:35.0437 3596 \Device\Harddisk0\DR0 - ok
12:32:35.0437 3596 MBR (0x1B8) (6afa351c8e4ca0d5796ba533b7bbbf2c) \Device\Harddisk1\DR2
12:32:42.0984 3596 \Device\Harddisk1\DR2 - ok
12:32:42.0984 3596 Boot (0x1200) (fbcc8f318b5facf7289f6a52e0207b8e) \Device\Harddisk0\DR0\Partition0
12:32:42.0984 3596 \Device\Harddisk0\DR0\Partition0 - ok
12:32:42.0984 3596 ============================================================
12:32:42.0984 3596 Scan finished
12:32:42.0984 3596 ============================================================
12:32:42.0984 2840 Detected object count: 0
12:32:42.0984 2840 Actual detected object count: 0


ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 12:36:28
-----------------------------
12:36:28.562 OS Version: Windows 5.1.2600 Service Pack 3
12:36:28.562 Number of processors: 2 586 0xF06
12:36:28.562 ComputerName: D946GZ UserName: User
12:36:29.093 Initialize success
12:48:09.234 AVAST engine defs: 12052500
12:48:39.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:48:39.156 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152627MB BusType: 3
12:48:39.156 Disk 0 MBR read successfully
12:48:39.156 Disk 0 MBR scan
12:48:39.218 Disk 0 Windows XP default MBR code
12:48:39.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
12:48:39.218 Disk 0 scanning sectors +312576705
12:48:39.296 Disk 0 scanning C:\WINDOWS\system32\drivers
12:48:52.640 Service scanning
12:49:00.359 Service MpKsl53080530 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EBDAB3A-B111-4364-A030-B3D43F2ABCE5}\MpKsl53080530.sys **LOCKED** 32
12:49:10.546 Modules scanning
12:49:14.125 Disk 0 trace - called modules:
12:49:14.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:49:14.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c1ab8]
12:49:14.140 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x8a6c59e8]
12:49:14.140 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a6fbd98]
12:49:14.625 AVAST engine scan C:\WINDOWS
12:49:30.875 AVAST engine scan C:\WINDOWS\system32
12:52:51.984 AVAST engine scan C:\WINDOWS\system32\drivers
12:53:09.328 AVAST engine scan C:\Documents and Settings\User
12:55:25.531 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
12:55:25.531 The log file has been saved successfully to "F:\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 25 May 2012 - 02:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Brian S

Brian S
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 May 2012 - 08:58 PM

No issues after running ComboFix again.

ComboFix 12-05-24.03 - User 05/25/2012 19:33:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1458 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\User\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\User\Local Settings\Temp\IadHide5.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-25 02:38 . 2012-05-25 02:38 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2012-05-25 01:59 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EBDAB3A-B111-4364-A030-B3D43F2ABCE5}\mpengine.dll
2012-05-25 01:55 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-23 21:08 . 2012-05-25 01:28 -------- d-----w- C:\sh4ldr
2012-05-23 21:08 . 2012-05-23 21:08 -------- d-----w- c:\program files\Enigma Software Group
2012-05-23 21:07 . 2012-05-25 01:28 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-23 21:07 . 2012-05-23 21:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-23 00:06 . 2012-05-23 00:07 -------- d-----w- c:\documents and settings\Administrator
2012-05-21 17:22 . 2012-05-25 01:30 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-21 17:22 . 2012-05-21 17:22 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-05-21 17:19 . 2012-05-21 17:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2012-05-20 02:29 . 2012-05-20 02:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 00:36 . 2012-02-24 21:57 1409 ----a-w- c:\windows\QTFont.for
2012-05-20 02:27 . 2012-04-23 00:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 02:27 . 2012-01-31 07:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2007-07-27 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2007-07-27 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2012-02-01 05:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44 . 2011-04-18 21:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_01.50.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 12:00 . 2012-05-25 19:06 89380 c:\windows\system32\perfc009.dat
+ 2011-12-15 18:08 . 2011-12-15 18:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-20 01:47 . 2012-05-20 01:47 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-20 01:47 . 2012-05-20 01:47 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\d0e566898e25f6b1b4cb399088d335d4\System.Xaml.Hosting.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\b9b7098a0488ac87026a0cadd2d7d972\System.Windows.Presentation.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\d8f7bf8ce78d0785e68c589c1e64a6dd\System.Web.Routing.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\79c0c2e11b29975231a4a33afcd5cc74\System.Web.DynamicData.Design.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\e5cf7be6b9deee73d674f2bc43752fed\System.Web.ApplicationServices.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\31ec874a9482ad1a99ba24ca4a6ec914\System.Web.Abstractions.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ecf399e8d134430078d35927ba352639\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\39c6c5375d1763165dd8c1623bd10668\System.ServiceModel.Channels.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c1f0119b6a48a5e5741506ad6fc03d3f\Microsoft.Workflow.Compiler.ni.exe
