Jump to content


Photo
- - - - -

SVCHost trojan or Alureon

hijack

  • This topic is locked This topic is locked
22 replies to this topic

#1 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 15 March 2012 - 07:14 PM

Hello, Microsoft Security Essentials indicatates I've got the Alureon Trojan. I've ran Malwarebytes and it says I've got a trojan SVChost. I can't seem to get them removed. I'd appreciate any help you can provide. Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by H at 16:53:45 on 2012-03-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4071 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
-netsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{22495898-5C40-4242-A868-481870BBACDD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 MpKslf8e589f0;MpKslf8e589f0;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys [2012-3-15 35664]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-2-3 1155072]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 UPnPService;UPnPService;C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-11-2 548864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-15 23:38:32 20480 ------w- C:\Windows\svchost.exe
2012-03-15 23:37:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\offreg.dll
2012-03-15 23:37:37 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys
2012-03-15 23:19:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\mpengine.dll
2012-03-15 02:08:59 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-02-15 06:16:08 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 06:16:08 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 06:16:05 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M ====================
.
2012-02-29 23:18:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-09 16:16:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-01-09 15:54:08 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-01-09 14:27:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 16:54:56.47 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2009 7:33:43 AM
System Uptime: 3/15/2012 4:37:10 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 242.898 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.368 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 412.799 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
ActionOutline Pro 3.0
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.4.7
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
Audible Download Manager
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Codec
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.6
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3/E4 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Default Manager
DirectX for Managed Code Update (Summer 2004)
DVD Shrink 3.2
DVDFab 6.0.2.2 (June 26, 2009)
EPSON CX9400 User's Guide
EPSON Scan
EPSON Stylus CX9400Fax Series Scanner Driver Update
Firebird SQL Server - MAGIX Edition
FixRedirectVirus
GEAR driver installer for x86 and x64
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
ImgBurn
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
LabelPrint
LightScribe System Software
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Magic Audio Recorder v7.4.0.11
MAGIX MP3 Maker 15 Download version 10.0.0.317 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Live Search Toolbar
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Photodex Presenter
PictureMover
Power2Go
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
Quicken 2006
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Segoe UI
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.15
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/15/2012 6:22:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/15/2012 4:39:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
3/15/2012 4:37:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/15/2012 4:36:30 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
3/15/2012 4:07:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 8:53:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 8:49:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 6:06:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 6:00:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 5:04:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/14/2012 3:21:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/11/2012 4:20:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.121.1330.0).
3/11/2012 4:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1319.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070643 Error description: Fatal error during installation.
.
==== End Of File ===========================

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 15 March 2012 - 07:49 PM

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Show all files:
  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 6
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & TDSSKILLER log & log from Bitdefender.
Use separate replies as needed if logs do not fit into one reply box.

Do NOT attach your logs. Always Copy & Paste

P.S. Do NOT do any websurfing or online transactions of any kind. Only go to this forum & sites I guide you to.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 15 March 2012 - 09:11 PM

Logfile of random's system information tool 1.09 (written by random/random)
Run by H at 2012-03-15 18:38:41
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 249 GB (42%) free of 596 GB
Total RAM: 6133 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:48 PM, on 3/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.h...DataManager.CAB
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10571 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 2392
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e96ceb24-497d-49a7-92d9-9de9531d263b -SystemEventPortName:HostProcess-9e33d973-a39b-4775-9662-24538968d305 -IoCancelEventPortName:HostProcess-77b0192e-bb45-4fd1-9223-bedb624162de -NonStateChangingEventPortName:HostProcess-70206ed7-5c71-4fe7-a8c0-5f97e1b5e304 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3e675d7b-beb4-4c8d-a480-d0e79cfecd6d
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
taskeng.exe {8C12CB59-0C1B-48A9-BEF4-9EDF553EA6D6}
-netsvcs
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {24E8912B-5B18-4699-8A1C-0D5B7081D73E}
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Zune\ZuneLauncher.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe" /Startup
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE" -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
C:\Windows\system32\sdclt.exe /DETECTFAILURE
C:\Windows\system32\svchost.exe -k SDRSVC
splwow64
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe16_ Global\UsGthrCtrlFltPipeMssGthrPipe16 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
"C:\Users\H\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDRScheduledMaintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"=C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [2009-02-06 172032]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 154648]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 227352]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 202264]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-03-05 915512]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"HPADVISOR"=c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-04-03 1644088]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"UpdateP2GoShortCut"=c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdateLBPShortCut"=c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePDIRShortCut"=c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePSTShortCut"=c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]
"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-04-09 185640]
"DVDAgent"=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-19 1148200]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Microsoft Default Manager"=c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-11-12 141600]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2012-01-13 1081416]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Audible Download Manager.lnk - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 230400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-03-15 18:38:41 ----D---- C:\rsit
2012-03-15 18:38:41 ----D---- C:\Program Files\trend micro
2012-03-15 18:33:27 ----D---- C:\Program Files (x86)\ERUNT
2012-03-15 16:38:32 ----N---- C:\Windows\svchost.exe
2012-03-14 19:08:59 ----D---- C:\Windows\Microsoft Antimalware
2012-03-14 03:03:00 ----A---- C:\Windows\system32\MRT.INI
2012-03-13 22:22:24 ----A---- C:\Windows\system32\win32k.sys
2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2012-03-13 22:22:23 ----A---- C:\Windows\system32\DWrite.dll
2012-03-13 22:22:23 ----A---- C:\Windows\system32\d3d10warp.dll
2012-03-13 22:22:23 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-03-13 22:22:22 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2012-03-13 22:22:22 ----A---- C:\Windows\system32\d3d10_1.dll
2012-03-13 22:22:22 ----A---- C:\Windows\system32\d2d1.dll
2012-03-13 22:22:21 ----A---- C:\Windows\system32\rdpencom.dll
2012-03-13 22:22:20 ----A---- C:\Windows\SYSWOW64\rdpencom.dll
2012-03-13 22:22:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-02-29 16:18:10 ----D---- C:\Windows\system32\Macromed

======List of files/folders modified in the last 1 month======

2012-03-15 18:38:41 ----RD---- C:\Program Files
2012-03-15 18:38:10 ----D---- C:\Windows\temp
2012-03-15 18:35:10 ----D---- C:\Windows\ERDNT
2012-03-15 18:33:27 ----RD---- C:\Program Files (x86)
2012-03-15 18:07:50 ----D---- C:\Windows\System32
2012-03-15 18:07:50 ----D---- C:\Windows\inf
2012-03-15 18:07:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-15 18:07:15 ----D---- C:\Windows\Prefetch
2012-03-15 16:38:32 ----D---- C:\Windows
2012-03-15 16:19:26 ----SHD---- C:\System Volume Information
2012-03-15 16:09:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-15 16:09:38 ----D---- C:\Windows\system32\drivers
2012-03-14 17:46:09 ----SD---- C:\ProgramData\Microsoft
2012-03-14 03:31:06 ----D---- C:\Windows\winsxs
2012-03-14 03:25:23 ----D---- C:\Windows\Microsoft.NET
2012-03-14 03:21:00 ----D---- C:\Windows\system32\catroot
2012-03-14 03:18:37 ----D---- C:\Windows\SysWOW64
2012-03-14 03:18:36 ----D---- C:\Program Files\Windows Mail
2012-03-14 03:18:36 ----D---- C:\Program Files (x86)\Windows Mail
2012-03-14 03:00:51 ----A---- C:\Windows\system32\mrt.exe
2012-03-13 22:22:10 ----D---- C:\Windows\system32\catroot2
2012-03-13 17:28:28 ----D---- C:\Users\H\AppData\Roaming\Amazon
2012-03-13 03:17:34 ----RSD---- C:\Windows\assembly
2012-03-13 03:07:06 ----SHD---- C:\Windows\Installer
2012-02-18 15:16:13 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-02-18 15:09:46 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2008-12-04 407064]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 MpKslf8e589f0;MpKslf8e589f0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys [2012-03-15 35664]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-09-18 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-01-20 1254400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2010-02-04 34152]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-02-26 10276352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-02-11 1708192]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2011-06-26 575488]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-07-15 82816]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2009-01-20 195584]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 112128]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 172544]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-20 58496]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-20 48768]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-20 61568]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-09 5120]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2009-08-28 49152]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-10 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704]
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 36864]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2008-08-26 16896]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 660256]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2008-12-08 242424]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-07-04 68096]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 UPnPService;UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2012-03-15 18:38:49

