Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Problems - Possible Infection?


  • This topic is locked This topic is locked
9 replies to this topic

#1 TheXtreme1

TheXtreme1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 15 June 2012 - 07:01 PM

Hi, recently ive noticed some problems with my internet and im looking for some help. At the end of URLs they have alot of extra stuff like a simple google search takes up 2-3 lines in a WordPad file and Netflix movies have like 3 other strings of code other than the movie id all in the URL. I doubt this is normal but I may have never noticed and I always used Chrome before not IE. Also the temp internet files have alot of things with just strings of letters and numbers and when I run a program rather than download it it has strings of stuff in the name aswell.This may have to do with the fact that someone may have hacked into our router but im not sure.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by E at 6:43:48 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6988 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\explorer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mWinlogon: Userinit=userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{620AB3B5-EE79-4EA1-9FE2-36D9D829560C} : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-15 03:40:59 -------- d-----w- C:\Program Files\CCleaner
2012-06-15 03:18:49 -------- d-----w- C:\Users\E\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
.
============= FINISH: 6:43:58.09 ===============

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:12 AM

Posted 18 June 2012 - 09:07 AM

Hi TheXtreme1,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Combofix
Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Edited by jntkwx, 18 June 2012 - 09:15 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 TheXtreme1

TheXtreme1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 19 June 2012 - 01:03 AM

After I ran ComboFix but before it made the log it resarted my computer and when it restarted I got the "Illegal operation attempted on a registry key that has been marked for deletion" but then I restarted it again and it fixed it. The log was made fine I belive since I didn't get the error untill I tried to open a program.

Also I have no idea if there even is a problem but the fact that someone was in my home network makes me nervous so id rather be carefull. And speaking of the network thing my router is blocking hundreds of incoming TCP connection requests and a few outgoing ones, not sure if its related.

And lastly I forgot to mention I noticed a cmd prompt box flashing on startup.

 