+ 2012-05-25 17:28 . 2012-05-25 17:28 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\ShellLib\a8f7d6f7d2d9e241782d8a059a2e0f0b\ShellLib.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-25 12:11 . 2012-05-25 12:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Kodak.Statistics\b8d1b1907c0ce462ff8358b4bcbcef30\Kodak.Statistics.ni.exe
+ 2012-05-25 17:25 . 2012-05-25 17:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\c1f383c7dffcba9f05b4ea4f82bc5589\Interop.WIA.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 98304 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\aa9e5b16e62fd9074582fac9b222ccad\Inkjet.DeviceSettings.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\8a113d17ac02d8e4285ea1db21a3f286\Inkjet.Configuration.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 52736 c:\windows\assembly\NativeImages_v2.0.50727_32\HRIntp.Interop\50e4ca1e0c19cf3c39220f92c55e81b3\HRIntp.Interop.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Helper\ffba6686c9b0230a28a76ee40a2ef5f6\Helper.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-25 12:11 . 2012-05-25 12:11 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
- 2012-05-20 01:52 . 2012-05-20 01:52 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-20 01:53 . 2012-05-20 01:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-20 01:52 . 2012-05-20 01:52 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-06 04:13 . 2012-04-06 04:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-07-27 12:00 . 2012-05-25 19:06 506042 c:\windows\system32\perfh009.dat
+ 2012-01-19 18:08 . 2012-01-19 18:08 917272 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2012-04-06 04:52 . 2012-04-06 04:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 915800 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\wpftxt_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 181096 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationHostDLL_X86.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\af016c61241c5f656987befbe2bd3877\XamlBuildTask.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\0f2ca934e561d299029ace93471f6f5d\WsatConfig.ni.exe
+ 2012-05-25 18:05 . 2012-05-25 18:05 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a5b389ddffcb10f23884f01c0e1954d9\WindowsFormsIntegration.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\9b0ac8d84952a581adf18051bb60bea1\UIAutomationClient.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\59fb92c38f1035e7b11a23fc6e82c992\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\3fc4093effe88b94c28d185979d97cbb\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\6c381bad9ad26135eb47fd9420808ae1\System.Web.RegularExpressions.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\fa6bab64629905b85451dbee37e4851f\System.Web.Extensions.Design.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\c2a4f81c13b1441b9fe7e1aacc2afb5b\System.Web.Entity.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\15492df7ca32620bec0039384b4690c6\System.Web.Entity.Design.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\a2f42d2d83d497bfb4826a172fa669c0\System.Web.DynamicData.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\d4ac742a56206e3532159cabc176fca2\System.Web.DataVisualization.Design.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9b58b34c78a2ee10db91790197269962\System.ServiceModel.Activation.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\284141392cdba7fa4b2a4668125329a9\System.ServiceModel.Routing.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6a37764b2df9b3f9c7775701027ef779\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\0c4ec58f70e0fe6e74458c35fb260e2d\System.Runtime.Caching.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 652800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\b0a7e53e8aaaca2d2ae065e85f959ff4\System.Net.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\d1699452fcccc4ac0b6e86be4ec2ed35\System.Messaging.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\d7cba8bd14e7352bc6b1f7cd35b7fd43\System.Management.Instrumentation.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\100d056c9dc360ec5a25ff227a14840b\System.IO.Log.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\5e38634854f36e1aff7500a351830427\System.IdentityModel.Selectors.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1203e60a51fe0f726fbeaf0456f938a5\System.Dynamic.ni.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\68621e2bf91028ee9da6f195cd817603\System.Drawing.Design.