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\4 Elements\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Farm Mania\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ActionOutline Pro 3.0-->"C:\Program Files (x86)\ActionOutline\unins000.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe -maintain plugin
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.4.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Agere Systems PCI-SV92EX Soft Modem-->C:\Windows\agrsmdel
Amazon MP3 Downloader 1.0.12-->C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{9EFC40E3-5F31-4F75-8445-286273F74D8E}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files (x86)\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}\setup.exe" -l0x9
ArcSoft Print Creations-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Audible Download Manager-->C:\Program Files (x86)\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Belkin 54Mbps Wireless Network Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon iP4800 series Printer Driver-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series /L0x0009
Canon MOV Decoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Codec-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\RAWCodec170\CRCUnInstall.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.6-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3/E4 Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Default Manager-->MsiExec.exe /I{AE469025-08BA-4B2A-915D-CC7765132419}
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
DVDFab 6.0.2.2 (June 26, 2009)-->"C:\Program Files (x86)\DVDFab 6\unins000.exe"
EPSON CX9400 User's Guide-->C:\Program Files (x86)\epson\guide\cx9400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\x64\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EPSON Stylus CX9400Fax Series Scanner Driver Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}
FixRedirectVirus-->"C:\Program Files (x86)\FixRedirectVirus\uninstall.exe" "/U:C:\Program Files (x86)\FixRedirectVirus\Uninstall\uninstall.xml"
GEAR driver installer for x86 and x64-->MsiExec.exe /I{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files (x86)\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP MediaSmart Demo-->"C:\ProgramData\Hewlett-Packard\HP MediaSmart Demo\unins000.exe"
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart SmartMenu-->MsiExec.exe /I{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Remote Software-->MsiExec.exe /X{5F240DB8-0D74-4F13-86C3-929760392A8D}
HP Total Care Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{C9C243B9-03BD-44BA-A592-AB09630AE2D2}
Java™ 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Magic Audio Recorder v7.4.0.11-->"C:\Program Files (x86)\Magic Audio Recorder\unins000.exe"
MAGIX MP3 Maker 15 Download version 10.0.0.317 (UK)-->C:\Program Files (x86)\MAGIX\MP3_Maker_15_Download_version\unwise.exe
MAGIX Screenshare 4.3.6.1987 (UK)-->C:\Program Files (x86)\MAGIX\PCVisit\unwise.exe
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Live Search Toolbar-->c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall
Microsoft Live Search Toolbar-->MsiExec.exe /X{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729-->MsiExec.exe /X{4FFA2088-8317-3B14-93CD-4C699DB37843}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetupx64.dll,DoNTUninst
Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\remove.exe
PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.6 pywin32-212-->"C:\program files (x86)\Python\Removepywin32.exe" -u "C:\program files (x86)\Python\pywin32-wininst.log"
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
TomTom HOME 2.8.2.2264-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Veetle TV 0.9.15-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Mobile Device Updater Component-->MsiExec.exe /X{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}
Zune Language Pack (CHS)-->MsiExec.exe /X{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}
Zune Language Pack (CHT)-->MsiExec.exe /X{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}
Zune Language Pack (CSY)-->MsiExec.exe /X{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}
Zune Language Pack (DAN)-->MsiExec.exe /X{8B112338-2B08-4851-AF84-E7CAD74CEB32}
Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}
Zune Language Pack (ELL)-->MsiExec.exe /X{3589A659-F732-4E65-A89A-5438C332E59D}
Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10}
Zune Language Pack (FIN)-->MsiExec.exe /X{B4870774-5F3A-46D9-9DFE-06FB5599E26B}
Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}
Zune Language Pack (HUN)-->MsiExec.exe /X{C6BE19C6-B102-4038-B2A6-1C313872DBB4}
Zune Language Pack (IND)-->MsiExec.exe /X{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}
Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA}
Zune Language Pack (JPN)-->MsiExec.exe /X{D8A781C9-3892-4E2E-9320-480CF896CFBB}
Zune Language Pack (KOR)-->MsiExec.exe /X{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}
Zune Language Pack (MSL)-->MsiExec.exe /X{76BA306B-2AA0-47C0-AB6B-F313AB56C136}
Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2}
Zune Language Pack (NOR)-->MsiExec.exe /X{5DEFD397-4012-46C3-B6DA-E8013E660772}
Zune Language Pack (PLK)-->MsiExec.exe /X{8960A0A1-BB5A-479E-92CF-65AB9D684B43}
Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9}
Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4}
Zune Language Pack (RUS)-->MsiExec.exe /X{57C51D56-B287-4C11-9192-EC3C46EF76A4}
Zune Language Pack (SVE)-->MsiExec.exe /X{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: H-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2505189(Update) is not applicable for this system
Record Number: 173034
Source Name: Microsoft-Windows-Servicing
Time Written: 20110324100109.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: H-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system
Record Number: 172914
Source Name: Microsoft-Windows-Servicing
Time Written: 20110324100025.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: H-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system
Record Number: 172913
Source Name: Microsoft-Windows-Servicing
Time Written: 20110324100025.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: H-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system
Record Number: 172907
Source Name: Microsoft-Windows-Servicing
Time Written: 20110324100025.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: H-PC
Event Code: 10010
Message: The server {738F20C7-539E-4A7D-AE00-D6803513A4BB} did not register with DCOM within the required timeout.
Record Number: 172789
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20110324012658.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: H-PC
Event Code: 400
Message: Timestamp: 09/11/2009 19:24:38.634;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [2108];
Message: Unhandled Exception: System.Runtime.InteropServices.COMException (0x88980406): Exception from HRESULT: 0x88980406
at System.Windows.Media.Composition.DUCE.Channel.SyncFlush()
at System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)
at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget, Nullable`1 channelSet)
at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget)
at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr lParam)
at System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler);
EventId: 400;
Severity: Critical;
Machine: H-PC;
Application Domain: HPAdvisor.exe;
Process Id: 2104;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:
Record Number: 4896
Source Name: HP Advisor
Time Written: 20090912022438.000000-000
Event Type: Error
User:

Computer Name: H-PC
Event Code: 400
Message: Timestamp: 09/11/2009 05:30:08.995;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [2108];
Message: System.NullReferenceException: Object reference not set to an instance of an object.
at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type)
at HPAdvisor.MainFrame.Business.SearchManager.Initialize();
EventId: 400;
Severity: Critical;
Machine: H-PC;
Application Domain: HPAdvisor.exe;
Process Id: 2104;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:
Record Number: 4881
Source Name: HP Advisor
Time Written: 20090911123009.000000-000
Event Type: Error
User:

Computer Name: H-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 4880
Source Name: Microsoft-Windows-WMI
Time Written: 20090911123003.000000-000
Event Type: Error
User:

Computer Name: H-PC
Event Code: 400
Message: Timestamp: 09/10/2009 06:40:41.149;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [3864];
Message: System.NullReferenceException: Object reference not set to an instance of an object.
at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type)
at HPAdvisor.MainFrame.Business.SearchManager.Initialize();
EventId: 400;
Severity: Critical;
Machine: H-PC;
Application Domain: HPAdvisor.exe;
Process Id: 3860;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:
Record Number: 4841
Source Name: HP Advisor
Time Written: 20090910134041.000000-000
Event Type: Error
User:

Computer Name: H-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 4840
Source Name: Microsoft-Windows-WMI
Time Written: 20090910134028.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: H-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e927c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 163478
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111012124150.626515-000
Event Type: Audit Success
User:

Computer Name: H-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e927c
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: KIM2-PC
Source Network Address: fe80::6c65:f46:3750:5399
Source Port: 53567

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 163477
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111012124150.610915-000
Event Type: Audit Success
User:

Computer Name: H-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e926c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 163476
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111012124150.423715-000
Event Type: Audit Success
User:

Computer Name: H-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e926c
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: KIM2-PC
Source Network Address: fe80::6c65:f46:3750:5399
Source Port: 53566

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 163475
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111012124150.423715-000
Event Type: Audit Success
User:

Computer Name: H-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7de367

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 163474
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111012121002.699715-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Python;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Pavilion
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

#4 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 15 March 2012 - 09:13 PM

Results of screen317's Security Check version 0.99.31
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
FixRedirectVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 21
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