ComboFix 12-06-16.02 - E 06/19/2012 0:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.7128 [GMT -5:00]
Running from: c:\users\E\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 05:45 . 2012-06-19 05:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 08:17 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{987867AA-17F2-4DD1-A5FA-04BFBCA35C49}\mpengine.dll
2012-06-17 08:07 . 2012-06-17 08:07 748664 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2012-06-17 08:07 . 2012-06-17 08:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-17 08:07 . 2012-06-17 08:07 307200 ----a-w- c:\program files (x86)\Internet Explorer\iediagcmd.exe
2012-06-17 08:07 . 2012-06-17 08:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-17 08:07 . 2012-06-17 08:07 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-06-17 08:07 . 2012-06-17 08:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-17 08:07 . 2012-06-17 08:07 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe
2012-06-17 08:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-17 08:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-17 08:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-17 08:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-17 08:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-17 08:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-17 08:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-17 00:00 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-16 23:59 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-16 23:58 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-16 23:58 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-16 23:53 . 2012-06-16 23:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A92189-EE80-4C65-B498-3B41C08FD2AB}\gapaengine.dll
2012-06-16 23:53 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 23:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-16 23:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-16 23:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-16 23:49 . 2012-06-16 23:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-16 23:49 . 2012-06-16 23:49 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-16 23:01 . 2012-05-17 22:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-06-16 23:01 . 2012-05-15 16:13 3316736 ----a-w- c:\windows\system32\BootMan.exe
2012-06-16 23:01 . 2011-07-29 18:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-06-16 23:01 . 2011-07-29 18:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2012-06-16 23:01 . 2011-07-29 18:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2012-06-16 23:01 . 2011-07-29 18:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2012-06-16 23:01 . 2011-07-29 18:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2012-06-16 23:01 . 2011-07-29 18:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2012-06-16 23:01 . 2011-07-29 18:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2012-06-16 23:01 . 2011-07-29 18:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-06-16 23:01 . 2012-06-16 23:01 -------- d-----w- c:\program files (x86)\EaseUS
2012-06-16 23:00 . 2012-06-16 23:00 -------- d-----w- c:\programdata\ATI
2012-06-16 22:59 . 2012-06-16 22:59 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-16 22:59 . 2012-06-16 22:59 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-16 22:59 . 2012-06-16 22:59 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-06-16 22:59 . 2012-06-16 22:59 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-16 22:58 . 2012-06-16 22:59 -------- d-----w- c:\programdata\AMD
2012-06-16 22:58 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-06-16 22:58 . 2012-06-16 22:58 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-16 22:58 . 2012-06-16 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-16 22:57 . 2012-06-16 22:57 -------- d-----w- c:\program files\ATI
2012-06-16 22:57 . 2012-06-16 22:57 -------- d-----w- C:\AMD
2012-06-16 17:16 . 2012-06-16 17:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-16 17:16 . 2012-06-16 17:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 17:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 17:15 . 2012-06-16 17:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-16 17:15 . 2012-06-16 17:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 17:15 . 2012-06-16 17:15 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-16 17:15 . 2012-06-16 17:15 -------- d-----w- c:\windows\system32\Macromed
2012-06-15 03:40 . 2012-06-15 03:41 -------- d-----w- c:\program files\CCleaner
2012-06-15 03:29 . 2012-06-15 03:29 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-15 03:29 . 2012-06-15 03:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-13 22:47 . 2012-06-16 11:40 -------- d-----w- c:\users\E
2012-06-13 22:47 . 2012-06-13 22:47 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 03:32 . 2012-04-06 03:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 03:32 . 2012-04-06 03:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-17_02.11.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-18 08:18 19658 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-18 08:18 32662 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-06-17 02:03 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-18 08:15 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-17 20:24 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthenum.sys
- 2012-06-13 22:45 . 2012-06-17 08:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-13 22:45 . 2012-06-18 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-13 22:45 . 2012-06-17 08:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-13 22:45 . 2012-06-18 04:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-18 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 08:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-17 16:27 . 2012-06-17 16:27 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe
+ 2012-06-17 16:22 . 2012-06-17 16:22 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\1a359e9b908a2565c546a8ca04b241c2\PresentationCFFRasterizer.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\3c3a6cce983114e7406e0a6e6116ecd8\Microsoft.VisualC.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe
+ 2012-06-17 16:25 . 2012-06-17 16:25 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\1cd9f92749d29b9fd61fcb1c4ae84294\ehiTVMSMusic.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe
+ 2012-06-17 16:21 . 2012-06-17 16:21 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\ae9311dcb0e713330a2a86b04cf361dc\Accessibility.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\a2d13d73d7121d70173bd0a32b4e3ec0\WindowsLiveWriter.ni.exe
+ 2012-06-17 16:23 . 2012-06-17 16:23 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e9de0bf4ffe855a165dbc76057c77d4a\WindowsLive.Writer.Api.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe
+ 2012-06-17 16:19 . 2012-06-17 16:19 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe
+ 2012-06-17 16:19 . 2012-06-17 16:19 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
+ 2012-06-15 03:16 . 2012-06-18 08:18 4336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3303812641-218812398-3529835325-1001_UserData.bin
- 2012-06-17 02:11 . 2012-06-17 02:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-19 05:46 . 2012-06-19 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:05 . 2009-07-14 01:16 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2012-06-17 00:00 . 2011-08-17 04:24 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2012-06-17 04:22 . 2012-06-19 05:39 156430 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 00:20 . 2009-07-14 01:41 613888 c:\windows\system32\psisdecd.dll
+ 2012-06-17 00:00 . 2011-08-17 05:26 613888 c:\windows\system32\psisdecd.dll
- 2009-07-14 02:36 . 2012-06-17 08:36 617222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-18 08:21 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-17 08:36 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-18 08:21 104496 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-06-17 08:31 274320 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-06-17 16:17 274320 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-06-18 08:15 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-17 02:03 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-16 22:58 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-18 08:15 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2010-11-21 03:23 . 2010-11-21 03:23 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\fsquirt.exe
+ 2012-06-17 20:24 . 2011-04-28 03:55 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthport.sys
+ 2009-07-14 05:31 . 2012-06-18 08:15 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-03-02 00:44 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-06-17 00:00 . 2012-04-28 03:55 210944 c:\windows\system32\drivers\rdpwd.sys
- 2012-06-16 23:51 . 2012-02-17 04:58 210944 c:\windows\system32\drivers\rdpwd.sys
+ 2009-07-14 04:46 . 2012-06-18 08:49 102608 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-06-17 01:19 102608 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-17 04:31 . 2012-06-19 05:45 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-17 04:31 . 2012-06-17 02:10 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-17 02:10 226304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-19 05:45 226304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-17 00:00 . 2012-01-04 03:34 486144 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2012-06-17 00:00 . 2012-01-04 02:51 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-06-17 00:00 . 2012-01-04 02:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-06-17 00:00 . 2012-01-04 02:50 996624 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
+ 2012-06-17 00:00 . 2011-08-17 05:28 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\ad7f43afb4f124acae4d503b40f591c1\WsatConfig.ni.exe
+ 2012-06-17 16:28 . 2012-06-17 16:28 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\bf634b0e2e28466c6ed6ae1eb602b09f\UIAutomationTypes.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\1ff8fb81d6f045f1dc6f50be95444292\UIAutomationProvider.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\1f36e020c3563e0ff414f13138e238e1\UIAutomationClient.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\de45d043775d8c805f6feca40d7a9ed2\System.Xml.Linq.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\76662ce36d2141e45513e64386073cc2\System.Web.RegularExpressions.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\ec95ad2463c5588fc8ef552b3f375ee6\System.Transactions.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\1875b50d0228f29aef00bed38ab594d6\System.Security.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\807759890a40e4047c35a24e64dc76d5\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\3b3581851a728bef36f319e9d4c72499\System.Net.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\599954438a668c94dd38e8e7e506ac2a\System.Management.Instrumentation.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fd51741bfd973ad507bbd141e98932f8\System.IO.Log.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ef6abe121bb11bff2514bfdfb7e76b7a\System.IdentityModel.Selectors.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.Wrapper.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\fbc02e9f5a14bb93082ebc88bc577413\System.Drawing.Design.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\4bb1134d9b166434327385ddf3c5dd54\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7c4ce1b8a2f83ef29aa6d5f126ab5b71\System.Data.Services.Design.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\19d1414f1ca718ce4d0c07e7305b3450\System.Data.DataSetExtensions.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a88ca70ab9641b8236149bc5dd8d1564\System.Configuration.Install.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\9536bb262c4f1ea389d287ab669767d4\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\84262138e2e9f34c88fd282caa82baa5\System.AddIn.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\176899be7b920fb20408ff49e636a776\System.AddIn.Contract.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\ee0608cd62dfb37016016884fc39e425\sysglobl.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\9fa1abf006689e262527ae50d452e97e\SMSvcHost.ni.exe
