Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/sirefef.y problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 chinn29

chinn29

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 12 June 2012 - 04:47 PM

Hello Everybody,
Can you please help with the infection some tools detect them and remove but not completely they keep popping up every 5 mins and shutsdown.
I really dont want to reinstall os...

Thanks In Advance!
Chinn

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 13 June 2012 - 12:22 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 15 June 2012 - 11:34 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 chinn29

chinn29
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 17 June 2012 - 06:43 AM

sorry i was out didnt have to access to my computer i am going to send you the logs asap

#5 chinn29

chinn29
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 17 June 2012 - 07:02 AM

Hi,

Here are the logs...
CHECKUP.TXT
Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
__________________________________________________________________________________

DDS.TXT


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 7:49:53 on 2012-06-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.1689 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - No File
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - C:\Program Files (x86)\DoNotTrackPlus\ScriptHost.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [Adobe] rundll32.exe "C:\Users\Administrator\AppData\Local\ElevatedDiagnostics\Adobe\kvxkbvndz.dll",CreateInstance
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
dRun: [Adobe] rundll32.exe "C:\Users\Administrator\AppData\Local\ElevatedDiagnostics\Adobe\kvxkbvndz.dll",CreateInstance
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files (x86)\DoNotTrackPlus\ScriptHost.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://webdeposit.ensenta.com/eztwainx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{37E8ADA0-4B4E-43DA-A650-3187294EAF9E} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - No File
BHO-X64: Do Not Track Plus: {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\ScriptHost.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ba49iwr8.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sys --> C:\Windows\system32\DRIVERS\StarPortLite.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-12 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-12 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 StarWindServiceLite;StarWind Service Lite;C:\Program Files (x86)\Rocket Division Software\StarWind Lite\StarWindServicelite.exe [2011-9-23 312320]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\system32\DRIVERS\b44amd64.sys --> C:\Windows\system32\DRIVERS\b44amd64.sys [?]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
.
=============== Created Last 30 ================
.
2012-06-17 11:30:27 -------- d-----w- C:\Users\Administrator\AppData\Local\O&O_Software_GmbH
2012-06-17 11:11:30 -------- d-----w- C:\Users\Administrator\AppData\Roaming\O&O Software GmbH
2012-06-17 11:11:30 -------- d-----w- C:\Users\Administrator\AppData\Local\O&O Software GmbH
2012-06-13 20:34:42 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft Help
2012-06-13 09:43:41 -------- d-----w- C:\Program Files\OO Software
2012-06-13 09:41:43 -------- d-----w- C:\Windows\Downloaded Installations
2012-06-13 01:41:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-13 01:34:52 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Avira
2012-06-13 01:29:25 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-13 01:29:25 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-13 01:29:24 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-12 21:40:25 -------- d-----w- C:\Users\Administrator\AppData\Local\LogMeIn Rescue Applet
2012-06-12 21:30:56 98816 ----a-w- C:\Windows\sed.exe
2012-06-12 21:30:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-12 21:30:56 256000 ----a-w- C:\Windows\PEV.exe
2012-06-12 21:30:56 208896 ----a-w- C:\Windows\MBR.exe
2012-06-12 21:05:40 -------- d-----w- C:\Users\Administrator\AppData\Local\CrashDumps
2012-06-12 19:46:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{486D7E61-DEFA-4F14-A3C1-E79C9D314BCA}\offreg.dll
2012-06-12 16:43:29 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E44E75CD-EC76-4761-AC2B-BABA1A3202F4}\gapaengine.dll
2012-06-12 16:43:23 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{486D7E61-DEFA-4F14-A3C1-E79C9D314BCA}\mpengine.dll
2012-06-12 16:42:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-12 16:36:23 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-12 16:20:10 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Digiarty
2012-06-12 16:19:47 -------- d-----w- C:\Program Files (x86)\Digiarty
2012-06-12 15:42:54 -------- d-----w- C:\Users\Administrator\AppData\Local\NPE
2012-06-12 12:29:27 -------- d-----w- C:\ProgramData\Norton
2012-06-12 09:30:10 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-12 09:30:00 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-06-11 22:35:21 424 ----a-w- C:\Clear Logs.bat
2012-06-11 22:35:21 424 ----a-w- C:\Clear EV.bat
2012-06-11 22:35:14 2663232 ----a-w- C:\CCleaner.exe
2012-06-11 21:56:36 1578288 ----a-w- C:\tdsskiller.exe
2012-06-11 21:50:12 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-11 21:47:42 7734208 ----a-w- C:\mbam-setup-1.50.1.1100.exe
2012-06-11 19:57:08 16200 ----a-w- C:\Windows\stinger.sys
2012-06-11 17:31:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-11 13:01:10 -------- d-----w- C:\ProgramData\Avira
2012-06-11 02:31:37 -------- d-----w- C:\3a6764298dc9d5bbbda9fe
2012-06-09 20:37:25 -------- d-----w- C:\Windows\pss
2012-06-07 19:41:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-07 19:16:45 -------- d-----w- C:\Program Files (x86)\stinger
2012-06-07 17:47:20 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-07 17:23:25 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-03 02:38:31 -------- d-----w- C:\ProgramData\FedEx
2012-06-03 02:32:04 2768896 ----a-w- C:\Windows\System32\FXOPDPMSV.EXE
2012-06-03 02:32:03 303104 ----a-w- C:\Windows\System32\FXOPDPM.DLL
2012-06-03 02:31:41 -------- d-----w- C:\Program Files (x86)\FedEx
2012-05-30 13:58:21 23816 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2012-05-30 13:58:20 -------- d-----w- C:\Program Files\CPUID
.
==================== Find3M ====================
.
2012-06-07 17:23:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 7:50:48.34 ===============

Attach.Zip is attatched.

Thanks In Advance!

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 17 June 2012 - 09:25 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Avira Desktop
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chinn29

chinn29
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 19 June 2012 - 09:45 AM

Hello Gringo,
Here are the combo fix logs....