18:52:46.0914 4460 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:52:47.0284 4460 ============================================================
18:52:47.0284 4460 Current date / time: 2012/03/15 18:52:47.0284
18:52:47.0284 4460 SystemInfo:
18:52:47.0284 4460
18:52:47.0284 4460 OS Version: 6.0.6002 ServicePack: 2.0
18:52:47.0284 4460 Product type: Workstation
18:52:47.0284 4460 ComputerName: H-PC
18:52:47.0284 4460 UserName: H
18:52:47.0284 4460 Windows directory: C:\Windows
18:52:47.0284 4460 System windows directory: C:\Windows
18:52:47.0284 4460 Running under WOW64
18:52:47.0284 4460 Processor architecture: Intel x64
18:52:47.0284 4460 Number of processors: 2
18:52:47.0284 4460 Page size: 0x1000
18:52:47.0284 4460 Boot type: Normal boot
18:52:47.0284 4460 ============================================================
18:52:53.0745 4460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:53.0752 4460 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:53.0788 4460 \Device\Harddisk0\DR0:
18:52:53.0788 4460 MBR used
18:52:53.0788 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CFDEC9
18:52:53.0788 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48CFDF08, BlocksNum 0x1B58FB9
18:52:53.0788 4460 \Device\Harddisk1\DR1:
18:52:53.0788 4460 MBR used
18:52:53.0788 4460 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:52:54.0092 4460 Initialize success
18:52:54.0092 4460 ============================================================
18:52:56.0022 4568 ============================================================
18:52:56.0022 4568 Scan started
18:52:56.0022 4568 Mode: Manual;
18:52:56.0022 4568 ============================================================
18:52:56.0753 4568 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
18:52:56.0755 4568 61883 - ok
18:52:56.0806 4568 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:52:56.0811 4568 ACPI - ok
18:52:56.0942 4568 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:52:56.0986 4568 adp94xx - ok
18:52:57.0083 4568 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:52:57.0090 4568 adpahci - ok
18:52:57.0170 4568 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:52:57.0173 4568 adpu160m - ok
18:52:57.0196 4568 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:52:57.0200 4568 adpu320 - ok
18:52:57.0265 4568 Aeleadr - ok
18:52:57.0281 4568 Afc - ok
18:52:57.0369 4568 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:52:57.0375 4568 AFD - ok
18:52:57.0505 4568 AgereSoftModem (1cd4b03012d62962274e1c9eb8670a10) C:\Windows\system32\DRIVERS\agrsm64.sys
18:52:57.0525 4568 AgereSoftModem - ok
18:52:57.0617 4568 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:52:57.0619 4568 agp440 - ok
18:52:57.0677 4568 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:52:57.0680 4568 aic78xx - ok
18:52:57.0732 4568 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:52:57.0734 4568 aliide - ok
18:52:57.0781 4568 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:52:57.0783 4568 amdide - ok
18:52:57.0847 4568 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:52:57.0849 4568 AmdK8 - ok
18:52:57.0913 4568 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:52:57.0915 4568 arc - ok
18:52:57.0933 4568 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:52:57.0935 4568 arcsas - ok
18:52:57.0994 4568 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:57.0995 4568 AsyncMac - ok
18:52:58.0038 4568 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
18:52:58.0040 4568 atapi - ok
18:52:58.0112 4568 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
18:52:58.0114 4568 Avc - ok
18:52:58.0126 4568 Beep - ok
18:52:58.0209 4568 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:52:58.0210 4568 blbdrive - ok
18:52:58.0257 4568 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:52:58.0259 4568 bowser - ok
18:52:58.0306 4568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:52:58.0327 4568 BrFiltLo - ok
18:52:58.0351 4568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:52:58.0352 4568 BrFiltUp - ok
18:52:58.0379 4568 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:52:58.0382 4568 Brserid - ok
18:52:58.0416 4568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:52:58.0418 4568 BrSerWdm - ok
18:52:58.0456 4568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:52:58.0458 4568 BrUsbMdm - ok
18:52:58.0471 4568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:52:58.0473 4568 BrUsbSer - ok
18:52:58.0502 4568 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:52:58.0504 4568 BTHMODEM - ok
18:52:58.0512 4568 catchme - ok
18:52:58.0526 4568 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:52:58.0528 4568 cdfs - ok
18:52:58.0564 4568 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:52:58.0566 4568 cdrom - ok
18:52:58.0592 4568 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
18:52:58.0594 4568 circlass - ok
18:52:58.0635 4568 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:52:58.0641 4568 CLFS - ok
18:52:58.0685 4568 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:52:58.0687 4568 cmdide - ok
18:52:58.0707 4568 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
18:52:58.0708 4568 Compbatt - ok
18:52:58.0722 4568 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:52:58.0724 4568 crcdisk - ok
18:52:58.0769 4568 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:52:58.0772 4568 DfsC - ok
18:52:58.0793 4568 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:52:58.0796 4568 disk - ok
18:52:58.0839 4568 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:52:58.0840 4568 drmkaud - ok
18:52:58.0885 4568 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:52:58.0899 4568 DXGKrnl - ok
18:52:58.0920 4568 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:52:58.0924 4568 E1G60 - ok
18:52:58.0966 4568 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:52:58.0969 4568 Ecache - ok
18:52:59.0007 4568 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:52:59.0015 4568 elxstor - ok
18:52:59.0053 4568 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:52:59.0055 4568 ErrDev - ok
18:52:59.0106 4568 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:52:59.0111 4568 exfat - ok
18:52:59.0161 4568 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:52:59.0165 4568 fastfat - ok
18:52:59.0204 4568 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:52:59.0206 4568 fdc - ok
18:52:59.0223 4568 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:52:59.0226 4568 FileInfo - ok
18:52:59.0258 4568 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:52:59.0259 4568 Filetrace - ok
18:52:59.0307 4568 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:52:59.0308 4568 flpydisk - ok
18:52:59.0355 4568 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:52:59.0361 4568 FltMgr - ok
18:52:59.0393 4568 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:52:59.0395 4568 Fs_Rec - ok
18:52:59.0424 4568 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:52:59.0426 4568 gagp30kx - ok
18:52:59.0473 4568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:52:59.0475 4568 GEARAspiWDM - ok
18:52:59.0543 4568 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:52:59.0559 4568 HDAudBus - ok
18:52:59.0588 4568 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:52:59.0589 4568 HidBth - ok
18:52:59.0608 4568 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
18:52:59.0610 4568 HidIr - ok
18:52:59.0654 4568 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
18:52:59.0655 4568 HidUsb - ok
18:52:59.0706 4568 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:52:59.0708 4568 HpCISSs - ok
18:52:59.0755 4568 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:52:59.0765 4568 HTTP - ok
18:52:59.0775 4568 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:52:59.0776 4568 i2omp - ok
18:52:59.0793 4568 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:52:59.0795 4568 i8042prt - ok
18:52:59.0847 4568 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
18:52:59.0851 4568 iaStor - ok
18:52:59.0880 4568 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:52:59.0886 4568 iaStorV - ok
18:53:00.0125 4568 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:53:00.0219 4568 igfx - ok
18:53:00.0252 4568 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:53:00.0253 4568 iirsp - ok
18:53:00.0364 4568 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
18:53:00.0389 4568 IntcAzAudAddService - ok
18:53:00.0416 4568 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:53:00.0417 4568 intelide - ok
18:53:00.0459 4568 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:53:00.0459 4568 intelppm - ok
18:53:00.0495 4568 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:00.0497 4568 IpFilterDriver - ok
18:53:00.0518 4568 IpInIp - ok
18:53:00.0554 4568 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:53:00.0556 4568 IPMIDRV - ok
18:53:00.0579 4568 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:53:00.0582 4568 IPNAT - ok
18:53:00.0634 4568 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:53:00.0636 4568 IRENUM - ok
18:53:00.0665 4568 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:53:00.0666 4568 isapnp - ok
18:53:00.0701 4568 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:53:00.0705 4568 iScsiPrt - ok
18:53:00.0731 4568 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:53:00.0733 4568 iteatapi - ok
18:53:00.0768 4568 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:53:00.0769 4568 iteraid - ok
18:53:00.0779 4568 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:00.0781 4568 kbdclass - ok
18:53:00.0796 4568 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:00.0797 4568 kbdhid - ok
18:53:00.0844 4568 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
18:53:00.0853 4568 KSecDD - ok
18:53:00.0867 4568 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:53:00.0868 4568 ksthunk - ok
18:53:00.0906 4568 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:53:00.0908 4568 lltdio - ok
18:53:00.0954 4568 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:53:00.0957 4568 LSI_FC - ok
18:53:00.0999 4568 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:53:01.0001 4568 LSI_SAS - ok
18:53:01.0039 4568 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:53:01.0042 4568 LSI_SCSI - ok
18:53:01.0068 4568 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:53:01.0070 4568 luafv - ok
18:53:01.0096 4568 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:53:01.0098 4568 megasas - ok
18:53:01.0137 4568 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:53:01.0145 4568 MegaSR - ok
18:53:01.0165 4568 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:53:01.0166 4568 Modem - ok
18:53:01.0198 4568 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:53:01.0199 4568 monitor - ok
18:53:01.0231 4568 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:53:01.0233 4568 mouclass - ok
18:53:01.0252 4568 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:53:01.0254 4568 mouhid - ok
18:53:01.0272 4568 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:53:01.0275 4568 MountMgr - ok
18:53:01.0299 4568 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:53:01.0303 4568 MpFilter - ok
18:53:01.0333 4568 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:53:01.0336 4568 mpio - ok
18:53:01.0430 4568 MpKslf8e589f0 (0ebb390b7aeec45ec061d9870a34fd42) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys
18:53:01.0431 4568 MpKslf8e589f0 - ok
18:53:01.0482 4568 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:53:01.0483 4568 MpNWMon - ok
18:53:01.0497 4568 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:53:01.0499 4568 mpsdrv - ok
18:53:01.0517 4568 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:53:01.0519 4568 Mraid35x - ok
18:53:01.0559 4568 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:53:01.0562 4568 MRxDAV - ok
18:53:01.0596 4568 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:01.0599 4568 mrxsmb - ok
18:53:01.0632 4568 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:01.0637 4568 mrxsmb10 - ok
18:53:01.0654 4568 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:01.0657 4568 mrxsmb20 - ok
18:53:01.0675 4568 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:53:01.0677 4568 msahci - ok
18:53:01.0695 4568 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:53:01.0698 4568 msdsm - ok
18:53:01.0741 4568 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
18:53:01.0743 4568 MSDV - ok
18:53:01.0760 4568 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:53:01.0761 4568 Msfs - ok
18:53:01.0793 4568 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:53:01.0794 4568 msisadrv - ok
18:53:01.0828 4568 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:53:01.0830 4568 MSKSSRV - ok
18:53:01.0851 4568 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:01.0853 4568 MSPCLOCK - ok
18:53:01.0867 4568 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:53:01.0868 4568 MSPQM - ok
18:53:01.0902 4568 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:53:01.0909 4568 MsRPC - ok
18:53:01.0927 4568 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:53:01.0928 4568 mssmbios - ok
18:53:01.0936 4568 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:53:01.0938 4568 MSTEE - ok
18:53:01.0950 4568 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:53:01.0952 4568 Mup - ok
18:53:02.0003 4568 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:53:02.0007 4568 NativeWifiP - ok
18:53:02.0069 4568 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:53:02.0080 4568 NDIS - ok
18:53:02.0118 4568 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:02.0119 4568 NdisTapi - ok
18:53:02.0133 4568 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:02.0135 4568 Ndisuio - ok