+ 2012-06-17 16:24 . 2012-06-17 16:24 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\2eac9c598de3341eba5c16787c74f220\SMDiagnostics.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\89de197bdde5984658045ade41c2c9b9\PresentationFramework.Classic.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7ffb91db770d0b09921f623bc5d68b4f\PresentationFramework.Luna.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4f3567165e2a444fc9a62980c4d0ea82\PresentationFramework.Aero.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\205bb33cef9ae6b906ceadd6f2861c86\PresentationFramework.Royale.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\5f0ae15f9d1cade37fbfaacff7e64bff\naphlpr.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\5346ceca518baf5e5fa3fed9f900f792\napcrypt.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\8f792883d0adad8c7beccf24aed65817\MSBuild.ni.exe
+ 2012-06-17 16:25 . 2012-06-17 16:25 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\b78beede8a3c9720095dde4a4a162acc\Microsoft.WSMan.Management.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\83222514e209f186ad3a1c3794168bfd\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\a843956bb452503139683304de4cc8f6\Microsoft.Vsa.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\c56d6513e4b239b1b1dbe29b0588321a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fb0d102ca78bd05fe7064b9e6be30fc7\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b21fa6ff448b99a97319e18c166c03e2\Microsoft.PowerShell.Security.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c3fe42a14ac5b48ebd43be290973d24\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2572e94f9d0b412cdc529c8d74fdb689\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f04ccbbf5199d2b264f1b1175be44686\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f015188310f7613f819fcf032f98705a\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6dbd502a13b5e3caae0b1f2b4847612f\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\514667153fd74307d21e7f50b79858c9\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18367b9a0b9e9261d1d9e371230af87c\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d68a27daca73749e4438a47e61643c3c\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\3151235c1c38db94fd44e3c6f290ff38\Microsoft.Build.Utilities.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\cf5e9b5d10682467a9e03358a6d6258f\Microsoft.Build.Framework.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0f233d0eb396065719e83ab573a72cc5\Microsoft.Build.Framework.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\2416af06edb993f98a751acb69f67016\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\2e54c0c284ab2337d24b5f5d26f457e1\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\74e4adc90675c3b1365825c7e78b5ce9\Mcx2Dvcs.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\4a1f9a648a3928d42b77a91666d9aa8a\mcupdate.ni.exe
+ 2012-06-17 16:25 . 2012-06-17 16:25 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\40d70417c04f9ccb5fdecb5b9be5a6a3\mcstoredb.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\3fc113fe40d0145cd87afca2d107bf6d\MCESidebarCtrl.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\584d419d4c837ea19f7f450a807b0273\ehRecObj.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\20c3505378a50f4859c9b2e7dcbb5fa2\ehiWUapi.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\2f9f48ad6496c9103043db1c21a651fd\ehiwmp.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0955237aa3c1cb3a643248b8c58ec34c\ehiUserXp.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\7998173654fa518876cc97e37b86d465\ehiiTv.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\6c97aa6908f96ac9816ce74e4f6251ac\ehiExtens.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\a501747a95523297a8a1f119df8b1642\ehiBmlDataCarousel.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\880c8b97f2b065a3bbe27b7c37581d17\ehiActivScp.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-06-17 16:24 . 2012-06-17 16:24 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\ff7ef4caed03d6934669d1a39877a8ac\ehCIR.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\b7916689137fd0bc9ba1ba5a27e2a38a\CustomMarshalers.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\cc6e6febcd804604bf4d92d0eb8ec6ae\ComSvcConfig.ni.exe
+ 2012-06-17 16:24 . 2012-06-17 16:24 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\d18719c2df1334364cac199bb9c86adf\BDATunePIA.ni.dll
+ 2012-06-17 16:29 . 2012-06-17 16:29 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe
+ 2012-06-17 16:23 . 2012-06-17 16:23 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a1af2376db8dcf5cdadafab194d50456\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\edcbc466e395c40ee2d392a4d494c9bf\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dbbb5914ff727ce0f6793177c4da31ba\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cb05569ddcd39a18ac403839a27bf1d6\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c8df61ef45033be31f9d57a2623737c6\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b32c6eee8819446922e7361da4e2b1c2\WindowsLive.Writer.Passport.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\94bff90fe0439bd2eb36c599fdec1d22\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\943578a1bfeadb1ef070d8bc0e3c8cb0\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8a20f1fbf78bd6277038de90aed8f1a6\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\751e7d3e260f45d34618aae46e5d7907\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\42706342d93622d22c9cbd771c14674c\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4133dc59625d48e28517803e52d19728\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\34294db1a618db93f0b5f35116cb6ea4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\22de15a453287a0c6c75cb39c8caaf8f\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c7ff2049cf2e247dcc9004b39fa9418\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c0de3ffd12530d16f06258d8a20f6b7\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4526d5801466d62d41b88c7d12ead444\WindowsLive.Client.ni.dll
+ 2012-06-17 16:29 . 2012-06-17 16:29 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\779b08c46960a1824503aa6f089673fa\UIAutomationClient.ni.dll