ComboFix 12-06-19.01 - Administrator 06/19/2012 10:11:04.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.2142 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\ElevatedDiagnostics\Adobe\kvxkbvndz.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 14:19 . 2012-06-19 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 14:19 . 2012-06-19 14:19 -------- d-----w- c:\users\schalasani\AppData\Local\temp
2012-06-19 11:49 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38D1432-7BD2-4684-A256-37FD588B6B7E}\mpengine.dll
2012-06-17 21:32 . 2012-06-17 21:32 -------- d-----w- c:\program files (x86)\Runtime Software
2012-06-17 11:30 . 2012-06-17 11:30 -------- d-----w- c:\users\Administrator\AppData\Local\O&O_Software_GmbH
2012-06-17 11:11 . 2012-06-17 11:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\O&O Software GmbH
2012-06-17 11:11 . 2012-06-17 11:11 -------- d-----w- c:\users\Administrator\AppData\Local\O&O Software GmbH
2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\users\schalasani\AppData\Roaming\Avira
2012-06-14 04:55 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 04:55 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 04:55 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:34 . 2012-06-13 20:34 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Help
2012-06-13 09:43 . 2012-06-13 11:30 -------- d-----w- c:\program files\OO Software
2012-06-13 09:41 . 2012-06-13 09:42 -------- d-----w- c:\windows\Downloaded Installations
2012-06-13 01:34 . 2012-06-13 01:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2012-06-13 01:29 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-13 01:29 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-13 01:29 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-13 01:29 . 2012-06-13 01:29 -------- d-----w- c:\program files (x86)\Avira
2012-06-12 21:40 . 2012-06-17 11:04 -------- d-----w- c:\users\Administrator\AppData\Local\LogMeIn Rescue Applet
2012-06-12 21:05 . 2012-06-15 21:45 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2012-06-12 16:20 . 2012-06-12 16:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Digiarty
2012-06-12 16:19 . 2012-06-12 16:19 -------- d-----w- c:\program files (x86)\Digiarty
2012-06-12 15:42 . 2012-06-12 16:21 -------- d-----w- c:\users\Administrator\AppData\Local\NPE
2012-06-12 13:23 . 2012-06-12 13:23 -------- d-----w- c:\programdata\NVIDIA
2012-06-12 12:29 . 2012-06-12 15:56 -------- d-----w- c:\users\schalasani\AppData\Local\NPE
2012-06-12 12:29 . 2012-06-12 12:29 -------- d-----w- c:\programdata\Norton
2012-06-12 09:30 . 2012-06-12 09:30 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-12 09:30 . 2012-06-12 09:30 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-11 22:35 . 2011-07-31 13:48 424 ----a-w- C:\Clear Logs.bat
2012-06-11 22:35 . 2011-07-31 13:48 424 ----a-w- C:\Clear EV.bat
2012-06-11 22:35 . 2011-10-21 18:30 2663232 ----a-w- C:\CCleaner.exe
2012-06-11 21:56 . 2012-01-05 01:16 1578288 ----a-w- C:\tdsskiller.exe
2012-06-11 21:50 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 21:47 . 2011-03-04 23:48 7734208 ----a-w- C:\mbam-setup-1.50.1.1100.exe
2012-06-11 19:57 . 2012-06-11 19:57 16200 ----a-w- c:\windows\stinger.sys
2012-06-11 17:31 . 2012-06-11 17:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-11 17:21 . 2012-06-12 19:47 -------- d-----w- c:\users\schalasani\AppData\Local\LogMeIn Rescue Applet
2012-06-11 13:01 . 2012-06-13 01:29 -------- d-----w- c:\programdata\Avira
2012-06-11 02:31 . 2012-06-11 02:31 -------- d-----w- C:\3a6764298dc9d5bbbda9fe
2012-06-10 18:33 . 2012-06-10 18:33 -------- d-----w- c:\windows\Sun
2012-06-07 19:41 . 2012-06-07 19:41 -------- d-----w- c:\users\schalasani\AppData\Roaming\Malwarebytes
2012-06-07 19:41 . 2012-06-07 19:41 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 19:16 . 2012-06-11 20:14 -------- d-----w- c:\program files (x86)\stinger
2012-06-07 19:06 . 2012-06-07 19:06 -------- d-----w- c:\users\schalasani\AppData\Roaming\McAfee
2012-06-07 17:47 . 2012-06-07 17:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-07 17:23 . 2012-06-07 17:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 20:37 . 2012-06-06 20:37 -------- d-----w- c:\users\schalasani\AppData\Local\PackageAware
2012-06-03 02:38 . 2012-06-03 02:38 -------- d-----w- c:\users\schalasani\AppData\Roaming\Macrovision
2012-06-03 02:38 . 2012-06-03 02:38 -------- d-----w- c:\programdata\FedEx
2012-06-03 02:38 . 2012-06-03 02:38 -------- d-----w- c:\users\schalasani\AppData\Roaming\FedEx
2012-06-03 02:32 . 2011-02-12 23:53 2768896 ----a-w- c:\windows\system32\FXOPDPMSV.EXE
2012-06-03 02:32 . 2011-02-12 23:52 303104 ----a-w- c:\windows\system32\FXOPDPM.DLL
2012-06-03 02:32 . 2012-06-03 02:32 -------- d-----w- c:\users\schalasani\AppData\Local\Programs
2012-06-03 02:31 . 2012-06-03 02:31 -------- d-----w- c:\programdata\Macrovision
2012-06-03 02:31 . 2012-06-03 02:31 -------- d-----w- c:\program files (x86)\FedEx
2012-06-03 02:30 . 2012-06-03 02:30 -------- d-----w- c:\users\schalasani\AppData\Roaming\Downloaded Installations
2012-05-30 13:58 . 2012-03-09 14:57 23816 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-05-30 13:58 . 2012-05-30 13:58 -------- d-----w- c:\program files\CPUID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 17:23 . 2011-05-20 10:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 11:35 . 2012-05-10 21:20 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_22.08.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-17 12:59 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-04-13 02:10 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-06-17 12:59 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-13 02:10 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-06-17 12:59 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2010-10-20 19:59 . 2012-06-17 11:15 47664 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-19 14:40 41204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-17 12:59 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
+ 2012-06-17 12:59 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-04-13 02:10 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-06-17 12:59 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
- 2012-04-13 02:10 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 04:46 . 2012-06-18 19:48 87200 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-17 14:08 . 2012-06-17 14:08 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-11 03:43 . 2012-05-11 03:43 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-11 03:43 . 2012-05-11 03:43 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 03:42 . 2012-05-11 03:42 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-11 03:42 . 2012-05-11 03:42 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 11:30 . 2012-06-13 11:30 45056 c:\windows\Installer\{99D1FFD1-1EFE-4FA0-B225-5815E039BB25}\NewShortcut2_77C71F13D2E2489987B7A9A5DDDAB9D3_1.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-06-18 19:57 . 2012-06-18 19:57 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2011-01-03 23:56 . 2012-06-18 19:33 3274 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-01-03 23:56 . 2012-06-12 21:50 3274 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-01 13:53 . 2012-06-19 14:40 4528 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-329418992-3431730269-3099879791-500_UserData.bin
- 2012-06-12 21:55 . 2012-06-12 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 14:24 . 2012-06-19 14:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-12 21:55 . 2012-06-12 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-19 14:24 . 2012-06-19 14:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-17 12:59 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
- 2012-04-13 02:10 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
- 2012-04-13 02:10 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-06-17 12:59 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
- 2011-05-20 09:50 . 2011-05-20 09:50 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-06-17 12:59 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-06-17 12:59 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
- 2012-04-13 02:10 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-14 04:54 . 2012-04-24 04:36 140288 c:\windows\SysWOW64\cryptsvc.dll
+ 2012-06-14 04:54 . 2012-04-24 04:36 103936 c:\windows\SysWOW64\cryptnet.dll
+ 2010-10-24 12:43 . 2012-06-19 11:38 449930 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2012-04-13 02:10 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
+ 2012-06-17 12:59 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
- 2011-08-21 07:50 . 2010-11-20 13:27 209920 c:\windows\system32\profsvc.dll
+ 2012-06-14 04:54 . 2012-05-01 05:40 209920 c:\windows\system32\profsvc.dll
+ 2009-07-14 02:36 . 2012-06-18 19:44 627104 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-18 19:44 107420 c:\windows\system32\perfc009.dat
- 2011-01-03 16:52 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
+ 2011-01-03 16:52 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe
+ 2012-06-17 12:59 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
- 2012-04-13 02:10 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-06-17 12:59 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
- 2011-05-20 09:50 . 2011-05-20 09:50 173056 c:\windows\system32\ieUnatt.exe
- 2012-04-13 02:10 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
+ 2012-06-17 12:59 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2012-05-11 07:43 416024 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-06-18 19:38 416024 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-14 04:54 . 2012-04-28 03:55 210944 c:\windows\system32\drivers\rdpwd.sys
- 2012-03-14 06:54 . 2012-02-17 04:58 210944 c:\windows\system32\drivers\rdpwd.sys
+ 2012-06-14 04:54 . 2012-04-24 05:37 184320 c:\windows\system32\cryptsvc.dll
+ 2012-06-14 04:54 . 2012-04-24 05:37 140288 c:\windows\system32\cryptnet.dll
- 2010-10-20 03:06 . 2012-06-12 17:08 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-20 03:06 . 2012-06-17 12:46 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-19 14:20 385916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-12 21:50 385916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
- 2012-04-12 20:33 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-14 04:54 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-06-14 04:54 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-04-12 20:33 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 03:42 . 2012-05-11 03:42 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 03:42 . 2012-05-11 03:42 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-13 09:43 . 2012-06-13 09:43 341344 c:\windows\Installer\{E1EC311E-EB1A-461E-A0BE-FA796852436D}\NewShortcut1_1B77C7148529485093387D9DB12862D9.exe
+ 2012-06-13 09:43 . 2012-06-13 09:43 341344 c:\windows\Installer\{E1EC311E-EB1A-461E-A0BE-FA796852436D}\ARPPRODUCTICON.exe
+ 2012-06-13 11:30 . 2012-06-13 11:30 335872 c:\windows\Installer\{99D1FFD1-1EFE-4FA0-B225-5815E039BB25}\NewShortcut11_F5251C19DE5142039905D9C749316EF9.exe
+ 2012-06-13 11:30 . 2012-06-13 11:30 335872 c:\windows\Installer\{99D1FFD1-1EFE-4FA0-B225-5815E039BB25}\ARPPRODUCTICON.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-06-17 13:13 . 2012-06-17 13:13 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\16388554692d4234ba0a74c838a203ce\WindowsFormsIntegration.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-17 13:12 . 2012-06-17 13:12 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\84cf60f1e403f10f44055b3d319aa79c\System.ServiceProcess.ni.dll
+ 2012-06-17 13:12 . 2012-06-17 13:12 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\5f4314268d576f7c0052b9008a6830d9\System.Messaging.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-17 13:12 . 2012-06-17 13:12 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 232960 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\ecf4201949add7c9ccd7ffff5e1908ba\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 232960 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\db2b738efe91eed6c4413faf44707248\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\b3b3284d16359533332c3424e1330c5c\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 864768 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\5f2d05c838989355f9a0403f9e8cb507\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 864768 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\13f2ca7a3f3c6cf653896f76a7b167b6\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\58441b4216f3051caa7041fa1cd9476d\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-17 14:10 . 2012-06-17 14:10 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\f669d7c64bbabbc41a4dc0221b5e8fb9\Microsoft.Office.Tools.Common.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 408576 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e18ce44d37bb31b463fc0867db1e321c\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\c59f1382c1d8af5ac0cf9c2db8d21b10\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 408576 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\bc0363a67c28b425644e10315a7f243f\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\90d90e963577dcdcf1474cb98bd76781\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8cebc68d7386a2bbce781d0cefdd5bf0\Microsoft.Office.Tools.Common.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\678ef626a46ee492421c0ea4fd2a1f72\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\644f5d4e386c5f2d2602e7348cc8a4a5\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-17 13:14 . 2012-06-17 13:14 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 708608 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f120c1f17850a7b8d105f22907a09dd0\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\740410269afdf2276525e1dfd870fee8\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-06-17 13:14 . 2012-06-17 13:14 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\39817a23777554d968852971b91a4f78\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 864768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\d07b4cdc313cd1eaaf3ca1e32a1a3199\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\54ab02cb617ed9070723032361c72de6\Microsoft.Office.Tools.Common.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\42a5e49641bff019e55a8228560fc541\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\2e505ae20f0b86d1ca0eddabb49710dd\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\282f3b9bd8dc8a67787e210a9b0e78e3\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\14ae412fbc10916dda33ce1616a63cf1\Microsoft.Office.Tools.Word.ni.dll
+ 2012-06-18 19:58 . 2012-06-18 19:58 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll
+ 2012-06-18 19:58 . 2012-06-18 19:58 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll
+ 2012-06-18 19:51 . 2012-06-18 19:51 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll
+ 2012-06-18 19:51 . 2012-06-18 19:51 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll
+ 2012-06-18 19:51 . 2012-06-18 19:51 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\0101faefdcc3274ba594e7a103ec0186\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\fda2f68162063c54d2e669e85de7dfb1\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1ffef140ded6229eb2681594a992395\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cf9c858a00058974b41c67bbd68e45c4\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5947245b6dc25387730b2b53889ff7d8\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\3adbee43498cd363d94881c0a329d519\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\0a9ab5d76abfa21c86d7a85811f8e29c\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\526a33ed761cce911ff85646c4a0ec80\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\c28d0d3c7d9214d676526f0f3b5eb305\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\795e07cc078bee3396f1d946f734c871\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\167a62317f33ae61ef5d7b70ba0421c3\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\9016fe60c2398dd6c3c8d8494e1a24b5\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\877ba3d01d6bac7d76ec8a5fede67baf\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-06-18 19:53 . 2012-06-18 19:53 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\2b9aa0cd9971fff78931f901c901f1e0\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e439c12c9e047a5252fc0870a0edad57\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d7f1a24f4ab28ff9859120d65b72d688\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d06fbaf76aa0f482a687b1d065692495\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7fea6d1fd6b622644d204ebf1926088c\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\787f2a870ba9d0895455ccd8578f1a20\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\54aa66ae5ce18ece1133102c5de4a105\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\9e50f2fb3c8157aac9508d1484fca9c5\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e1a8a0ddc283db83528f343abaa74ac5\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\b70bc4c745dd9a2e5e90e46bcedfe1dc\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\78dd5caf7a28d0b1b122483818205cf0\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\51ad304ce7ae5aa72a6afdbce7661195\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\855b99be5878283866f6977c6dc556e8\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\bd371ac78fe72393b9453b10e9e99d28\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\98f7f926a9f0ad41a3773a054cc4d3a8\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
- 2012-04-12 20:33 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-14 04:54 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-17 12:59 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-06-17 12:59 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-05-10 21:21 . 2012-03-31 04:39 3913072 c:\windows\SysWOW64\ntoskrnl.exe
+ 2012-06-14 04:54 . 2012-05-04 10:03 3913072 c:\windows\SysWOW64\ntoskrnl.exe
- 2012-05-10 21:21 . 2012-03-31 04:39 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-06-14 04:54 . 2012-05-04 10:03 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-06-14 04:54 . 2012-04-07 11:26 2342400 c:\windows\SysWOW64\msi.dll
+ 2012-06-17 12:59 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-06-17 12:59 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-06-17 12:59 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-06-14 04:54 . 2012-04-24 04:36 1158656 c:\windows\SysWOW64\crypt32.dll
+ 2012-06-17 12:59 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-06-14 04:54 . 2012-05-15 01:32 3146752 c:\windows\system32\win32k.sys
+ 2012-06-17 12:59 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
- 2012-03-14 06:54 . 2012-02-17 06:38 1112064 c:\windows\system32\rdpcorets.dll
+ 2012-06-14 04:54 . 2012-04-28 05:32 1112064 c:\windows\system32\rdpcorets.dll
+ 2012-06-14 04:54 . 2012-05-04 11:06 5559664 c:\windows\system32\ntoskrnl.exe
- 2012-05-10 21:21 . 2012-03-31 06:05 5559664 c:\windows\system32\ntoskrnl.exe
+ 2012-06-14 04:54 . 2012-04-07 12:31 3216384 c:\windows\system32\msi.dll
+ 2012-06-17 12:59 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
+ 2012-06-17 12:59 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
+ 2012-06-14 04:54 . 2012-04-24 05:37 1462272 c:\windows\system32\crypt32.dll
- 2010-10-20 03:06 . 2012-06-12 17:08 2834432 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-20 03:06 . 2012-06-17 12:46 2834432 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 17:08 1687552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 12:46 1687552 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-06-18 19:47 6019579 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-05 11:01 6019579 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-15 21:23 . 2012-06-19 14:20 8857467 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329418992-3431730269-3099879791-500-12288.dat
+ 2011-06-19 15:23 . 2012-06-19 14:20 8244360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329418992-3431730269-3099879791-1000-8192.dat
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-14 04:55 . 2012-03-21 22:30 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2012-05-10 21:20 . 2012-01-04 03:34 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-08-21 07:48 . 2010-11-05 01:56 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-06-14 04:55 . 2012-03-21 22:30 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-14 04:55 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2012-05-10 21:20 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-14 04:55 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2011-08-21 07:48 . 2010-11-05 01:58 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 03:42 . 2012-05-11 03:42 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 03:42 . 2012-05-11 03:42 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 03:43 . 2012-05-11 03:43 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-17 06:58 . 2012-05-17 06:58 3462144 c:\windows\Installer\a8b6c2.msp
+ 2012-04-23 02:46 . 2012-04-23 02:46 1187328 c:\windows\Installer\a8b6ac.msp
+ 2012-03-15 18:26 . 2012-03-15 18:26 4212736 c:\windows\Installer\72521f.msp
+ 2009-11-04 20:30 . 2009-11-04 20:30 4189696 c:\windows\Installer\2edc4b7.msi
- 2011-08-23 16:38 . 2012-05-11 03:44 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-08-23 16:38 . 2012-06-17 14:13 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2011-08-23 16:38 . 2012-05-11 03:44 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-06-17 14:11 . 2012-06-17 14:11 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-17 13:12 . 2012-06-17 13:12 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\45461dd5eeff35a78d0182def45b21f7\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-17 14:13 . 2012-06-17 14:13 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-17 14:13 . 2012-06-17 14:13 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\8fce722dc334f83b7695e7f64a629986\System.Deployment.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-17 13:12 . 2012-06-17 13:12 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\201c37951ad7baf71b37fa3c55097e58\System.Activities.Presentation.ni.dll
+ 2012-06-17 14:14 . 2012-06-17 14:14 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-17 14:13 . 2012-06-17 14:13 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\32bece98175466e5a63d120d96e33269\PresentationUI.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f866554cae3c9bf97ef2fa2e90f4ebda\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\44f8907ea08f9c7ff390b17a925a98fd\Microsoft.VisualBasic.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\dae55bb5c10eddf9b20c5e25b98dd532\Microsoft.Office.Tools.Word.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8da91be67f85f2d15c39ff4857bf123e\Microsoft.Office.Tools.Word.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 1118208 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\59691253f9dc08a60936eec9e2e57f2f\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 1118208 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\3f4b4b3cdde0344b6f8e303d2fcca31d\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 2035200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\33a1ea062f5908d1bb43bccdd9530991\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-06-17 14:11 . 2012-06-17 14:11 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\2ed7eb95c4b10cc41704055129dcb76e\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\1305cb6a1d8c0f9f25b1ab38870cae3c\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-06-17 13:11 . 2012-06-17 13:11 2035200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\0d3f641a70c8cee6e691b09550d2f9dd\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-17 14:08 . 2012-06-17 14:08 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\dfa6c6e64c9d77b225322baab7a902a9\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-06-17 14:16 . 2012-06-17 14:16 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\7cfb808ac13b9432c5b771d64ff37f8d\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-06-18 19:58 . 2012-06-18 19:58 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll
+ 2012-06-18 19:51 . 2012-06-18 19:51 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll
+ 2012-06-18 19:51 . 2012-06-18 19:51 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll
+ 2012-06-18 19:51 . 2012-06-18 19:51 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll
+ 2012-06-18 19:50 . 2012-06-18 19:50 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll
+ 2012-06-18 19:50 . 2012-06-18 19:50 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-06-18 19:48 . 2012-06-18 19:48 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-06-18 19:48 . 2012-06-18 19:48 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\78d5f2d52e06f6ea47b359bf4ceb7b65\SrpUxSnapIn.ni.dll
+ 2012-06-18 19:50 . 2012-06-18 19:50 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-06-18 19:49 . 2012-06-18 19:49 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe
+ 2012-06-18 19:57 . 2012-06-18 19:57 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll
+ 2012-06-18 19:57 . 2012-06-18 19:57 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\91391297ea9428993774313f05e98dd2\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\6ecfa88a42ba7c5c3a4580cd479d0d21\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\0929a1a8f19d58cca0ff9bf5f9086dc1\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\2dace3e1a3fbdd679501e1c7c868ac3e\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll
+ 2012-06-18 19:56 . 2012-06-18 19:56 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-18 19:54 . 2012-06-18 19:54 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-18 19:46 . 2012-06-18 19:46 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-18 19:46 . 2012-06-18 19:46 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\0f05778da82962003762ac22f0ab4b91\SrpUxSnapIn.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe
+ 2012-06-18 19:53 . 2012-06-18 19:53 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-18 19:53 . 2012-06-18 19:53 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\63513a219edd166209b039f0681f1d59\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\5190887d5ed2ef28d1596fd2f48bd935\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\48c93c9b5095c25bc4fde40f25c014ea\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2db98cd03e8f4be6c6b33bee3bdbfc30\Microsoft.Office.BusinessData.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 2091520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2983eeeb5d0c013e215bf9fc069710a6\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\efbe64bfafaaaec44b5c0e487c0b2c4a\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-18 19:52 . 2012-06-18 19:52 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
- 2012-05-10 21:20 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 04:55 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 04:55 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-08-21 07:48 . 2010-11-05 01:58 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-17 12:59 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-06-18 19:33 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-05 03:22 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-17 12:59 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2011-05-20 09:54 . 2012-06-17 13:11 58957832 c:\windows\system32\MRT.exe
+ 2012-06-17 12:59 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2012-06-13 09:42 . 2012-06-13 09:42 11962880 c:\windows\Installer\28c0628.msi
+ 2012-06-13 09:41 . 2012-06-13 09:41 10619392 c:\windows\Downloaded Installations\{92F51AD7-5BD2-434E-895E-086410A02A0E}\O&O DiskRecovery.msi
+ 2012-06-13 09:42 . 2012-06-13 09:42 11962880 c:\windows\Downloaded Installations\{490C4F7F-60F3-403E-9261-4AD54A491401}\O&O DiskRecovery.msi
+ 2012-06-17 14:14 . 2012-06-17 14:14 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-17 13:12 . 2012-06-17 13:12 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\d9f25602d3fabd454ee8f8c0b7cd987f\System.Windows.Forms.ni.dll
+ 2012-06-17 14:13 . 2012-06-17 14:13 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-17 14:12 . 2012-06-17 14:12 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-17 14:08 . 2012-06-17 14:09 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-06-17 14:09 . 2012-06-17 14:09 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-06-17 14:09 . 2012-06-17 14:09 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-06-18 19:49 . 2012-06-18 19:49 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
+ 2012-06-18 19:50 . 2012-06-18 19:50 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll
+ 2012-06-18 19:50 . 2012-06-18 19:50 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll
+ 2012-06-18 19:49 . 2012-06-18 19:49 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-06-18 19:48 . 2012-06-18 19:48 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-06-18 19:55 . 2012-06-18 19:55 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-06-18 19:46 . 2012-06-18 19:46 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-18 19:47 . 2012-06-18 19:47 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-18 19:46 . 2012-06-18 19:46 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-18 19:46 . 2012-06-18 19:46 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys [x]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-01 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yeddef64;YEDDEF driver (x64);c:\windows\system32\Drivers\yeddef64.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 StarWindServiceLite;StarWind Service Lite;c:\program files (x86)\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe [2008-07-04 312320]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ba49iwr8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe - c:\users\Administrator\AppData\Local\ElevatedDiagnostics\Adobe\kvxkbvndz.dll
Wow6432Node-HKU-Default-Run-Adobe - c:\users\Administrator\AppData\Local\ElevatedDiagnostics\Adobe\kvxkbvndz.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cf,
08,9e,ba,e4,06,b0,9f,a5,09,88,6e,f9,d8
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,20,
80,31,1e,d8,0e,9b,c5,0e,3a,72,48,27,dd
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e3,
a4,12,5c,3e,0d,af,2b,1d,ed,04,ce,46,e4
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,23,de,
c2,79,ab,27,03,8d,87,5c,82,2b,78,87,54
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:80,05,f6,49,ae,68,cc,01
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,21,99,bd,6f,c5,c0,43,b0,14,e6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,21,99,bd,6f,c5,c0,43,b0,14,e6,\
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-329418992-3431730269-3099879791-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-06-19 10:42:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 14:42
ComboFix2.txt 2012-06-12 22:11
.
Pre-Run: 389,106,438,144 bytes free
Post-Run: 389,106,069,504 bytes free
.
- - End Of File - - 54EE91615106DB5F0152886AF02AE2BB