18:53:02.0154 4568 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:02.0158 4568 NdisWan - ok
18:53:02.0175 4568 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:53:02.0177 4568 NDProxy - ok
18:53:02.0194 4568 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:53:02.0203 4568 NetBIOS - ok
18:53:02.0263 4568 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:53:02.0268 4568 netbt - ok
18:53:02.0362 4568 netr7364 (118e9136b5b48dd5b2cc81f78431a69e) C:\Windows\system32\DRIVERS\netr7364.sys
18:53:02.0375 4568 netr7364 - ok
18:53:02.0401 4568 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:53:02.0403 4568 nfrd960 - ok
18:53:02.0437 4568 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:53:02.0440 4568 NisDrv - ok
18:53:02.0511 4568 nmwcdcx64 (216bdf8b1017bb52692c9ee3c1e50597) C:\Windows\system32\drivers\ccdcmbox64.sys
18:53:02.0512 4568 nmwcdcx64 - ok
18:53:02.0532 4568 nmwcdx64 (c9773ef9cbf2877725a45f07396d5da6) C:\Windows\system32\drivers\ccdcmbx64.sys
18:53:02.0534 4568 nmwcdx64 - ok
18:53:02.0560 4568 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:53:02.0561 4568 Npfs - ok
18:53:02.0584 4568 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:53:02.0585 4568 nsiproxy - ok
18:53:02.0650 4568 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:53:02.0674 4568 Ntfs - ok
18:53:02.0689 4568 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:53:02.0690 4568 Null - ok
18:53:02.0711 4568 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:53:02.0714 4568 nvraid - ok
18:53:02.0737 4568 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:53:02.0740 4568 nvstor - ok
18:53:02.0761 4568 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:53:02.0764 4568 nv_agp - ok
18:53:02.0772 4568 NwlnkFlt - ok
18:53:02.0783 4568 NwlnkFwd - ok
18:53:02.0825 4568 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:53:02.0827 4568 ohci1394 - ok
18:53:02.0861 4568 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:53:02.0863 4568 Parport - ok
18:53:02.0896 4568 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:53:02.0899 4568 partmgr - ok
18:53:02.0917 4568 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:53:02.0922 4568 pci - ok
18:53:02.0940 4568 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
18:53:02.0942 4568 pciide - ok
18:53:02.0964 4568 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:53:02.0968 4568 pcmcia - ok
18:53:03.0009 4568 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
18:53:03.0011 4568 pcouffin - ok
18:53:03.0043 4568 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:53:03.0055 4568 PEAUTH - ok
18:53:03.0124 4568 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:53:03.0126 4568 PptpMiniport - ok
18:53:03.0150 4568 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:53:03.0152 4568 Processor - ok
18:53:03.0201 4568 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:53:03.0203 4568 PSched - ok
18:53:03.0260 4568 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:53:03.0280 4568 ql2300 - ok
18:53:03.0306 4568 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:53:03.0310 4568 ql40xx - ok
18:53:03.0330 4568 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:53:03.0331 4568 QWAVEdrv - ok
18:53:03.0350 4568 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:53:03.0351 4568 RasAcd - ok
18:53:03.0366 4568 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:03.0371 4568 Rasl2tp - ok
18:53:03.0404 4568 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:03.0405 4568 RasPppoe - ok
18:53:03.0441 4568 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:53:03.0443 4568 RasSstp - ok
18:53:03.0503 4568 rcmirror (1254bd851e51e0e771b0fa2cf926e75e) C:\Windows\system32\DRIVERS\rcmirror.sys
18:53:03.0505 4568 rcmirror - ok
18:53:03.0540 4568 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:53:03.0545 4568 rdbss - ok
18:53:03.0568 4568 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:03.0569 4568 RDPCDD - ok
18:53:03.0593 4568 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:53:03.0600 4568 rdpdr - ok
18:53:03.0608 4568 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:53:03.0609 4568 RDPENCDD - ok
18:53:03.0655 4568 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
18:53:03.0658 4568 RDPWD - ok
18:53:03.0697 4568 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:53:03.0699 4568 rspndr - ok
18:53:03.0749 4568 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:53:03.0753 4568 RTL8169 - ok
18:53:03.0780 4568 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:53:03.0783 4568 sbp2port - ok
18:53:03.0816 4568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:53:03.0817 4568 secdrv - ok
18:53:03.0844 4568 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:53:03.0845 4568 Serenum - ok
18:53:03.0870 4568 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:53:03.0873 4568 Serial - ok
18:53:03.0892 4568 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:53:03.0894 4568 sermouse - ok
18:53:03.0933 4568 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:53:03.0935 4568 sffdisk - ok
18:53:03.0958 4568 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:53:03.0959 4568 sffp_mmc - ok
18:53:03.0980 4568 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:53:03.0982 4568 sffp_sd - ok
18:53:03.0993 4568 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:53:03.0994 4568 sfloppy - ok
18:53:04.0020 4568 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:53:04.0022 4568 SiSRaid2 - ok
18:53:04.0041 4568 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:53:04.0043 4568 SiSRaid4 - ok
18:53:04.0079 4568 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:53:04.0081 4568 Smb - ok
18:53:04.0123 4568 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:53:04.0125 4568 spldr - ok
18:53:04.0174 4568 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:53:04.0184 4568 srv - ok
18:53:04.0224 4568 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:53:04.0228 4568 srv2 - ok
18:53:04.0261 4568 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:53:04.0264 4568 srvnet - ok
18:53:04.0299 4568 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:53:04.0300 4568 swenum - ok
18:53:04.0321 4568 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:53:04.0323 4568 Symc8xx - ok
18:53:04.0339 4568 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:53:04.0341 4568 Sym_hi - ok
18:53:04.0356 4568 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:53:04.0358 4568 Sym_u3 - ok
18:53:04.0441 4568 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
18:53:04.0463 4568 Tcpip - ok
18:53:04.0492 4568 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
18:53:04.0506 4568 Tcpip6 - ok
18:53:04.0521 4568 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
18:53:04.0523 4568 tcpipreg - ok
18:53:04.0544 4568 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:53:04.0546 4568 TDPIPE - ok
18:53:04.0577 4568 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:53:04.0579 4568 TDTCP - ok
18:53:04.0623 4568 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:53:04.0625 4568 tdx - ok
18:53:04.0663 4568 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:53:04.0664 4568 TermDD - ok
18:53:04.0738 4568 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:04.0739 4568 tssecsrv - ok
18:53:04.0747 4568 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:53:04.0749 4568 tunmp - ok
18:53:04.0776 4568 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:53:04.0777 4568 tunnel - ok
18:53:04.0806 4568 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:53:04.0808 4568 uagp35 - ok
18:53:04.0839 4568 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:53:04.0844 4568 udfs - ok
18:53:04.0878 4568 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:53:04.0880 4568 uliagpkx - ok
18:53:04.0918 4568 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:53:04.0923 4568 uliahci - ok
18:53:04.0965 4568 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:53:04.0968 4568 UlSata - ok
18:53:04.0996 4568 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:53:04.0999 4568 ulsata2 - ok
18:53:05.0020 4568 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:53:05.0021 4568 umbus - ok
18:53:05.0075 4568 upperdev (f49988fbf59413b974b1380d6f743ebc) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:53:05.0076 4568 upperdev - ok
18:53:05.0125 4568 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
18:53:05.0127 4568 USBAAPL64 - ok
18:53:05.0171 4568 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:05.0173 4568 usbccgp - ok
18:53:05.0204 4568 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:53:05.0206 4568 usbcir - ok
18:53:05.0254 4568 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:53:05.0255 4568 usbehci - ok
18:53:05.0288 4568 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:53:05.0293 4568 usbhub - ok
18:53:05.0311 4568 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:53:05.0313 4568 usbohci - ok
18:53:05.0345 4568 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:53:05.0347 4568 usbprint - ok
18:53:05.0365 4568 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:53:05.0367 4568 usbscan - ok
18:53:05.0383 4568 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys
18:53:05.0393 4568 usbser - ok
18:53:05.0410 4568 UsbserFilt (0fe9e048fc762dcac087cb9ee1680079) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
18:53:05.0412 4568 UsbserFilt - ok
18:53:05.0436 4568 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:05.0438 4568 USBSTOR - ok
18:53:05.0493 4568 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:53:05.0495 4568 usbuhci - ok
18:53:05.0522 4568 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:05.0524 4568 vga - ok
18:53:05.0533 4568 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:53:05.0536 4568 VgaSave - ok
18:53:05.0559 4568 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:53:05.0561 4568 viaide - ok
18:53:05.0573 4568 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:53:05.0576 4568 volmgr - ok
18:53:05.0608 4568 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:53:05.0615 4568 volmgrx - ok
18:53:05.0636 4568 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:53:05.0642 4568 volsnap - ok
18:53:05.0676 4568 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:53:05.0680 4568 vsmraid - ok
18:53:05.0722 4568 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:53:05.0724 4568 WacomPen - ok
18:53:05.0761 4568 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:05.0763 4568 Wanarp - ok
18:53:05.0771 4568 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:05.0773 4568 Wanarpv6 - ok
18:53:05.0802 4568 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:53:05.0803 4568 Wd - ok
18:53:05.0850 4568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:53:05.0861 4568 Wdf01000 - ok
18:53:05.0955 4568 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
18:53:05.0957 4568 WinUSB - ok
18:53:06.0010 4568 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
18:53:06.0011 4568 WmiAcpi - ok
18:53:06.0080 4568 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:53:06.0082 4568 WpdUsb - ok
18:53:06.0106 4568 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:53:06.0107 4568 ws2ifsl - ok
18:53:06.0147 4568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:53:06.0151 4568 WudfPf - ok
18:53:06.0176 4568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:06.0180 4568 WUDFRd - ok
18:53:06.0255 4568 MBR (0x1B8) (d6ba8bd1e351710a091ac298ef15c30f) \Device\Harddisk0\DR0
18:53:06.0278 4568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:53:06.0278 4568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:53:06.0305 4568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
18:53:06.0311 4568 \Device\Harddisk1\DR1 - ok
18:53:06.0317 4568 Boot (0x1200) (c12cacc419cd20f87ab1f6addb039b77) \Device\Harddisk0\DR0\Partition0
18:53:06.0319 4568 \Device\Harddisk0\DR0\Partition0 - ok
18:53:06.0363 4568 Boot (0x1200) (2a7ac89c3fc17aed97b7e75cec596a5f) \Device\Harddisk0\DR0\Partition1
18:53:06.0365 4568 \Device\Harddisk0\DR0\Partition1 - ok
18:53:06.0369 4568 Boot (0x1200) (e0f734d056dccb1fc5aea2ef517d92fb) \Device\Harddisk1\DR1\Partition0
18:53:06.0371 4568 \Device\Harddisk1\DR1\Partition0 - ok
18:53:06.0373 4568 ============================================================
18:53:06.0373 4568 Scan finished
18:53:06.0373 4568 ============================================================
18:53:06.0392 0320 Detected object count: 1
18:53:06.0392 0320 Actual detected object count: 1
18:53:23.0461 0320 \Device\Harddisk0\DR0\# - copied to quarantine
18:53:23.0462 0320 \Device\Harddisk0\DR0 - copied to quarantine
18:53:23.0498 0320 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:53:23.0500 0320 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:53:23.0504 0320 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:53:23.0508 0320 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:53:23.0520 0320 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:53:23.0528 0320 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:53:23.0529 0320 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:53:23.0530 0320 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:53:23.0531 0320 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:53:23.0533 0320 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:53:23.0535 0320 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:53:23.0537 0320 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:53:23.0538 0320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:53:23.0539 0320 \Device\Harddisk0\DR0 - ok
18:53:23.0744 0320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:54:15.0273 4532 Deinitialize success