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\c75c07a581ad459c8474cd83aa7dabf4\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\80373cd811bf63ae93af1733a6c7e1c5\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\6fbe438983c9ca94c80d64225ad2e5ce\System.Device.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\d506d749f8876ce54d2873f821ed71d0\System.Data.Services.Design.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\950c346ef6261ecc93ced8d995914a1d\System.Data.DataSetExtensions.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\5f1677711612f8920a01bd480b5d163f\System.Configuration.Install.ni.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f7099031cfac8ec61b948bb09b07b1a1\System.ComponentModel.Composition.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\bcbd0e714127d69a895ef80afa5dfd78\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\41d68b79da934255ca82b466b93d7938\System.AddIn.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2d00f7297e070e69c1cb44b25503b1c3\System.Activities.DurableInstancing.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\0ae347a9076db27075e06a63f2123186\SMSvcHost.ni.exe
+ 2012-05-25 17:29 . 2012-05-25 17:29 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c0f724e8231a71eb4d062d4f5233ff7f\PresentationFramework.Royale.ni.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45d2307fb0898a18dec5a04ff9f8b85c\PresentationFramework.Classic.ni.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\190e1740c9b998105a47ec31df0b6f11\PresentationFramework.Luna.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\9721e2b6b8c609ca6e1cc4421fe21aab\MSBuild.ni.exe
+ 2012-05-25 17:28 . 2012-05-25 17:28 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b24e4a842267ca905660b0981e732f2f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\10d7bd563bd71306375c6887ddd9de46\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\6a85603698b482431ee32be6bbb9dc17\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\36d04a30117557a021b77148dee9b6ad\Microsoft.Build.Framework.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\d7434f17d4dc794989bbfc452830ba53\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\b1b54defb7aa37ea943d218f3adc3d02\ComSvcConfig.ni.exe
+ 2012-05-25 17:28 . 2012-05-25 17:28 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\956ba9061ea395593dd2944b60786186\AspNetMMCExt.ni.dll
+ 2012-05-25 17:24 . 2012-05-25 17:24 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-25 17:23 . 2012-05-25 17:23 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 308736 c:\windows\assembly\NativeImages_v2.0.50727_32\Windows7.DesktopInt#\d93896c2baec65a730f613c4282cba9f\Windows7.DesktopIntegration.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 643584 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\062938f0d670cf5885ea79aec01939e7\VistaBridgeLibrary.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\b69d60a684d0105a91e0c5f75df7e4e7\System.Messaging.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\e132b7190847dd66cbe65f6593c345a8\sysglobl.ni.dll
+ 2012-05-25 17:24 . 2012-05-25 17:24 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-25 17:24 . 2012-05-25 17:24 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-25 17:24 . 2012-05-25 17:24 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-25 17:23 . 2012-05-25 17:23 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 170496 c:\windows\assembly\NativeImages_v2.0.50727_32\PhotobucketNet\513a33fd4afe0e55bfcad6642b4ec11b\PhotobucketNet.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-25 17:24 . 2012-05-25 17:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 154624 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Windows\df319fb80defe4c79d4881127d5c03f1\Inkjet.Windows.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\f9f333bfeaefee248a9a3d65e166c438\Inkjet.Utilities.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\528120d87a5bbe3d0709d97017fb3217\Inkjet.Utilities.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Tray\8af0e8005d6adcc85c69b0e4cde0b7ad\Inkjet.Tray.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 977920 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Tools\04d38150acdaed40d04c8b13cdda973a\Inkjet.Tools.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 180736 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\683ccae865dd1941a8ec53c781a01bdc\Inkjet.Statistics.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 378368 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Scanning\8699ccd16e8af54c1c2261ec7bff07bb\Inkjet.Scanning.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 567296 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Scan\4e05c71ab708622430c843afda8a0e6a\Inkjet.Scan.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Printing\659b0f728fd5836bb47e7c0fdc265301\Inkjet.Printing.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 299008 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Picasa\4ee21a9df93e44df5d91a19dcc83ed86\Inkjet.Picasa.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.PhotoBucket\ee3044a31177a01423297a3c7a48d244\Inkjet.PhotoBucket.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 237056 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\a867deed9e531e58a95d0e22c8c3b382\Inkjet.Localization.