Thanks In Advance

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 19 June 2012 - 01:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chinn29

chinn29
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 19 June 2012 - 08:51 PM

Hello Gringo!
Here are the TDS logs

21:28:53.0917 0728 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:28:54.0260 0728 ============================================================
21:28:54.0260 0728 Current date / time: 2012/06/19 21:28:54.0260
21:28:54.0260 0728 SystemInfo:
21:28:54.0260 0728
21:28:54.0260 0728 OS Version: 6.1.7601 ServicePack: 1.0
21:28:54.0260 0728 Product type: Workstation
21:28:54.0260 0728 ComputerName: SSHOMEPC
21:28:54.0260 0728 UserName: Administrator
21:28:54.0260 0728 Windows directory: C:\Windows
21:28:54.0260 0728 System windows directory: C:\Windows
21:28:54.0260 0728 Running under WOW64
21:28:54.0260 0728 Processor architecture: Intel x64
21:28:54.0260 0728 Number of processors: 2
21:28:54.0260 0728 Page size: 0x1000
21:28:54.0260 0728 Boot type: Normal boot
21:28:54.0260 0728 ============================================================
21:28:55.0555 0728 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:28:55.0571 0728 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
21:28:55.0633 0728 ============================================================
21:28:55.0633 0728 \Device\Harddisk0\DR0:
21:28:55.0633 0728 MBR partitions:
21:28:55.0633 0728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
21:28:55.0633 0728 \Device\Harddisk1\DR1:
21:28:55.0633 0728 MBR partitions:
21:28:55.0633 0728 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385FF1
21:28:55.0633 0728 ============================================================
21:28:55.0649 0728 C: <-> \Device\Harddisk1\DR1\Partition0
21:28:55.0680 0728 D: <-> \Device\Harddisk0\DR0\Partition0
21:28:55.0680 0728 ============================================================
21:28:55.0680 0728 Initialize success
21:28:55.0680 0728 ============================================================
21:28:58.0847 3504 ============================================================
21:28:58.0847 3504 Scan started
21:28:58.0847 3504 Mode: Manual;
21:28:58.0847 3504 ============================================================
21:29:53.0431 3504 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:29:53.0447 3504 1394ohci - ok
21:29:53.0478 3504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:29:53.0478 3504 ACPI - ok
21:29:53.0509 3504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:29:53.0509 3504 AcpiPmi - ok
21:29:53.0572 3504 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:53.0587 3504 AdobeARMservice - ok
21:29:53.0618 3504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:53.0634 3504 adp94xx - ok
21:29:53.0665 3504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:53.0665 3504 adpahci - ok
21:29:53.0696 3504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:53.0696 3504 adpu320 - ok
21:29:53.0743 3504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:29:53.0743 3504 AeLookupSvc - ok
21:29:53.0806 3504 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:29:53.0806 3504 AFD - ok
21:29:53.0837 3504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:29:53.0837 3504 agp440 - ok
21:29:53.0852 3504 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:29:53.0852 3504 ALG - ok
21:29:53.0868 3504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:29:53.0884 3504 aliide - ok
21:29:53.0884 3504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:29:53.0884 3504 amdide - ok
21:29:53.0899 3504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:53.0915 3504 AmdK8 - ok
21:29:53.0915 3504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:53.0930 3504 AmdPPM - ok
21:29:53.0946 3504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:29:53.0962 3504 amdsata - ok
21:29:53.0993 3504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:53.0993 3504 amdsbs - ok
21:29:54.0008 3504 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:29:54.0008 3504 amdxata - ok
21:29:54.0102 3504 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:29:54.0118 3504 AntiVirSchedulerService - ok
21:29:54.0164 3504 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:29:54.0164 3504 AntiVirService - ok
21:29:54.0180 3504 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:29:54.0180 3504 AppID - ok
21:29:54.0211 3504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:29:54.0227 3504 AppIDSvc - ok
21:29:54.0258 3504 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:29:54.0258 3504 Appinfo - ok
21:29:54.0289 3504 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:29:54.0305 3504 AppMgmt - ok
21:29:54.0336 3504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:29:54.0336 3504 arc - ok
21:29:54.0352 3504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:54.0352 3504 arcsas - ok
21:29:54.0367 3504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:54.0367 3504 AsyncMac - ok
21:29:54.0398 3504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:29:54.0398 3504 atapi - ok
21:29:54.0461 3504 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:29:54.0476 3504 AudioEndpointBuilder - ok
21:29:54.0492 3504 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:29:54.0508 3504 AudioSrv - ok
21:29:54.0554 3504 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:29:54.0554 3504 avgntflt - ok
21:29:54.0617 3504 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:29:54.0617 3504 avipbb - ok
21:29:54.0648 3504 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:29:54.0648 3504 avkmgr - ok
21:29:54.0679 3504 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:29:54.0695 3504 AxInstSV - ok
21:29:54.0726 3504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:29:54.0742 3504 b06bdrv - ok
21:29:54.0757 3504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:54.0773 3504 b57nd60a - ok
21:29:54.0882 3504 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:29:54.0929 3504 BBSvc - ok
21:29:54.0976 3504 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:29:54.0991 3504 BBUpdate - ok
21:29:55.0022 3504 bcm44amd64 (2bc7c1697b633692a061a4a36ed9dfdd) C:\Windows\system32\DRIVERS\b44amd64.sys
21:29:55.0022 3504 bcm44amd64 - ok
21:29:55.0054 3504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:29:55.0054 3504 BDESVC - ok
21:29:55.0069 3504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:29:55.0069 3504 Beep - ok
21:29:55.0147 3504 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:29:55.0163 3504 BFE - ok
21:29:55.0256 3504 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:29:55.0288 3504 BITS - ok
21:29:55.0319 3504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:55.0334 3504 blbdrive - ok
21:29:55.0366 3504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:29:55.0366 3504 bowser - ok
21:29:55.0366 3504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:55.0381 3504 BrFiltLo - ok
21:29:55.0381 3504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:55.0381 3504 BrFiltUp - ok
21:29:55.0428 3504 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:29:55.0444 3504 BridgeMP - ok
21:29:55.0459 3504 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:29:55.0475 3504 Browser - ok
21:29:55.0506 3504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:29:55.0506 3504 Brserid - ok
21:29:55.0537 3504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:55.0537 3504 BrSerWdm - ok
21:29:55.0553 3504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:55.0553 3504 BrUsbMdm - ok
21:29:55.0553 3504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:55.0553 3504 BrUsbSer - ok
21:29:55.0584 3504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:55.0584 3504 BTHMODEM - ok
21:29:55.0615 3504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:29:55.0615 3504 bthserv - ok
21:29:55.0631 3504 catchme - ok
21:29:55.0646 3504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:55.0646 3504 cdfs - ok
21:29:55.0662 3504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:29:55.0678 3504 cdrom - ok
21:29:55.0693 3504 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:29:55.0709 3504 CertPropSvc - ok
21:29:55.0709 3504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:29:55.0724 3504 circlass - ok
21:29:55.0756 3504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:29:55.0756 3504 CLFS - ok
21:29:55.0818 3504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:55.0834 3504 clr_optimization_v2.0.50727_32 - ok
21:29:55.0849 3504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:29:55.0865 3504 clr_optimization_v2.0.50727_64 - ok
21:29:55.0927 3504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:55.0927 3504 clr_optimization_v4.0.30319_32 - ok
21:29:55.0958 3504 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:29:55.0974 3504 clr_optimization_v4.0.30319_64 - ok
21:29:55.0990 3504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:55.0990 3504 CmBatt - ok
21:29:56.0021 3504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:29:56.0021 3504 cmdide - ok
21:29:56.0068 3504 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:29:56.0083 3504 CNG - ok
21:29:56.0083 3504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:56.0099 3504 Compbatt - ok
21:29:56.0114 3504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:29:56.0114 3504 CompositeBus - ok
21:29:56.0114 3504 COMSysApp - ok
21:29:56.0177 3504 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys
21:29:56.0177 3504 cpuz135 - ok
21:29:56.0192 3504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:56.0192 3504 crcdisk - ok
21:29:56.0239 3504 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:29:56.0239 3504 CryptSvc - ok
21:29:56.0286 3504 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:29:56.0302 3504 CSC - ok
21:29:56.0364 3504 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:29:56.0364 3504 CscService - ok
21:29:56.0411 3504 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:56.0442 3504 DcomLaunch - ok
21:29:56.0473 3504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:29:56.0504 3504 defragsvc - ok
21:29:56.0551 3504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:29:56.0551 3504 DfsC - ok
21:29:56.0598 3504 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:29:56.0614 3504 Dhcp - ok
21:29:56.0614 3504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:29:56.0629 3504 discache - ok
21:29:56.0645 3504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:29:56.0645 3504 Disk - ok
21:29:56.0676 3504 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:29:56.0692 3504 Dnscache - ok
21:29:56.0723 3504 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:29:56.0738 3504 dot3svc - ok
21:29:56.0770 3504 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:29:56.0785 3504 Dot4 - ok
21:29:56.0816 3504 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:29:56.0816 3504 Dot4Print - ok
21:29:56.0832 3504 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:29:56.0832 3504 dot4usb - ok
21:29:56.0863 3504 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:29:56.0879 3504 DPS - ok
21:29:56.0910 3504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:29:56.0910 3504 drmkaud - ok