+ 2012-06-17 16:29 . 2012-06-17 16:29 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\2b129372a27469195acbe3b6b81786ef\System.Web.RegularExpressions.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\0b5f082230e3486412e0fa333290e85a\System.Net.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8280490a2939075b726fd051d9010cc0\System.Management.Instrumentation.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a03191ed937f6c1dc827b53d94ea0176\System.IO.Log.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55545e89f96539ef93375524d1145a6f\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e36e03067b12bc35fcc3787dc81022c8\System.Data.Services.Design.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a29fff52e2c3d13ec15e8701027ab17\System.Data.Entity.Design.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\1ed79278fe139272e868e3a53d736f22\sysglobl.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b0b19607668635281fa260707f4352f\SMSvcHost.ni.exe
+ 2012-06-17 16:23 . 2012-06-17 16:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae55e761d480fe15781156d1311a1837\PresentationFramework.Classic.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7df1f379457aa5f39183903d115b5479\PresentationFramework.Royale.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\496bc57a53989bb83ec58865fa34be1d\PresentationFramework.Luna.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\e0c40329b9cdd7f141a3702d79eb4bda\naphlpr.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe
+ 2012-06-17 16:23 . 2012-06-17 16:23 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\070505350ec9daa3343b3cd2bc8cf59e\Microsoft.WSMan.Management.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1e639225ba30d7f182b893ddacea506b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4c36b363fcd1ca494218e74ba606e99\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba2ca86f5d270f493501848843d2f227\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\607324a312b1c6d7fbede8300e8cee91\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f1185444c8a12ace85ba4c2d49f41f8\Microsoft.PowerShell.Security.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12715b7e3e89758161053520b57764b2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7e59b3b84ca3c61adfc0dc74a65ea177\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\432160eff3b1f9301c6a74c2e647e03d\Microsoft.Build.Engine.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8297305de86377d0070a983d99a7f943\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\541a5bb4d0f8490e506f885a4b435566\mcstoredb.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\5ae5c6732ef8e7115baaeb66fd69cdd2\ehRecObj.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\fbfc09fefc5a4d33f9a009f0157875f0\ehiVidCtl.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\cbf3a07d3ab873b19f47d6a24f06c796\ehiProxy.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\5cc4a5672758f4732ef430b3431f47fc\ehiExtens.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
+ 2012-06-17 16:23 . 2012-06-17 16:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe
+ 2012-06-17 16:23 . 2012-06-17 16:23 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\e1c3540ffb669448747187f76c6ebe82\BDATunePIA.ni.dll
- 2010-11-21 03:25 . 2010-11-21 03:25 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-17 00:00 . 2012-01-04 02:50 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2012-06-17 00:00 . 2011-08-17 05:28 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2012-06-16 23:59 . 2012-05-04 10:03 3913072 c:\windows\SysWOW64\ntoskrnl.exe
- 2012-06-17 00:00 . 2012-03-31 04:39 3913072 c:\windows\SysWOW64\ntoskrnl.exe
+ 2012-06-16 23:59 . 2012-05-04 10:03 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
- 2012-06-17 00:00 . 2012-03-31 04:39 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-06-16 23:59 . 2012-05-15 01:32 3146752 c:\windows\system32\win32k.sys
- 2009-07-14 02:34 . 2012-06-17 08:30 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-18 08:15 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 04:45 . 2012-06-18 08:18 7183440 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-17 08:34 7183440 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-17 02:10 . 2012-06-19 05:45 4190140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3303812641-218812398-3529835325-1001-8192.dat
- 2010-11-21 03:24 . 2010-11-21 03:24 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-06-17 00:00 . 2012-01-04 03:34 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-06-17 00:01 . 2012-01-04 03:34 9992464 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-06-17 00:00 . 2012-01-04 03:34 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-06-17 00:00 . 2012-01-04 03:34 1577232 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-06-17 00:00 . 2012-01-04 03:34 1756432 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-06-17 00:00 . 2012-01-04 02:51 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-06-17 00:00 . 2012-01-04 02:51 5925136 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2012-06-17 00:00 . 2012-01-04 02:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4bcc5a6e9e9d25e068fc304bd7eda6af\WindowsBase.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\783df1ee260d3df406fa80afa38502d4\UIAutomationClientsideProviders.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\aa638ba79250284eb4af4adaa4a4117b\System.Workflow.Runtime.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\996dc2af3b9e5c111130935f298908c6\System.Workflow.ComponentModel.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\178797db84abae2eeaed835bd28ca52c\System.Workflow.Activities.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\a32734087cd0db5607d5744ca63235d7\System.Web.Services.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\ca51f026916139f886519fdf6d6c73e9\System.Speech.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\56ee9b5f220583c1c7374a61ad904044\System.ServiceModel.Web.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\265531568722647aab229a2cec195b3d\System.Runtime.Serialization.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\2a02b172fa4cf3d93ce7388b67b2a199\System.Runtime.Remoting.