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 522752 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.KodakGallery\8feae875f1dd2b7a5e7f8d92ce3418f4\Inkjet.KodakGallery.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 750080 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.IO\3b8fa95155bd3f5f7de03e2fd4d36ccf\Inkjet.IO.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 824320 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\dacff62b95a3c6a4c4792e7743787777\Inkjet.Hardware.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 163328 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Flickr\20aa9167d5d9008c1437b02afe43ded5\Inkjet.Flickr.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 162816 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Facebook\dbecefecbc78101854123be079085d4a\Inkjet.Facebook.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.EasyShare\8437b830a6f711a26fff7126e67db59b\Inkjet.EasyShare.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\549e9236099ca3eac9c3f10099019459\Inkjet.Diagnostics.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Browse\c94352a090a8a12a4054ba67ac4b5a5f\Inkjet.Browse.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 169984 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\f00a45464b25cfc9c5c5e8fb5f4c65b8\Inkjet.Automation.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 102912 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Photos\000256195e3e3ffee9e9f81613330f17\Google.GData.Photos.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 216064 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Extens#\7db01582277397799f3631f8defb61b9\Google.GData.Extensions.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 551936 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Client\a655c6d074c3390037acb72f01ced6f5\Google.GData.Client.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 372736 c:\windows\assembly\NativeImages_v2.0.50727_32\FlickrNet\75625c6199ac48163e4fbd3bd888f387\FlickrNet.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Facebook\6a9d636ab4353aac05af7d55c37b2d0b\Facebook.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 435200 c:\windows\assembly\NativeImages_v2.0.50727_32\EastmanKodakCompany#\54fe9c1ceb27e1e075a38f583f378b3d\EastmanKodakCompany.EasyShare.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-25 17:24 . 2012-05-25 17:24 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-25 17:25 . 2012-05-25 17:25 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-06 01:26 . 2012-02-06 01:26 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-19 18:08 . 2012-01-19 18:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 18:08 . 2012-01-19 18:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 18:08 . 2012-01-19 18:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 5029160 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-12-15 18:08 . 2011-12-15 18:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-25 12:15 . 2011-03-25 12:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-10-26 09:39 . 2011-10-26 09:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-07-07 11:18 . 2011-07-07 11:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-25 12:05 . 2012-05-25 12:06 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-20 01:48 . 2012-05-20 01:48 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-25 12:05 . 2012-05-25 12:05 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-20 01:47 . 2012-05-20 01:47 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-19 18:37 . 2012-01-19 18:37 8999936 c:\windows\Installer\2bef8b.msp
+ 2010-03-18 18:16 . 2010-03-18 18:16 1303896 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 6346600 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 3545952 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationCore_x86.dll
+ 2012-05-25 12:06 . 2012-05-25 12:06 3856896 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\933e8e44a2b9361822b29aae6070e2a2\WindowsBase.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2cf35797a56eba020ed629b395ad2daa\UIAutomationClientsideProviders.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\5da8f19f85c97e6a3a2a0dc257d0b327\System.WorkflowServices.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\98f298152a32f3771c76a67ee232d62c\System.Workflow.Runtime.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\da1295163d9dd38318c7d9405ed94d78\System.Workflow.ComponentModel.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\7f0934255a54a2a0cebe8dd152c72647\System.Workflow.Activities.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29675002751f30ff53d8d35d53d9f619\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll
+ 2012-05-25 18:05 . 2012-05-25 18:05 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\4edc91f0fa0ff905acbcabcd2e5f7854\System.Web.Mobile.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\157a20c673d67bd0f8e28600de870a42\System.Web.Extensions.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\38e02be6052fe6b5bea6e0812b0d5783\System.Web.DataVisualization.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 2010624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7ebd25fd0282e19eba65f4da70ab5a0b\System.Speech.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d6efd98958647b0a5b224393605f30da\System.ServiceModel.Web.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28b09f14e54a06c091073b1d3e316fb6\System.ServiceModel.Discovery.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\18d8e3f9e290217ac0c48571557c5fc3\System.ServiceModel.Activities.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\251af94314c9427595f307aa885e8987\System.Printing.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\1409dc3832b37f850569c69a795f834b\System.Management.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8d978e3524c0bd870ce63db289c4de6d\System.DirectoryServices.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\fb446c68554dea86b92a232efb137fbb\System.Deployment.ni.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\6cdfd96214b74cdf4984ae8ee076f421\System.Data.SqlXml.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\3b487559f07993f2752c0db036a82042\System.Data.Services.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\65444428f83ba9e46053e46d2341655f\System.Data.Services.Client.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c033d23b1273f660948b2d5773256518\System.Data.OracleClient.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\867ce3db3528f36121841762a19da61d\System.Data.Linq.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 1408000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\22db388405f6082f8a9403891705912b\System.Data.Entity.Design.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 7052800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\95b5ece57120cb7363e69e5fbd4616b7\System.Activities.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\07235f805d53920f5ffc3c9ecd96f69a\System.Activities.Presentation.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 1544192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\f0c4476258c5336a3d950e588fbeb853\System.Activities.Core.Presentation.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 2904576 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6e0842ab7fd23a744a82f3afdee39cfd\ReachFramework.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\668da716f8830ae35cbe97b63126a720\PresentationUI.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1478144 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\a9ce167b63b51be01900e93e4ada5f2f\PresentationBuildTasks.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ea8618fd346aa17b909cd8700d7218d8\Microsoft.VisualBasic.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\459266325d72d918e7fd279f95bfe83e\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\434583d8e633570da52da83faea4a758\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\50ca1cf4491136871b732062c412bad0\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\78e5704cfbbec26947e2e1ff07f647bf\Microsoft.JScript.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9c3ba92c4fce8efd41b59a0243415408\Microsoft.CSharp.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 4243456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\88db74e692bdaca666bdcf3f4e30b3f1\Microsoft.Build.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\256534e4eee640978f41ad6b7050220b\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1929216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\fda8ded0b4047a590e4ab17af42c2cfc\Microsoft.Build.Engine.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-25 17:28 . 2012-05-25 17:28 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7afb1abdbb8ba32cf578ff8ea4e45d99\System.Data.OracleClient.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-25 17:27 . 2012-05-25 17:27 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ca63096c1ecf977f509e2a565f4bcdac\System.Data.Entity.ni.dll
+ 2012-05-25 17:23 . 2012-05-25 17:23 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4ff6600c1fd3415ef0b058cf28814cb6\PresentationBuildTasks.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1761792 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\305bc3cd35a0bdebf52768e2e512975b\Newtonsoft.Json.Net20.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 2437632 c:\windows\assembly\NativeImages_v2.0.50727_32\NetworkPrinterDisco#\5bc5f031704b4831f24736ab1cff6981\NetworkPrinterDiscovery.ni.exe
+ 2012-05-25 17:26 . 2012-05-25 17:26 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-25 17:24 . 2012-05-25 17:24 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1248256 c:\windows\assembly\NativeImages_v2.0.50727_32\KodakAiOUpdater\2c1e20e96183298dcfda4acaefc29764\KodakAiOUpdater.ni.exe