21:29:56.0972 3504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:57.0004 3504 DXGKrnl - ok
21:29:57.0019 3504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:29:57.0035 3504 EapHost - ok
21:29:57.0191 3504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:29:57.0238 3504 ebdrv - ok
21:29:57.0331 3504 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:29:57.0347 3504 EFS - ok
21:29:57.0425 3504 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:29:57.0456 3504 ehRecvr - ok
21:29:57.0487 3504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:29:57.0503 3504 ehSched - ok
21:29:57.0534 3504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:57.0550 3504 elxstor - ok
21:29:57.0581 3504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:29:57.0581 3504 ErrDev - ok
21:29:57.0643 3504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:29:57.0643 3504 EventSystem - ok
21:29:57.0674 3504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:29:57.0690 3504 exfat - ok
21:29:57.0706 3504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:29:57.0721 3504 fastfat - ok
21:29:57.0768 3504 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:29:57.0784 3504 Fax - ok
21:29:57.0799 3504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:29:57.0799 3504 fdc - ok
21:29:57.0815 3504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:29:57.0815 3504 fdPHost - ok
21:29:57.0830 3504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:29:57.0830 3504 FDResPub - ok
21:29:57.0846 3504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:29:57.0846 3504 FileInfo - ok
21:29:57.0862 3504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:29:57.0862 3504 Filetrace - ok
21:29:57.0877 3504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:57.0877 3504 flpydisk - ok
21:29:57.0924 3504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:29:57.0924 3504 FltMgr - ok
21:29:58.0018 3504 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:29:58.0033 3504 FontCache - ok
21:29:58.0080 3504 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:58.0096 3504 FontCache3.0.0.0 - ok
21:29:58.0158 3504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:29:58.0158 3504 FsDepends - ok
21:29:58.0189 3504 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:58.0205 3504 Fs_Rec - ok
21:29:58.0252 3504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:58.0252 3504 fvevol - ok
21:29:58.0267 3504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:58.0283 3504 gagp30kx - ok
21:29:58.0361 3504 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:29:58.0376 3504 gpsvc - ok
21:29:58.0392 3504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:29:58.0408 3504 hcw85cir - ok
21:29:58.0454 3504 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:29:58.0470 3504 HdAudAddService - ok
21:29:58.0486 3504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:29:58.0501 3504 HDAudBus - ok
21:29:58.0517 3504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:58.0517 3504 HidBatt - ok
21:29:58.0532 3504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:58.0532 3504 HidBth - ok
21:29:58.0548 3504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:29:58.0548 3504 HidIr - ok
21:29:58.0564 3504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:29:58.0564 3504 hidserv - ok
21:29:58.0595 3504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:29:58.0595 3504 HidUsb - ok
21:29:58.0626 3504 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:29:58.0642 3504 hkmsvc - ok
21:29:58.0673 3504 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:29:58.0688 3504 HomeGroupListener - ok
21:29:58.0720 3504 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:29:58.0735 3504 HomeGroupProvider - ok
21:29:58.0813 3504 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:29:58.0813 3504 hpqcxs08 - ok
21:29:58.0844 3504 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:29:58.0860 3504 hpqddsvc - ok
21:29:58.0891 3504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:29:58.0891 3504 HpSAMD - ok
21:29:58.0954 3504 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:29:58.0985 3504 HPSLPSVC - ok
21:29:59.0047 3504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:29:59.0078 3504 HTTP - ok
21:29:59.0110 3504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:29:59.0110 3504 hwpolicy - ok
21:29:59.0141 3504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:29:59.0156 3504 i8042prt - ok
21:29:59.0188 3504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:29:59.0203 3504 iaStorV - ok
21:29:59.0297 3504 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:59.0344 3504 idsvc - ok
21:29:59.0359 3504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:59.0359 3504 iirsp - ok
21:29:59.0422 3504 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:29:59.0437 3504 IKEEXT - ok
21:29:59.0453 3504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:29:59.0453 3504 intelide - ok
21:29:59.0468 3504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:59.0468 3504 intelppm - ok
21:29:59.0500 3504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:29:59.0500 3504 IPBusEnum - ok
21:29:59.0531 3504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:59.0531 3504 IpFilterDriver - ok
21:29:59.0640 3504 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:29:59.0671 3504 iphlpsvc - ok
21:29:59.0687 3504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:59.0702 3504 IPMIDRV - ok
21:29:59.0718 3504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:29:59.0734 3504 IPNAT - ok
21:29:59.0749 3504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:29:59.0749 3504 IRENUM - ok
21:29:59.0780 3504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:29:59.0780 3504 isapnp - ok
21:29:59.0812 3504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:29:59.0827 3504 iScsiPrt - ok
21:29:59.0843 3504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:29:59.0843 3504 kbdclass - ok
21:29:59.0874 3504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:29:59.0874 3504 kbdhid - ok
21:29:59.0890 3504 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:59.0905 3504 KeyIso - ok
21:29:59.0905 3504 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:29:59.0905 3504 KSecDD - ok
21:29:59.0936 3504 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:59.0936 3504 KSecPkg - ok
21:29:59.0952 3504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:29:59.0952 3504 ksthunk - ok
21:29:59.0983 3504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:30:00.0014 3504 KtmRm - ok
21:30:00.0030 3504 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:30:00.0046 3504 LanmanServer - ok
21:30:00.0077 3504 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:30:00.0108 3504 LanmanWorkstation - ok
21:30:00.0514 3504 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
21:30:00.0576 3504 LeapFrog Connect Device Service - ok
21:30:00.0685 3504 LeapFrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
21:30:00.0685 3504 LeapFrog-USBLAN - ok
21:30:00.0701 3504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:30:00.0716 3504 lltdio - ok
21:30:00.0732 3504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:30:00.0748 3504 lltdsvc - ok
21:30:00.0763 3504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:30:00.0763 3504 lmhosts - ok
21:30:00.0779 3504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:30:00.0794 3504 LSI_FC - ok
21:30:00.0810 3504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:30:00.0810 3504 LSI_SAS - ok
21:30:00.0826 3504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:30:00.0841 3504 LSI_SAS2 - ok
21:30:00.0841 3504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:30:00.0841 3504 LSI_SCSI - ok
21:30:00.0872 3504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:30:00.0872 3504 luafv - ok
21:30:00.0888 3504 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:30:00.0904 3504 Mcx2Svc - ok
21:30:00.0919 3504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:30:00.0919 3504 megasas - ok
21:30:00.0950 3504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:30:00.0966 3504 MegaSR - ok
21:30:01.0028 3504 Microsoft SharePoint Workspace Audit Service - ok
21:30:01.0060 3504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:30:01.0060 3504 MMCSS - ok
21:30:01.0091 3504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:30:01.0091 3504 Modem - ok
21:30:01.0122 3504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:30:01.0122 3504 monitor - ok
21:30:01.0138 3504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:30:01.0138 3504 mouclass - ok
21:30:01.0153 3504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:30:01.0153 3504 mouhid - ok
21:30:01.0169 3504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:30:01.0169 3504 mountmgr - ok
21:30:01.0216 3504 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:30:01.0216 3504 MozillaMaintenance - ok
21:30:01.0247 3504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:30:01.0262 3504 mpio - ok
21:30:01.0278 3504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:30:01.0278 3504 mpsdrv - ok
21:30:01.0372 3504 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:30:01.0387 3504 MpsSvc - ok
21:30:01.0418 3504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:30:01.0434 3504 MRxDAV - ok
21:30:01.0450 3504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:01.0450 3504 mrxsmb - ok
21:30:01.0496 3504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:01.0496 3504 mrxsmb10 - ok
21:30:01.0512 3504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:01.0512 3504 mrxsmb20 - ok
21:30:01.0528 3504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:30:01.0528 3504 msahci - ok
21:30:01.0559 3504 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:30:01.0574 3504 msdsm - ok
21:30:01.0606 3504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:30:01.0621 3504 MSDTC - ok
21:30:01.0637 3504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:30:01.0637 3504 Msfs - ok
21:30:01.0652 3504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:30:01.0652 3504 mshidkmdf - ok
21:30:01.0668 3504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:30:01.0668 3504 msisadrv - ok
21:30:01.0699 3504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:30:01.0715 3504 MSiSCSI - ok
21:30:01.0715 3504 msiserver - ok
21:30:01.0730 3504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:30:01.0730 3504 MSKSSRV - ok
21:30:01.0746 3504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:01.0746 3504 MSPCLOCK - ok
21:30:01.0746 3504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:30:01.0762 3504 MSPQM - ok
21:30:01.0793 3504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:30:01.0808 3504 MsRPC - ok
21:30:01.0824 3504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:30:01.0824 3504 mssmbios - ok
21:30:01.0840 3504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:30:01.0840 3504 MSTEE - ok
21:30:01.0855 3504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:30:01.0855 3504 MTConfig - ok
21:30:01.0871 3504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:30:01.0871 3504 Mup - ok
21:30:01.0918 3504 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:30:01.0918 3504 napagent - ok
21:30:01.0949 3504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:30:01.0964 3504 NativeWifiP - ok