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d1f21a29e79e73b5401fae156f339f67\System.IdentityModel.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\39d16229a3d5c6e7c1594ef10758bf75\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\152ef61928f1c300fdad8fa6d5905880\System.DirectoryServices.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6e4e9b07f376d445df1718c0011fa99b\System.Deployment.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\ea1848ec07c70f3d3c3445f4fbdae87a\System.Data.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\7f6f74f1cc0ea6c40a2d6707b12af818\System.Data.SqlXml.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0679fe5f3f9164f499e50cdade962ba3\System.Data.Services.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\2e9de1acfb7974cad94b747442ca325f\System.Data.Services.Client.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\97429a1c70c94c49850be3f944a32a2e\System.Data.OracleClient.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\2ec3d436b861d35c586b710a570e170d\System.Data.Linq.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7b5364bc524988f7ca5b8c20a24119d\System.Data.Entity.Design.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\766ce7ee1a2e4f2a85fd90e7572f5d53\System.Core.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\b91c32fab08ba62d8c7681cc596895be\PresentationUI.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\4fbff79b8ebf082d08c0080923ff5036\PresentationBuildTasks.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe
+ 2012-06-17 16:26 . 2012-06-17 16:26 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\28ba52bc122353647f1b547506e2df7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f5790625975320b1ffad63b476da9132\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c057be8bb6614cce013af3721fe34983\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\260d83ee2128a3388051cf416d4450b0\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\094f6a515ca31504f96b4bad5848d692\Microsoft.JScript.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f1a0df6a86ceb708c5e50338f12b77ba\Microsoft.Build.Engine.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6b727c7aa69ae3e04a869908bfbae696\Microsoft.Build.Engine.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\596902addad034f4df2caf291b12d61d\mcepg.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\dcabda0d241272e0e2f08eacbd15e0b1\ehiVidCtl.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0423915e377ec85d71ac216fafa77ab0\ehiProxy.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 2018304 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3a7a64c2489fd4c3d873cf0d3c12968\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa0072599bb7513650b115dcc5e13bf0\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43ca3ade936d2091ffc9a06f3ce7f73b\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
+ 2012-06-17 16:29 . 2012-06-17 16:29 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3b452cde57280624e1085699fe8beb03\UIAutomationClientsideProviders.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a8495b797e6f7adddc5811a4e1f97db5\System.Management.Automation.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e9774272e9fc6ca49e6c616a31783040\System.Data.SqlXml.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3285887b33030a7ce453573d3bed4e95\System.Data.Services.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\330d3ad45a00455b537047183e128def\System.Data.Services.Client.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0f4e07fb8b1b7e7133a98f478856f70c\System.Data.OracleClient.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b3f13707cbd5d48aabaa9ef5264c8a30\PresentationBuildTasks.ni.dll
+ 2012-06-17 16:28 . 2012-06-17 16:28 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe
+ 2012-06-17 16:28 . 2012-06-17 16:28 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cd9e47effec6549cdec61eb3aef99f7c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b66f52dbd8f87e53c3c9a1de7ca5bba\Microsoft.Build.Engine.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\69b8de21b08c3412422c5918399ed702\mcepg.ni.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-17 00:00 . 2012-01-04 02:51 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-17 00:00 . 2012-01-04 03:34 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-17 00:00 . 2012-01-04 02:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 17383424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\95f38e7485bbe2b73b6055c45196fedd\System.Web.ni.dll
+ 2012-06-17 16:24 . 2012-06-17 16:24 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\f74b2d1b8cf279ff6bfe479f79e70fe9\System.ServiceModel.ni.dll
+ 2012-06-17 16:26 . 2012-06-17 16:26 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\00c4a761d0a5cafc00f34d763fe76ac4\System.Management.Automation.ni.dll
+ 2012-06-17 16:21 . 2012-06-17 16:21 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\582144c0ee317038621aebc626187b56\System.Design.ni.dll
+ 2012-06-17 16:27 . 2012-06-17 16:27 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\daaff9fe9c85fc171d426a3cb6766dbb\System.Data.Entity.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-06-17 16:22 . 2012-06-17 16:22 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-06-17 16:20 . 2012-06-17 16:20 15570944 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll
+ 2012-06-17 16:25 . 2012-06-17 16:25 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-17 16:23 . 2012-06-17 16:23 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e5eb29b9cce30679c7cd5436314fe44\PresentationFramework.ni.dll
+ 2012-06-17 16:19 . 2012-06-17 16:19 12237312 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9f79e840d5317ef66a839e54eba19ad\PresentationCore.ni.dll
+ 2012-06-17 16:18 . 2012-06-17 16:18 11492864 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 17:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-19 00:48:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 05:48
ComboFix2.txt 2012-06-17 02:13
.
Pre-Run: 968,100,216,832 bytes free
Post-Run: 967,848,992,768 bytes free
.
- - End Of File - - 9A68197B088EC208A4615DAEBB7D8C23