QuickScan 32-bit v0.9.9.111
---------------------------
Scan date: Thu Mar 15 19:03:35 2012
Machine ID: 6010BCC1



No infection found.
-------------------



Processes
---------
hpwuSchd Application 3440 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
Adobe Reader and Acrobat Manager 3500 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Mobile Device Service 832 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Audible Download Manager 3340 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
CyberLink MediaLibray Service 3424 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
CyberLink PowerCinema 3416 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FABS - file change and backup server 1160 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
HP Advisor 3296 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HP DVDSmart 3432 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
hpsysdrv Application 3348 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
iTunes 3476 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 4428 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
Java™ Platform SE Auto Updater 2 0 3460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LightScribe 2304 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
RAID Event Monitor 3224 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RAID Monitor 2988 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
TomTom HOME 3304 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
TomTom HOME 2652 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
Windows® Internet Explorer 3248 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4696 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Bonjour 1700 C:\Program Files (x86)\Bonjour\mDNSResponder.exe


Network activity
----------------
Process jucheck.exe (4428) connected on port 80 (HTTP) --> 208.50.81.226
Process iexplore.exe (4696) connected on port 80 (HTTP) --> 184.24.207.139
Process iexplore.exe (4696) connected on port 80 (HTTP) --> 174.76.226.18
Process iexplore.exe (4696) connected on port 80 (HTTP) --> 74.125.224.41
Process iexplore.exe (4696) connected on port 80 (HTTP) --> 74.125.224.41



Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Audible Download Manager C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
CyberLink MediaLibray Service C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
CyberLink PowerCinema C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
Default Manager c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
HP Advisor C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HP DVDSmart C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
HP Health Check Scheduler c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Microsoft Office 2000 C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe
Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr
MUI StartMenu Application c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
TomTom HOME C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
Hewlett-Packard Online Support Services C:\Windows\Downloaded Program Files\HPISDataManager.dll
Java Deployment Toolkit 6.0.210.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U21 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U21 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MSN® Toolbar c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll
NPCIG.dll C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Photodex Presenter Plugin C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
Veetle TV Core C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
Veetle TV Player C:\Program Files (x86)\Veetle\Player\npvlc.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll


Scan
----
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 826ddbbca98f2e6cd1dfe33cef33994c C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: 0467b9e5c7b38b3c00927d5707abbece C:\Program Files (x86)\Audible\Bin\AAXSDKWin.dll
MD5: 274d7d5fea95a5c48d13b6cdc99d49d4 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
MD5: 8ba469072b5a692b659f856c7e97a230 C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MD5: db1a23ee7dd2e5e04e7de071a6bef699 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
MD5: 0553190acc65fa705a2a4be193728295 c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
MD5: 344d0fc67eb8a7d307b6c4898537617d c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
MD5: dfeff67508d3a9aeb1a85d7b0f513b24 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: b8eac4507eb4655377b1e094fce7f12e C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
MD5: 0436535f8f37650bd4dadc3397cbee3e C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
MD5: fff1130f7c9fa01d093a1edfc5cce8fc C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
MD5: d4531b9b73b990dc53b4a765e3bd070a C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 6efb6bf6786ae9b2698d1adb5aab8f73 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonInterfaces.dll
MD5: 5fa6f89c319a0ec4a3eacfe801c6cb67 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonUtility.dll
MD5: c8d679922dff3da914b55e352f959c0d C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.dll
MD5: 1b29f9d1fef53a1a1c93827f494b3434 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
MD5: f8473e5ffe1a8c27bd6bfc74ea8649a8 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MD5: f1244e81e46546b0f149265d8b6d2d6a C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MD5: af2d7790af663ad368a70807f81d39db C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MD5: b7837053d4ed1e0e859eaf196f14eca6 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MD5: 20a771958db2b8ca4372eb95f59fdf3f C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Common.dll
MD5: 7868ed46c34a1b36bea10560f453598f C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
MD5: eab6bf6676aca731199a35a13d1624a2 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MD5: 21d627dff9d91716bbed332ff599114d C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll
MD5: d1ff91e5d243a1f9632a8d2f9b264271 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.ObjectBuilder.dll
MD5: 31dea5a67ca4c264cec3bf610e7c2ead C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
MD5: aad1d1ec24aa9ccc508fec685ccfebea C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MD5: d25138109f80975e46355013a25cb0c4 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MD5: 1ed99a136fc6d36b8f6546f521bd8409 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
MD5: eb132a624f129fd86b73ab29605c89e4 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MD5: 804179071a78f65ca0b0e1c4cd3a11c2 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SystemStatus.dll
MD5: 0c8a70bc3baaf7bf69dca495c1e1ab79 c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MD5: aa9ef0b395097f24d289f64445b2fd2e c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
MD5: f0e2d55bb5c7e106e92df972c1b277a6 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
MD5: afb5637f97b897c29fab2dcdfb20eb24 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\Common\CLRCEngine3.dll
MD5: 42e0ac0cc0a59ac3015426ed4c268dab C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MD5: 017335c7aefa8ed76750db95a78d6bfa C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
MD5: 30c295d19dbfa6fd5085383c6bdc92f8 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Common\CLRCEngine3.dll
MD5: 7d6e8a3b62d9c612d1fc6d15f0ac10c9 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\CBS.dll
MD5: 632d26889ba961e71e469dd86e48db38 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\HwCtrlMgr.dll
MD5: cd441bf2f5cfd46b5105891ddffdfba2 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
MD5: db3d8979064ce299927cc1da57e9a659 C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
MD5: 690a6df02625a46abee250c6151b7fba C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
MD5: 3ca446212e92933f118041ae6a30e89e C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll
MD5: ff54a05cd0d8cade6afb9a40cd52e635 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
MD5: 055e69b5e4841098a4eae04ee7eeb0a2 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
MD5: f79525634b192f5a18de503568f94ef3 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
MD5: c19087a83eaf9120ab4a48c994c1db15 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 3d811bf538d6f359735d757c94f484b6 C:\Program Files (x86)\Internet Explorer\msdbg2.dll
MD5: 3ca2dfd1ee857cde7dccf4235f52d142 C:\Program Files (x86)\Internet Explorer\pdm.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 68a553bdfa855c4f1074696682fcdeb6 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: 50083450c9ac100ad0ffcc0862120dd1 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: fdc1f94b79d3c08e5d66341e3cd6688e C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
MD5: 32c9e8f42348343d72013165ea86a3c6 C:\Program Files (x86)\Microsoft Security Client\Antimalware\MpOAv.dll
MD5: ed327201724ea05d509b7939abe49e98 C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: da41104dbaae7c2508601a4b15b475e5 c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 795289e4f6b9b9de61672ebe9e27c316 c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll
MD5: f9c2d44bd6d0cf4e5615c9c4be310f9c C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
MD5: 3fe1c696e0e8425364bffab9893a9012 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
MD5: a847b258d12b6d1bb124bd5debb05162 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
MD5: efef22b9577e5051057fde1ae381b50c C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
MD5: 8e753b080e0a0cf0b4651187d414059f C:\Program Files (x86)\Veetle\Player\npvlc.dll
MD5: 3152ec8d9f60c4a5ae76fe20d90e10d7 C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files (x86)\Windows Defender\MpOav.dll
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 20d2447795d9910bb4b89e5fb8147f0b C:\Program Files\Bonjour\mdnsNSP.dll
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 006597773be583d1ccf6a913477937e0 C:\Program Files\iPod\bin\iPodService.exe
MD5: 734088cb57aea704ca716c1c6bc5e0e6 C:\Program Files\LSI SoftModem\agr64svc.exe
MD5: 157e9e498206a3366baa7e4697bdd947 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
MD5: 566ddd5d82520da01d75f81428ac4c38 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
MD5: 8b84b3ecfb9d6b50b989d6db8143f365 C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
MD5: b6a7e7f43234bfa6a8e6cc4110cb9448 C:\Program Files\Windows Media Player\WMPNSCFG.exe
MD5: 9c5a0f070196b601d629f5ba9aa921f8 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: 83b6ca03c846fcd47f9883d77d1eb27b C:\Program Files\Zune\WMZuneComm.exe
MD5: 67b787c34fb2888d01b130ae007042d8 C:\Program Files\Zune\ZuneNss.exe
MD5: 4d89fc1c20cf655739efac5da81a67bc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
MD5: 1e345f2a2d95da3190596e691cde9342 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
MD5: cf16c9c9a95c71c4a44918b3d672b54e C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MD5: 534760d947665da0a80bb1a208fb9ede C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MD5: 81b65fa4daa14ff78b55b1c2d7cb9eeb C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MD5: db26005d7ec9977b323b4c21df6ef73d C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MD5: 22ddc71d46da59543544dcdffb12419a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MD5: 80bafb07cf325f12bfec0e1a8f9c77a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MD5: 906dea90dc88b73901a466e159b3fde1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MD5: 9ce94dfd13ea911980377f4bff94749c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MD5: 315e0f6f1f8b1494c37a99ba250007c9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MD5: d129c44d59d987c688a8c5b503dadb45 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MD5: 7758995e4d52bc33520d3781eb2e6093 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MD5: 16449b83b5e91af1e712e2049dc0b98b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MD5: e60cd8df35eb4a9c952af381fef51af3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MD5: f5ce3d5189297b3963c4ab27d3cd1e6c C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll
MD5: 2ab4f7cd23069cbb6b8332ef8027360b C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MD5: 50c0949e6219214df11d7519e5052c3b C:\Windows\Downloaded Program Files\HPISDataManager.dll
MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\Windows\Downloaded Program Files\qsax.dll
MD5: 14ce384d2e27b64c256bda4dc39c312d C:\Windows\ehome\ehRecvr.exe
MD5: b93159c1313d66fdfbbe876f5189cd52 C:\Windows\ehome\ehsched.exe
MD5: f5ee2527d74449868e3c3227a59bcd28 C:\Windows\ehome\ehstart.dll
MD5: 65437dad4f238ea9549408a783002222 C:\Windows\ehome\ehTray.exe
MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: 74751dda198165947fd7454d83f49825 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 35a936c7c029a5b705d3ffd40518d660 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe
MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll
MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\BCRYPT.dll
MD5: 83adc95272b048dfd1563e0ea0f269fb C:\Windows\system32\cewmdm.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 17f41229e141db1412a3b174a567d71e C:\Windows\system32\d2d1.dll
MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll
MD5: 1c0e15ea80a815494c0a3d471c823ccf C:\Windows\system32\d3d10_1.dll
MD5: 8f14591f6dc35192e2844306a12d41ff C:\Windows\system32\d3d10_1core.dll
MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll
MD5: 4a2e5e1e37aa56773bfd5bc82d36d2ec C:\Windows\system32\D3D10Warp.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: c790b4593c0b48bb1888880fe89bc09b C:\Windows\system32\DWrite.dll
MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll
MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll
MD5: 0ff4adc942a9353c4aeb1d06eb22b34f C:\Windows\system32\igdumd32.dll
MD5: 67cf6b23bdade026acfbebbe24148738 C:\Windows\system32\igdumdx32.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL
MD5: a1793136ed32c13adb3740a6557b3d84 C:\Windows\system32\MFC71U.DLL
MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll
MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: b1c5adf56c4d47833d32d06a02d4e184 C:\Windows\system32\MSVCP71.dll
MD5: fefc51a19141a9a911b1e161a6662ced C:\Windows\system32\MSVCR71.dll
MD5: 915d3430fe926376dd942ae45a9a1665 C:\Windows\system32\mswmdm.dll
MD5: 39ba737ebf8e7da1cd019fe95333fd70 C:\Windows\system32\Mystify.scr
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\System32\shdocvw.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\T2EMBED.DLL
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\uxtheme.dll
MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\system32\WINHTTP.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: 9f1fac04a274adf9f65f9e1b851bdb1e C:\Windows\system32\wmdmps.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\xmllite.dll
MD5: 0d0e5281784c2c526ba43c2ecd374288 C:\Windows\SysWOW64\drivers\Afc.sys
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll
MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll
MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll
MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL
MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\syswow64\msvcrt.dll
MD5: 6aaf63a85181e39f94ec0641c55a4ef0 C:\Windows\SysWOW64\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\syswow64\OLEAUT32.dll
MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe
MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll
MD5: da61f5c012a646771587a8cb9c0ae590 C:\Windows\SysWOW64\schannel.dll
MD5: 3a5adb89f057cd7b5a229f1ace53fdf6 C:\Windows\syswow64\Secur32.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll
MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.68 KB recvd
Scanned 382 files and modules - 53 seconds