21:30:02.0042 3504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:30:02.0042 3504 NDIS - ok
21:30:02.0058 3504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:02.0058 3504 NdisCap - ok
21:30:02.0074 3504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:02.0074 3504 NdisTapi - ok
21:30:02.0105 3504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:02.0105 3504 Ndisuio - ok
21:30:02.0136 3504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:02.0152 3504 NdisWan - ok
21:30:02.0183 3504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:30:02.0183 3504 NDProxy - ok
21:30:02.0230 3504 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
21:30:02.0230 3504 Net Driver HPZ12 - ok
21:30:02.0245 3504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:30:02.0245 3504 NetBIOS - ok
21:30:02.0261 3504 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:30:02.0276 3504 NetBT - ok
21:30:02.0308 3504 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:30:02.0308 3504 Netlogon - ok
21:30:02.0339 3504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:30:02.0354 3504 Netman - ok
21:30:02.0386 3504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:30:02.0386 3504 netprofm - ok
21:30:02.0448 3504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:30:02.0479 3504 NetTcpPortSharing - ok
21:30:02.0495 3504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:30:02.0495 3504 nfrd960 - ok
21:30:02.0542 3504 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:30:02.0542 3504 NlaSvc - ok
21:30:02.0557 3504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:30:02.0557 3504 Npfs - ok
21:30:02.0573 3504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:30:02.0573 3504 nsi - ok
21:30:02.0588 3504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:30:02.0588 3504 nsiproxy - ok
21:30:02.0698 3504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:30:02.0729 3504 Ntfs - ok
21:30:02.0791 3504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:30:02.0791 3504 Null - ok
21:30:03.0509 3504 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:30:03.0680 3504 nvlddmkm - ok
21:30:03.0774 3504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:30:03.0790 3504 nvraid - ok
21:30:03.0821 3504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:30:03.0836 3504 nvstor - ok
21:30:03.0883 3504 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
21:30:03.0899 3504 nvsvc - ok
21:30:03.0930 3504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:30:03.0946 3504 nv_agp - ok
21:30:03.0977 3504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:30:03.0992 3504 ohci1394 - ok
21:30:04.0039 3504 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:04.0039 3504 ose - ok
21:30:04.0351 3504 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:30:04.0398 3504 osppsvc - ok
21:30:04.0507 3504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:30:04.0523 3504 p2pimsvc - ok
21:30:04.0538 3504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:30:04.0554 3504 p2psvc - ok
21:30:04.0585 3504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:30:04.0601 3504 Parport - ok
21:30:04.0616 3504 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:30:04.0616 3504 partmgr - ok
21:30:04.0648 3504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:30:04.0648 3504 PcaSvc - ok
21:30:04.0679 3504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:30:04.0679 3504 pci - ok
21:30:04.0710 3504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:30:04.0710 3504 pciide - ok
21:30:04.0726 3504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:30:04.0741 3504 pcmcia - ok
21:30:04.0757 3504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:30:04.0757 3504 pcw - ok
21:30:04.0804 3504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:30:04.0804 3504 PEAUTH - ok
21:30:04.0897 3504 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:30:04.0928 3504 PeerDistSvc - ok
21:30:04.0991 3504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:30:05.0006 3504 PerfHost - ok
21:30:05.0178 3504 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:30:05.0225 3504 pla - ok
21:30:05.0272 3504 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:30:05.0272 3504 PlugPlay - ok
21:30:05.0318 3504 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
21:30:05.0318 3504 Pml Driver HPZ12 - ok
21:30:05.0318 3504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:30:05.0334 3504 PNRPAutoReg - ok
21:30:05.0365 3504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:30:05.0365 3504 PNRPsvc - ok
21:30:05.0412 3504 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:30:05.0412 3504 PolicyAgent - ok
21:30:05.0443 3504 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:30:05.0459 3504 Power - ok
21:30:05.0490 3504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:30:05.0506 3504 PptpMiniport - ok
21:30:05.0521 3504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:30:05.0521 3504 Processor - ok
21:30:05.0552 3504 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:30:05.0568 3504 ProfSvc - ok
21:30:05.0599 3504 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:30:05.0599 3504 ProtectedStorage - ok
21:30:05.0630 3504 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:30:05.0630 3504 Psched - ok
21:30:05.0740 3504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:30:05.0786 3504 ql2300 - ok
21:30:05.0849 3504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:30:05.0864 3504 ql40xx - ok
21:30:05.0896 3504 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:30:05.0911 3504 QWAVE - ok
21:30:05.0927 3504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:30:05.0927 3504 QWAVEdrv - ok
21:30:05.0942 3504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:30:05.0942 3504 RasAcd - ok
21:30:05.0958 3504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:05.0958 3504 RasAgileVpn - ok
21:30:05.0974 3504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:30:05.0989 3504 RasAuto - ok
21:30:06.0036 3504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:06.0052 3504 Rasl2tp - ok
21:30:06.0083 3504 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:30:06.0098 3504 RasMan - ok
21:30:06.0114 3504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:06.0114 3504 RasPppoe - ok
21:30:06.0130 3504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:30:06.0130 3504 RasSstp - ok
21:30:06.0176 3504 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:30:06.0176 3504 rdbss - ok
21:30:06.0192 3504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:30:06.0192 3504 rdpbus - ok
21:30:06.0208 3504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:06.0208 3504 RDPCDD - ok
21:30:06.0239 3504 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:30:06.0254 3504 RDPDR - ok
21:30:06.0254 3504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:30:06.0254 3504 RDPENCDD - ok
21:30:06.0270 3504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:30:06.0270 3504 RDPREFMP - ok
21:30:06.0301 3504 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:30:06.0301 3504 RdpVideoMiniport - ok
21:30:06.0348 3504 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:30:06.0348 3504 RDPWD - ok
21:30:06.0395 3504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:30:06.0395 3504 rdyboost - ok
21:30:06.0426 3504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:30:06.0442 3504 RemoteAccess - ok
21:30:06.0457 3504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:30:06.0473 3504 RemoteRegistry - ok
21:30:06.0488 3504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:30:06.0488 3504 RpcEptMapper - ok
21:30:06.0504 3504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:30:06.0520 3504 RpcLocator - ok
21:30:06.0566 3504 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:30:06.0566 3504 RpcSs - ok
21:30:06.0582 3504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:30:06.0598 3504 rspndr - ok
21:30:06.0644 3504 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:30:06.0660 3504 RTL8167 - ok
21:30:06.0676 3504 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:30:06.0691 3504 s3cap - ok
21:30:06.0707 3504 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:30:06.0722 3504 SamSs - ok
21:30:06.0754 3504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:30:06.0754 3504 sbp2port - ok
21:30:06.0769 3504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:30:06.0785 3504 SCardSvr - ok
21:30:06.0816 3504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:30:06.0816 3504 scfilter - ok
21:30:06.0910 3504 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:30:06.0941 3504 Schedule - ok
21:30:06.0972 3504 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:30:06.0972 3504 SCPolicySvc - ok
21:30:07.0003 3504 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:30:07.0034 3504 SDRSVC - ok
21:30:07.0066 3504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:30:07.0066 3504 secdrv - ok
21:30:07.0081 3504 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:30:07.0081 3504 seclogon - ok
21:30:07.0112 3504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:30:07.0112 3504 SENS - ok
21:30:07.0128 3504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:30:07.0128 3504 SensrSvc - ok
21:30:07.0144 3504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:30:07.0144 3504 Serenum - ok
21:30:07.0159 3504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:30:07.0159 3504 Serial - ok
21:30:07.0190 3504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:30:07.0190 3504 sermouse - ok
21:30:07.0237 3504 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:30:07.0284 3504 SessionEnv - ok
21:30:07.0315 3504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:30:07.0315 3504 sffdisk - ok
21:30:07.0331 3504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:30:07.0331 3504 sffp_mmc - ok
21:30:07.0331 3504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:30:07.0331 3504 sffp_sd - ok
21:30:07.0346 3504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:30:07.0346 3504 sfloppy - ok
21:30:07.0409 3504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:30:07.0424 3504 SharedAccess - ok
21:30:07.0471 3504 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:30:07.0487 3504 ShellHWDetection - ok
21:30:07.0487 3504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:30:07.0502 3504 SiSRaid2 - ok
21:30:07.0502 3504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:30:07.0518 3504 SiSRaid4 - ok
21:30:07.0534 3504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:30:07.0534 3504 Smb - ok
21:30:07.0565 3504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:30:07.0565 3504 SNMPTRAP - ok
21:30:07.0580 3504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:30:07.0580 3504 spldr - ok
21:30:07.0612 3504 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:30:07.0627 3504 Spooler - ok
21:30:07.0846 3504 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:30:07.0908 3504 sppsvc - ok
21:30:08.0017 3504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:30:08.0033 3504 sppuinotify - ok
21:30:08.0080 3504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:30:08.0095 3504 srv - ok