Attached Files


Edited by jntkwx, 19 June 2012 - 08:08 AM.
Including logs in post (easier to read)


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:12 AM

Posted 19 June 2012 - 08:26 AM

TheXtreme1,

I don't see any malware in the Combofix log (in the future, please just copy and paste any logs asked for directly into your reply, it's easier to read).

After I ran ComboFix but before it made the log it resarted my computer and when it restarted I got the "Illegal operation attempted on a registry key that has been marked for deletion" but then I restarted it again and it fixed it. The log was made fine I belive since I didn't get the error untill I tried to open a program.

This is normal, and as you saw, it went away when you restarted.

Also I have no idea if there even is a problem but the fact that someone was in my home network makes me nervous so id rather be carefull. And speaking of the network thing my router is blocking hundreds of incoming TCP connection requests and a few outgoing ones, not sure if its related.

What do you mean by "someone was in my home network"? Also, how are you determining that your router is blocking hundreds of incoming TCP connections? Do you have a log file (if you do, please post it in your reply.)

And lastly I forgot to mention I noticed a cmd prompt box flashing on startup.

Do you continue to see a cmd prompt box flash on every startup?

Hi, recently ive noticed some problems with my internet and im looking for some help. At the end of URLs they have alot of extra stuff like a simple google search takes up 2-3 lines in a WordPad file and Netflix movies have like 3 other strings of code other than the movie id all in the URL. I doubt this is normal but I may have never noticed and I always used Chrome before not IE. Also the temp internet files have alot of things with just strings of letters and numbers and when I run a program rather than download it it has strings of stuff in the name aswell.This may have to do with the fact that someone may have hacked into our router but im not sure.


You didn't mention whether you still see extra stuff on the ends of URLs (I agree, this does sound odd). Are you still seeing these symptoms?


:step1: MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include:
  • Answers to my questions, asked above
  • MiniToolBox log
  • Malwarebytes log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 TheXtreme1

TheXtreme1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 June 2012 - 03:47 AM

There was an ip connected to my router not matching any of my families ips and some of the routers settings got changed to allow guests more access.

As for the connections there are just lots of these messages "Blocked incoming TCP connection request from 59.165.83.12:60796 to 65.28.42.153:23" or "Blocked incoming TCP connection request from 120.38.196.170:6000 to 65.28.42.153:1987" and so on. Usually with the same ips but there are about 5 or so main ips that keep poping up.

The cmd prompt has flashed at every startup except for the one when ComboFix gave me the error.

As for the URLs this could be one of those things where when you think there might be a problem everything looks like a problem but like even a simple google search seems way longer than it used to. Heres the url for when I type test in the search.
http://www.google.com/#hl=en&output=search&sclient=psy-ab&q=test&oq=test&aq=f&aqi=g4&aql=&gs_l=hp.3..0l4.1097.1495.0.1859.4.4.0.0.0.0.150.506.0j4.4.0.eish..0.0.lnebStqvAMQ&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=f7c601a3707eb252&biw=1440&bih=805

And the MiniToolBox Log

MiniToolBox by Farbar Version: 09-06-2012
Ran by E (administrator) on 20-06-2012 at 03:19:00
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Atheros 802.11 a/b/g/n Dualband Wireless Network Module = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset



popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : E-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wi.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : wi.rr.com
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 78-E7-D1-C4-7B-05
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::403a:5e87:f3b6:4cc7%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, June 20, 2012 3:16:59 AM
Lease Expires . . . . . . . . . . : Thursday, June 21, 2012 3:16:59 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 259581905
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-6A-CF-FD-78-E7-D1-C4-7B-05
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.wi.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wi.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8d9:36cc:bee3:d566(Preferred)
Link-local IPv6 Address . . . . . : fe80::8d9:36cc:bee3:d566%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4009:801::1001
74.125.225.103
74.125.225.104
74.125.225.105
74.125.225.110
74.125.225.96
74.125.225.97
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101
74.125.225.102


Pinging google.com [74.125.225.136] with 32 bytes of data:
Reply from 74.125.225.136: bytes=32 time=8ms TTL=51
Reply from 74.125.225.136: bytes=32 time=9ms TTL=51

Ping statistics for 74.125.225.136:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 9ms, Average = 8ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=30ms TTL=50
Reply from 209.191.122.70: bytes=32 time=31ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...78 e7 d1 c4 7b 05 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.199 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.199 266
192.168.0.199 255.255.255.255 On-link 192.168.0.199 266
192.168.0.255 255.255.255.255 On-link 192.168.0.199 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.199 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.199 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:8d9:36cc:bee3:d566/128
On-link
12 266 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::8d9:36cc:bee3:d566/128
On-link
12 266 fe80::403a:5e87:f3b6:4cc7/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
12 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/20/2012 03:18:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2012 00:54:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2012 00:48:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2012 06:44:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/18/2012 03:18:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2012 11:28:04 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/17/2012 11:28:04 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/17/2012 11:26:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/17/2012 11:26:56 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/17/2012 11:26:56 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (06/19/2012 00:46:52 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (06/19/2012 00:45:52 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2012 00:44:25 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/16/2012 09:11:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (06/16/2012 09:10:35 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/16/2012 09:10:17 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2012 09:09:19 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/17/2012 03:35:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).