==============================================================================

#5 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 15 March 2012 - 09:50 PM

There was a bit of progress after TDSSKILLER run. But there's a lot more to do.
Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Next:
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#6 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 15 March 2012 - 10:39 PM

After running aswMBR, the Fix button was not enabled.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 20:33:21
-----------------------------
20:33:21.457 OS Version: Windows x64 6.0.6002 Service Pack 2
20:33:21.458 Number of processors: 2 586 0x170A
20:33:21.458 ComputerName: H-PC UserName: H
20:33:22.971 Initialize success
20:34:26.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:34:26.685 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8
20:34:26.688 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:34:26.691 Disk 1 Vendor: ST310005 CC36 Size: 953869MB BusType: 8
20:34:26.695 Disk 0 MBR read successfully
20:34:26.700 Disk 0 MBR scan
20:34:26.705 Disk 0 unknown MBR code
20:34:26.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596475 MB offset 63
20:34:26.735 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 1221582600
20:34:26.774 Disk 0 scanning C:\Windows\system32\drivers
20:34:32.521 Service scanning
20:34:37.171 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:34:43.031 Modules scanning
20:34:43.041 Scan finished successfully
20:35:35.516 Disk 0 MBR has been saved successfully to "C:\Users\H\Desktop\MBR.dat"
20:35:35.530 The log file has been saved successfully to "C:\Users\H\Desktop\aswMBR.txt"

ListParts by Farbar Version: 12-03-2012 03
Ran by H (administrator) on 15-03-2012 at 20:36:44
Windows Vista (X64)
Running From: C:\Users\H\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%
Total physical RAM: 6133.33 MB
Available physical RAM: 4077.29 MB
Total Pagefile: 12379.7 MB
Available Pagefile: 10340.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:242.64 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (Backup HP) (Fixed) (Total:931.51 GB) (Free:412.8 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 932 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 582 GB 32 KB
Partition 2 Primary 14 GB 582 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 582 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 14 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 J Backup HP NTFS Partition 932 GB Healthy

======================================================================================================

****** End Of Log ******

#7 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 16 March 2012 - 10:18 AM

The results of aswMBR & Listparts are good. We still have more to do.
But first, a bit of housekeeping:
De-install FixRedirectVirus
Start button > in Start menu -- Control Panel > Uninstall a Program (listed under Programs).
{In Classic view, double click Program and features}.
Remove FixRedirectVirus
Exit Control Panel.

Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.
Step 3
If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your

Browser.

Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 4
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 5
Turn back on (re-enable) your MS Security Essentials active monitor.

Reply with copy of contents of Roguekiller report, C:\Combofix.txt, & the latest MBAM scan log
AND tell me, How is your system now ?

There will be a bit more to do, since your Java rutime is out-dated, as well as your Adobe Reader. And we need to make sure your Vista User Account Control is ON.
For the latter, see http://windows.micro...ntrol-on-or-off
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#8 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 16 March 2012 - 05:45 PM

Wow. My system seems to be much better now. It no longer appears to be hijacked! Thank you very much...

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: H [Admin rights]
Mode: Scan -- Date: 03/16/2012 12:43:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++
--- User ---
[MBR] d6afffae687fce73d04871ac6cc1198a
[BSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 0a95b3e60a0c0703a17e29a8bd2459ef
[BSP] 2589d35b9b4bf3f2ef56561a925b0bbc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#9 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 16 March 2012 - 05:47 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.16.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
H :: H-PC [administrator]

3/16/2012 1:21:38 PM
mbam-log-2012-03-16 (13-21-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 487940
Time elapsed: 1 hour(s), 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 16 March 2012 - 05:47 PM