21:30:08.0111 3504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:30:08.0126 3504 srv2 - ok
21:30:08.0142 3504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:30:08.0158 3504 srvnet - ok
21:30:08.0173 3504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:30:08.0189 3504 SSDPSRV - ok
21:30:08.0189 3504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:30:08.0204 3504 SstpSvc - ok
21:30:08.0251 3504 StarPortLite (415205b445c60b09e779f78d6df25667) C:\Windows\system32\DRIVERS\StarPortLite.sys
21:30:08.0251 3504 StarPortLite - ok
21:30:08.0314 3504 StarWindServiceLite (0ef3508e5d3006bb056506b327b40cc4) C:\Program Files (x86)\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe
21:30:08.0314 3504 StarWindServiceLite - ok
21:30:08.0345 3504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:30:08.0345 3504 stexstor - ok
21:30:08.0360 3504 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:30:08.0360 3504 StillCam - ok
21:30:08.0423 3504 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:30:08.0423 3504 stisvc - ok
21:30:08.0454 3504 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:30:08.0454 3504 storflt - ok
21:30:08.0485 3504 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:30:08.0485 3504 storvsc - ok
21:30:08.0501 3504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:30:08.0501 3504 swenum - ok
21:30:08.0548 3504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:30:08.0563 3504 swprv - ok
21:30:08.0563 3504 Synth3dVsc - ok
21:30:08.0704 3504 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:30:08.0735 3504 SysMain - ok
21:30:08.0813 3504 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:30:08.0828 3504 TabletInputService - ok
21:30:08.0875 3504 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:30:08.0891 3504 TapiSrv - ok
21:30:08.0906 3504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:30:08.0922 3504 TBS - ok
21:30:09.0047 3504 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:30:09.0062 3504 Tcpip - ok
21:30:09.0187 3504 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:30:09.0203 3504 TCPIP6 - ok
21:30:09.0265 3504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:30:09.0265 3504 tcpipreg - ok
21:30:09.0281 3504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:30:09.0281 3504 TDPIPE - ok
21:30:09.0312 3504 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:30:09.0312 3504 TDTCP - ok
21:30:09.0359 3504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:30:09.0359 3504 tdx - ok
21:30:09.0390 3504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:30:09.0390 3504 TermDD - ok
21:30:09.0437 3504 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:30:09.0452 3504 TermService - ok
21:30:09.0468 3504 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:30:09.0468 3504 Themes - ok
21:30:09.0499 3504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:30:09.0499 3504 THREADORDER - ok
21:30:09.0515 3504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:30:09.0530 3504 TrkWks - ok
21:30:09.0562 3504 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:30:09.0577 3504 TrustedInstaller - ok
21:30:09.0608 3504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:09.0608 3504 tssecsrv - ok
21:30:09.0640 3504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:30:09.0640 3504 TsUsbFlt - ok
21:30:09.0640 3504 tsusbhub - ok
21:30:09.0686 3504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:30:09.0686 3504 tunnel - ok
21:30:09.0702 3504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:30:09.0702 3504 uagp35 - ok
21:30:09.0733 3504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:30:09.0733 3504 udfs - ok
21:30:09.0764 3504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:30:09.0764 3504 UI0Detect - ok
21:30:09.0796 3504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:30:09.0796 3504 uliagpkx - ok
21:30:09.0811 3504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:30:09.0827 3504 umbus - ok
21:30:09.0842 3504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:30:09.0842 3504 UmPass - ok
21:30:09.0858 3504 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:30:09.0889 3504 UmRdpService - ok
21:30:09.0905 3504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:30:09.0920 3504 upnphost - ok
21:30:09.0952 3504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:09.0967 3504 usbccgp - ok
21:30:09.0998 3504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:30:09.0998 3504 usbcir - ok
21:30:10.0030 3504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:30:10.0030 3504 usbehci - ok
21:30:10.0045 3504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:30:10.0076 3504 usbhub - ok
21:30:10.0076 3504 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:30:10.0092 3504 usbohci - ok
21:30:10.0092 3504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:30:10.0092 3504 usbprint - ok
21:30:10.0123 3504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:30:10.0123 3504 usbscan - ok
21:30:10.0154 3504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:10.0154 3504 USBSTOR - ok
21:30:10.0170 3504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:30:10.0170 3504 usbuhci - ok
21:30:10.0186 3504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:30:10.0186 3504 UxSms - ok
21:30:10.0217 3504 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:30:10.0217 3504 VaultSvc - ok
21:30:10.0248 3504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:30:10.0248 3504 vdrvroot - ok
21:30:10.0295 3504 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:30:10.0326 3504 vds - ok
21:30:10.0342 3504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:10.0357 3504 vga - ok
21:30:10.0373 3504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:30:10.0373 3504 VgaSave - ok
21:30:10.0373 3504 VGPU - ok
21:30:10.0420 3504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:30:10.0420 3504 vhdmp - ok
21:30:10.0451 3504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:30:10.0451 3504 viaide - ok
21:30:10.0498 3504 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:30:10.0513 3504 vmbus - ok
21:30:10.0529 3504 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:30:10.0529 3504 VMBusHID - ok
21:30:10.0560 3504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:30:10.0576 3504 volmgr - ok
21:30:10.0622 3504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:30:10.0622 3504 volmgrx - ok
21:30:10.0669 3504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:30:10.0669 3504 volsnap - ok
21:30:10.0700 3504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:30:10.0700 3504 vsmraid - ok
21:30:10.0825 3504 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:30:10.0856 3504 VSS - ok
21:30:10.0950 3504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:30:10.0966 3504 vwifibus - ok
21:30:10.0997 3504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:30:11.0012 3504 W32Time - ok
21:30:11.0028 3504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:30:11.0028 3504 WacomPen - ok
21:30:11.0059 3504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:11.0059 3504 WANARP - ok
21:30:11.0059 3504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:11.0075 3504 Wanarpv6 - ok
21:30:11.0153 3504 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:30:11.0215 3504 WatAdminSvc - ok
21:30:11.0309 3504 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:30:11.0356 3504 wbengine - ok
21:30:11.0434 3504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:30:11.0465 3504 WbioSrvc - ok
21:30:11.0512 3504 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:30:11.0543 3504 wcncsvc - ok
21:30:11.0574 3504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:30:11.0574 3504 WcsPlugInService - ok
21:30:11.0621 3504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:30:11.0621 3504 Wd - ok
21:30:11.0668 3504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:30:11.0668 3504 Wdf01000 - ok
21:30:11.0683 3504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:30:11.0683 3504 WdiServiceHost - ok
21:30:11.0699 3504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:30:11.0699 3504 WdiSystemHost - ok
21:30:11.0730 3504 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:30:11.0746 3504 WebClient - ok
21:30:11.0761 3504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:30:11.0777 3504 Wecsvc - ok
21:30:11.0792 3504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:30:11.0808 3504 wercplsupport - ok
21:30:11.0824 3504 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:30:11.0824 3504 WerSvc - ok
21:30:11.0839 3504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:11.0839 3504 WfpLwf - ok
21:30:11.0855 3504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:30:11.0855 3504 WIMMount - ok
21:30:11.0870 3504 WinDefend - ok
21:30:11.0886 3504 WinHttpAutoProxySvc - ok
21:30:11.0917 3504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:30:11.0933 3504 Winmgmt - ok
21:30:12.0089 3504 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:30:12.0136 3504 WinRM - ok
21:30:12.0245 3504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:30:12.0276 3504 Wlansvc - ok
21:30:12.0448 3504 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:30:12.0463 3504 wlidsvc - ok
21:30:12.0526 3504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:30:12.0526 3504 WmiAcpi - ok
21:30:12.0588 3504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:30:12.0604 3504 wmiApSrv - ok
21:30:12.0619 3504 WMPNetworkSvc - ok
21:30:12.0650 3504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:30:12.0666 3504 WPCSvc - ok
21:30:12.0697 3504 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:30:12.0713 3504 WPDBusEnum - ok
21:30:12.0728 3504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:30:12.0728 3504 ws2ifsl - ok
21:30:12.0775 3504 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:30:12.0791 3504 wscsvc - ok
21:30:12.0791 3504 WSearch - ok
21:30:12.0931 3504 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:30:12.0962 3504 wuauserv - ok
21:30:13.0072 3504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:30:13.0087 3504 WudfPf - ok
21:30:13.0103 3504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:13.0103 3504 WUDFRd - ok
21:30:13.0134 3504 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:30:13.0134 3504 wudfsvc - ok
21:30:13.0165 3504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:30:13.0181 3504 WwanSvc - ok
21:30:13.0181 3504 yeddef64 - ok
21:30:13.0259 3504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:30:13.0524 3504 \Device\Harddisk0\DR0 - ok
21:30:13.0540 3504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:30:13.0727 3504 \Device\Harddisk1\DR1 - ok
21:30:13.0727 3504 Boot (0x1200) (5d649f5977ae8fc36c858bf5a7dc81aa) \Device\Harddisk0\DR0\Partition0
21:30:13.0727 3504 \Device\Harddisk0\DR0\Partition0 - ok
21:30:13.0727 3504 Boot (0x1200) (1e63c4caeb7c226a63882e45324b2e9d) \Device\Harddisk1\DR1\Partition0
21:30:13.0742 3504 \Device\Harddisk1\DR1\Partition0 - ok
21:30:13.0742 3504 ============================================================
21:30:13.0742 3504 Scan finished
21:30:13.0742 3504 ============================================================
21:30:13.0758 1204 Detected object count: 0
21:30:13.0758 1204 Actual detected object count: 0
21:33:13.0486 2052 Deinitialize success