Error: (06/17/2012 03:32:44 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (06/17/2012 03:30:44 AM) (Source: Service Control Manager) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (06/20/2012 03:18:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2012 00:54:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2012 00:48:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2012 06:44:30 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (06/18/2012 03:18:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2012 11:28:04 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2012 11:28:04 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2012 11:26:57 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2012 11:26:56 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2012 11:26:56 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0405.2205.37728)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
AMD VISION Engine Control Center (Version: 2012.0405.2205.37728)
Bing Bar (Version: 7.0.850.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
CCleaner (Version: 3.19)
EaseUS Partition Master 9.1.1 Home Edition
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 14.0.1468.721)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

========================= Devices: ================================

Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 8183.89 MB
Available physical RAM: 6650.04 MB
Total Pagefile: 16365.97 MB
Available Pagefile: 14521.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.22 GB) (Free:900.89 GB) NTFS

========================= Users: ========================================

User accounts for \\E-PC

Administrator E Guest


**** End of log ****












Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
E :: E-PC [administrator]

6/20/2012 3:21:43 AM
mbam-log-2012-06-20 (03-21-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286725
Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:12 AM

Posted 20 June 2012 - 09:32 PM

TheXtreme1,

There was an ip connected to my router not matching any of my families ips and some of the routers settings got changed to allow guests more access.


Have you since corrected this? I recommend reading and consider implementing some of the advice in The ABCs of Securing Your Wireless Network

As for the connections there are just lots of these messages "Blocked incoming TCP connection request from 59.165.83.12:60796 to 65.28.42.153:23" or "Blocked incoming TCP connection request from 120.38.196.170:6000 to 65.28.42.153:1987" and so on. Usually with the same ips but there are about 5 or so main ips that keep poping up.


Where does this pop up? Is this from within your router's control panel? Is this a D-Link router? Those IP addresses do look suspicious. I'll need to do some more research on these, and I'll get back to you with more information.

As for the URLs this could be one of those things where when you think there might be a problem everything looks like a problem but like even a simple google search seems way longer than it used to. Heres the url for when I type test in the search.
http://www.google.com/#hl=en&output=search&sclient=psy-ab&q=test&oq=test&aq=f&aqi=g4&aql=&gs_l=hp.3..0l4.1097.1495.0.1859.4.4.0.0.0.0.150.506.0j4.4.0.eish..0.0.lnebStqvAMQ&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=f7c601a3707eb252&biw=1440&bih=805


This actually appears normal. When I do a Google search, my URL is a similar length. If you noticed this change in URL length recently, it's likely due to Google changing the way searches work. So I don't think this is something to worry about.

 

You may still be infected (though your recent logs don't show that you are).

aswMBR

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When asked to update the definitions, click Yes.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


In your next reply, please include the aswMBR log, as well as a detail description of any remaining problems.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 TheXtreme1

TheXtreme1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 June 2012 - 10:52 PM

I totally reset the security of everything with the router and since then the ip hasnt come back.

And yes those ips are from from when I go into the control panel and I do have a D-Link router.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 22:35:48
-----------------------------
22:35:48.790 OS Version: Windows x64 6.1.7601 Service Pack 1
22:35:48.790 Number of processors: 4 586 0x403
22:35:48.790 ComputerName: E-PC UserName: E
22:35:49.920 Initialize success
22:35:54.510 AVAST engine defs: 12062001
22:36:00.370 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
22:36:00.380 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
22:36:00.440 Disk 0 MBR read successfully
22:36:00.440 Disk 0 MBR scan
22:36:00.450 Disk 0 Windows 7 default MBR code
22:36:00.490 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:36:00.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953572 MB offset 206848
22:36:00.630 Disk 0 scanning C:\Windows\system32\drivers
22:36:07.295 Service scanning
22:36:19.829 Modules scanning
22:36:19.833 Disk 0 trace - called modules:
22:36:19.844 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys
22:36:19.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b2c060]
22:36:20.172 3 CLASSPNP.SYS[fffff88001b7a43f] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8006aed8f0]
22:36:21.379 AVAST engine scan C:\Windows
22:36:24.290 AVAST engine scan C:\Windows\system32
22:37:53.522 AVAST engine scan C:\Windows\system32\drivers
22:37:59.477 AVAST engine scan C:\Users\E
22:39:24.076 AVAST engine scan C:\ProgramData
22:39:31.900 Scan finished successfully
22:47:27.601 Disk 0 MBR has been saved successfully to "C:\Users\E\Desktop\MBR.dat"
22:47:27.605 The log file has been saved successfully to "C:\Users\E\Desktop\aswMBR.txt"

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:12 AM

Posted 21 June 2012 - 01:10 PM

TheXtreme1,

What model D-Link router is it? After doing some Google searches, it appears it may be resolved by updating the router's firmware.

Do you notice anything else odd with your computer? (Your logs look clean.)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:12 AM

Posted 28 June 2012 - 11:42 AM

TheXtreme1,

It has been six days since my last post. Do you still need help?

If you do, please answer the questions I ask you previously. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:12 AM

Posted 30 June 2012 - 07:58 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users