+ 2012-05-25 17:26 . 2012-05-25 17:26 1178624 c:\windows\assembly\NativeImages_v2.0.50727_32\InkjetCore\7bce0c8df5a3b8af99669624ef14fc11\InkjetCore.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 1190912 c:\windows\assembly\NativeImages_v2.0.50727_32\InkjetCore\48429e8af338015c5bafef75ee99cf25\InkjetCore.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1532416 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Editing\b7d27aefaf1618bfc508ba7834ee8525\Inkjet.Editing.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 1218048 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Destination\7d57cdccf19e1f79b91a0e8f63219f73\Inkjet.Destination.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 1177600 c:\windows\assembly\NativeImages_v2.0.50727_32\idrskrn_net14\2cdfb45541b62e5a6bf6dce7d81c2cb6\idrskrn_net14.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 3761152 c:\windows\assembly\NativeImages_v2.0.50727_32\CommonControls\4a6542d3da39e46b730081bd0dc230e3\CommonControls.ni.dll
+ 2012-05-25 17:25 . 2012-05-25 17:25 3764224 c:\windows\assembly\NativeImages_v2.0.50727_32\CommonControls\3be38152b4bb268672a93e64fb54c333\CommonControls.ni.dll
+ 2012-05-25 17:26 . 2012-05-25 17:26 3207680 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOPrinterTools\bc999cc5be44f45248720baa808e42b1\AiOPrinterTools.ni.exe
+ 2012-05-25 17:26 . 2012-05-25 17:26 1059328 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOHostDirector\d825a2dd3d76db8450df86af2fa24161\AiOHostDirector.ni.exe
+ 2012-05-25 17:25 . 2012-05-25 17:25 1874944 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOHomeCenter\ca166eb1be4697b77d1c04e910478431\AiOHomeCenter.ni.exe
+ 2012-05-25 12:04 . 2012-05-25 12:04 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-12 13:55 . 2012-02-12 13:55 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-20 01:52 . 2012-05-20 01:52 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-25 12:09 . 2012-05-25 12:09 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-20 01:53 . 2012-05-20 01:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-12 14:01 . 2012-05-25 12:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-12 14:01 . 2012-05-20 01:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-05 23:44 . 2012-04-27 01:08 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 07:12 . 2012-04-06 07:12 15709696 c:\windows\Installer\2bef9e.msp
+ 2012-01-04 07:25 . 2012-01-04 07:25 17751552 c:\windows\Installer\2bef97.msp
+ 2012-04-06 08:13 . 2012-04-06 08:13 16527872 c:\windows\Installer\2bef7f.msp
+ 2011-12-15 18:40 . 2011-12-15 18:40 23374336 c:\windows\Installer\2bef74.msp
+ 2012-05-25 12:03 . 2012-05-25 12:03 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll
+ 2012-05-25 17:29 . 2012-05-25 17:29 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\e9f1e1c33ec639a0945a6a4f2458b7b4\System.Web.ni.dll
+ 2012-05-25 18:04 . 2012-05-25 18:04 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
+ 2012-05-25 12:04 . 2012-05-25 12:04 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\51dfa58af4a59e4af2a4c2363246af21\System.Design.ni.dll
+ 2012-05-25 18:03 . 2012-05-25 18:03 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\65d0d6f4cdbc47ecd5cce9e959827fe8\System.Data.Entity.ni.dll
+ 2012-05-25 12:07 . 2012-05-25 12:07 17998848 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\52f7c62736eb9b6370632e7eb99bec83\PresentationFramework.ni.dll
+ 2012-05-25 12:07 . 2012-05-25 12:07 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9eebaf24f66d6f75e35bb3df6af1c9aa\PresentationCore.ni.dll
+ 2012-05-25 12:03 . 2012-05-25 12:03 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-25 17:24 . 2012-05-25 17:24 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-25 17:22 . 2012-05-25 17:22 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-25 12:12 . 2012-05-25 12:12 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-25 12:11 . 2012-05-25 12:11 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-25 12:10 . 2012-05-25 12:10 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-02-04 77824]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [6/3/2003 6:52 PM 123957]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [6/3/2003 6:52 PM 46900]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 7:32 PM 394672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1993962763-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 07:21]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1993962763-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 07:21]
.
2012-05-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-25 19:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 00:40
ComboFix2.txt 2012-05-25 01:51
.
Pre-Run: 123,482,927,104 bytes free
Post-Run: 123,671,285,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7F71BA967EE5AEEFD8DDCEB669688B57

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 26 May 2012 - 01:27 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 13 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:32 AM

Posted 28 May 2012 - 11:16 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Brian S

Brian S
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 May 2012 - 04:50 PM

I had limited access to my computer this past weekend. Ran the first two steps of the instructions. MBAM scan started, but not completed. Should complete either tonight or tomorrow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users