ASwMBR LOGS:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 21:33:39
-----------------------------
21:33:39.288 OS Version: Windows x64 6.1.7601 Service Pack 1
21:33:39.288 Number of processors: 2 586 0x6B01
21:33:39.288 ComputerName: SSHOMEPC UserName:
21:33:40.552 Initialize success
21:34:43.413 AVAST engine defs: 12061901
21:35:26.759 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000055
21:35:26.759 Disk 0 Vendor: WDC_WD80 10.0 Size: 76293MB BusType: 3
21:35:26.775 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000057
21:35:26.775 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
21:35:26.790 Disk 1 MBR read successfully
21:35:26.790 Disk 1 MBR scan
21:35:26.806 Disk 1 Windows 7 default MBR code
21:35:26.806 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476939 MB offset 63
21:35:26.837 Disk 1 scanning C:\Windows\system32\drivers
21:35:40.316 Service scanning
21:36:05.993 Modules scanning
21:36:06.009 Disk 1 trace - called modules:
21:36:06.024 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
21:36:06.539 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800313e060]
21:36:06.555 3 CLASSPNP.SYS[fffff8800197543f] -> nt!IofCallDriver -> [0xfffffa8002ebd210]
21:36:06.570 5 ACPI.sys[fffff88000f8f7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8002ebd610]
21:36:08.786 AVAST engine scan C:\Windows
21:36:13.466 AVAST engine scan C:\Windows\system32
21:40:35.702 AVAST engine scan C:\Windows\system32\drivers
21:40:49.539 AVAST engine scan C:\Users\Administrator
21:42:08.256 AVAST engine scan C:\ProgramData
21:43:42.012 Scan finished successfully
21:49:58.643 Disk 1 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
21:49:58.659 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 19 June 2012 - 09:27 PM

how is the computer doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 22 June 2012 - 01:27 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 24 June 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 27 June 2012 - 11:23 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users