ComboFix 12-03-16.03 - H 03/16/2012 12:54:09.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3747 [GMT -7:00]
Running from: c:\users\H\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 20:04 . 2012-03-16 20:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05EBA8D6-43AE-49CF-B9D1-E8577BCC0F41}\offreg.dll
2012-03-16 20:01 . 2012-03-16 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-16 20:01 . 2012-03-16 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 02:05 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05EBA8D6-43AE-49CF-B9D1-E8577BCC0F41}\mpengine.dll
2012-03-16 02:03 . 2012-03-16 02:03 -------- d-----w- c:\users\H\AppData\Roaming\QuickScan
2012-03-16 01:53 . 2012-03-16 01:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 01:38 . 2012-03-16 01:38 -------- d-----w- C:\rsit
2012-03-16 01:38 . 2012-03-16 01:38 -------- d-----w- c:\program files\trend micro
2012-03-16 01:33 . 2012-03-16 01:33 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-15 02:08 . 2012-03-15 04:58 -------- d-----w- c:\windows\Microsoft Antimalware
2012-02-29 23:18 . 2012-02-29 23:18 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 23:18 . 2011-06-12 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 20:36 . 2012-02-10 20:37 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32CCB676-1E14-43D6-A713-808693944315}\gapaengine.dll
2012-02-08 07:13 . 2011-09-07 15:17 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-09-06 14:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-03 14:25 . 2012-02-15 06:16 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-20_00.48.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-08 12:40 . 2009-06-15 14:54 77312 c:\windows\SysWOW64\secur32.dll
+ 2012-01-11 14:02 . 2011-11-16 16:24 77312 c:\windows\SysWOW64\secur32.dll
+ 2012-01-11 14:02 . 2011-11-18 17:47 66560 c:\windows\SysWOW64\packager.dll
+ 2012-02-15 10:00 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-11 10:11 . 2011-07-22 02:44 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-11 10:11 . 2011-07-22 02:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-15 10:00 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2006-11-02 12:13 . 2006-11-02 09:46 23552 c:\windows\SysWOW64\mciseq.dll
+ 2012-01-11 14:02 . 2011-10-14 16:00 23552 c:\windows\SysWOW64\mciseq.dll
- 2011-08-11 10:11 . 2011-07-22 02:46 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-02-15 10:00 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
- 2008-01-21 03:20 . 2011-09-06 14:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-05 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-06 14:55 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-05 23:23 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-05 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-06 14:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 17:50 . 2010-09-24 17:50 67072 c:\windows\system32\ZuneTcp2Udp.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 67072 c:\windows\system32\ZuneTcp2Udp.dll
- 2010-09-24 17:50 . 2010-09-24 17:50 60928 c:\windows\system32\ZuneRegUtil.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 60928 c:\windows\system32\ZuneRegUtil.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 45568 c:\windows\system32\ZunePTDNS.dll
- 2010-09-24 17:50 . 2010-09-24 17:50 45568 c:\windows\system32\ZunePTDNS.dll
+ 2008-01-21 02:23 . 2012-03-16 20:05 61538 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-03-16 20:06 82994 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-28 20:21 . 2012-03-16 20:06 17734 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-809377086-3892647188-450367023-1000_UserData.bin
- 2009-10-08 12:40 . 2009-06-15 15:12 94720 c:\windows\system32\secur32.dll
+ 2012-01-11 14:02 . 2011-11-16 16:42 94720 c:\windows\system32\secur32.dll
+ 2012-01-11 14:02 . 2011-11-18 18:07 76800 c:\windows\system32\packager.dll
- 2011-08-11 10:11 . 2011-07-22 05:32 96256 c:\windows\system32\mshtmled.dll
+ 2012-02-15 10:00 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
+ 2012-02-15 10:00 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-08-11 10:11 . 2011-07-22 05:34 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2006-11-02 09:53 . 2006-11-02 11:17 28672 c:\windows\system32\mciwave.dll
+ 2012-01-11 14:02 . 2011-10-14 17:27 28672 c:\windows\system32\mciwave.dll
- 2006-11-02 09:53 . 2006-11-02 11:17 28160 c:\windows\system32\mciseq.dll
+ 2012-01-11 14:02 . 2011-10-14 17:27 28160 c:\windows\system32\mciseq.dll
- 2006-11-02 09:53 . 2006-11-02 11:17 48128 c:\windows\system32\mcicda.dll
+ 2012-01-11 14:02 . 2011-10-14 17:27 48128 c:\windows\system32\mcicda.dll
+ 2012-01-11 14:02 . 2011-11-16 14:34 11264 c:\windows\system32\lsass.exe
- 2009-10-08 12:40 . 2009-06-15 13:15 11264 c:\windows\system32\lsass.exe
+ 2012-02-15 10:00 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
- 2011-08-11 10:11 . 2011-07-22 05:34 85504 c:\windows\system32\jsproxy.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 67072 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneTcp2Udp.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 60928 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneRegUtil.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 45568 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZunePTDNS.dll
+ 2011-11-09 04:41 . 2011-09-20 14:04 40448 c:\windows\system32\drivers\tcpipreg.sys
- 2011-08-10 20:28 . 2011-06-17 13:56 40448 c:\windows\system32\drivers\tcpipreg.sys
+ 2011-09-11 02:05 . 2011-12-10 22:24 23152 c:\windows\system32\drivers\mbam.sys
+ 2011-12-15 03:24 . 2011-10-25 16:09 85504 c:\windows\system32\csrsrv.dll
- 2011-07-13 00:22 . 2011-04-20 15:58 85504 c:\windows\system32\csrsrv.dll
- 2009-06-28 20:19 . 2011-09-20 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-28 20:19 . 2012-01-31 23:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-28 20:19 . 2011-09-20 00:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 20:19 . 2012-01-31 23:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 20:19 . 2011-09-20 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 20:19 . 2012-01-31 23:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-19 03:41 . 2011-06-24 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-19 03:41 . 2012-03-13 02:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-19 03:41 . 2012-03-13 02:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-19 03:41 . 2011-06-24 07:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-19 03:41 . 2011-06-24 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-19 03:41 . 2012-03-13 02:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 06:57 . 2011-11-22 06:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2011-11-22 05:31 . 2011-11-22 05:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-09-18 10:10 . 2011-09-18 10:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-15 04:52 . 2012-03-15 04:52 12288 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-205208-00000003-ffffffff.bin
+ 2012-02-04 20:45 . 2012-02-04 20:45 22016 c:\windows\Installer\e8c8e.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fdd.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fd6.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fcf.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fc8.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fc1.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fba.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fb3.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fac.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fa5.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f9e.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f97.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f90.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f89.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f82.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f7b.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f74.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f56.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f38.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f1a.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7efc.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7ede.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7ec0.msi
+ 2011-11-18 19:45 . 2011-11-18 19:45 77312 c:\windows\Installer\aa7ea8.msi
- 2011-09-16 10:03 . 2011-09-16 10:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-02-07 10:00 . 2012-02-07 10:00 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-02-07 10:01 . 2012-02-07 10:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-09-16 10:03 . 2011-09-16 10:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-04 10:01 . 2011-06-16 10:19 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 10:01 . 2012-02-16 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-01-24 22:41 . 2012-01-24 22:41 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2012-01-24 22:41 . 2012-01-24 22:41 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2005-12-02 21:18 . 2005-12-02 21:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe
+ 2009-10-14 20:24 . 2009-10-14 20:24 99976 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe
+ 2008-11-12 06:15 . 2008-11-12 06:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf
+ 2010-09-21 06:07 . 2010-09-21 06:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-27 01:43 . 2009-02-27 01:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
- 2006-11-02 12:40 . 2011-09-06 14:52 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-11-18 19:44 51200 c:\windows\inf\infpub.dat
+ 2012-03-13 10:13 . 2012-03-13 10:13 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-03-13 10:09 . 2012-03-13 10:09 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-13 10:08 . 2012-03-13 10:08 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\9f6d11340d0b68bb30dbad5092e56a92\UIXControls.ni.dll
+ 2011-11-18 19:44 . 2011-11-18 19:44 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\3aa0ddd6d91850ce0b5644f73b62e4a7\UIXControls.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\067175115d10c3d264ab318e820765e5\System.Windows.Presentation.ni.dll
+ 2011-10-12 10:38 . 2011-10-12 10:38 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\00db78298fe5452c0f0841e3688193df\System.Windows.Presentation.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\fbd4e0199e5933302cc414871408c2a3\System.Web.DynamicData.Design.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\32988c989fec0b0a6ea7420b687847f0\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\df5c4750465a0c3ad3a84aba30e8940b\PresentationFontCache.ni.exe
+ 2011-10-12 10:37 . 2011-10-12 10:37 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\175efd925a4d4e7deccc7855d6dcb3c9\PresentationFontCache.ni.exe
+ 2011-10-12 10:36 . 2011-10-12 10:36 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\fa0c632bdf12e9d70405212bbcb255ee\PresentationCFFRasterizer.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\0efd3bfda60c6df58207598eeb48f25a\PresentationCFFRasterizer.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\be2487a805f44453b91fbfcc612ddb68\Microsoft.WSMan.Runtime.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\a4a66a531fcba4ae3db28c68033787a4\Microsoft.WSMan.Runtime.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\28baaf9cc7640ebf81cc317dbd5119d6\Microsoft.VisualC.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\d44223fe604b9811a3a57cbf71c3f1f9\ehiExtCOM.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\95ac9a9bdd91cac933680ebd43d98e0a\ehExtCOM.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\2c497fedb47981d3f9cd789d3966ccf4\ehExtCOM.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\42bec19a6f2ecc6f45c4d07b4e2d6083\dfsvc.ni.exe
+ 2011-10-12 10:33 . 2011-10-12 10:33 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\006ccb4b89e6670929d149ff641369ef\Accessibility.ni.dll
+ 2011-10-12 10:32 . 2011-10-12 10:32 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\4b4da1f58f246ac63a6486910ce4feca\System.Windows.Presentation.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d64bb27d9b0901fbaf26a363f664476b\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\249d58bfb0fad2bfc6539cc4af8ae7dd\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-12 10:32 . 2011-10-12 10:32 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\fa4e1998745ba5cfd3751d17172a50c1\System.AddIn.Contract.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bed862dc1b6ba4eb085a645d0df2873b\PresentationFontCache.ni.exe
+ 2012-02-15 10:39 . 2012-02-15 10:39 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0949167ed4166f458ba9f3b705b8bc21\PresentationCFFRasterizer.ni.dll
+ 2011-10-12 10:32 . 2011-10-12 10:32 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\67e74beedea6b1c61609c3199a41c112\napcrypt.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\099420b6b2b532b8156e510ae78da504\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\90b93ddbe3aded4d91ed37540d3b62cd\Microsoft.Vsa.ni.dll
+ 2011-10-12 10:31 . 2011-10-12 10:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\0be0eb42238f115408fd2fab2b9a387f\Microsoft.VisualC.ni.dll
+ 2011-10-12 10:30 . 2011-10-12 10:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e51e9b0e132d5639a9d24d2fc93d84e2\Microsoft.Build.Framework.ni.dll
+ 2011-10-12 10:31 . 2011-10-12 10:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4bcbda8a78ed8746b758f2c961df98f9\Microsoft.Build.Framework.ni.dll
+ 2011-10-12 10:31 . 2011-10-12 10:31 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\188cef9a56634d7e4b9239c388576d94\ehiUserXp.ni.dll
+ 2011-10-12 10:31 . 2011-10-12 10:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\e4c8338d98d38340bd2e9eb91eb4ad78\dfsvc.ni.exe
+ 2011-10-12 10:30 . 2011-10-12 10:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
- 2011-08-24 15:44 . 2011-07-11 13:25 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-12-15 03:24 . 2011-11-08 14:42 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-10-11 19:10 . 2011-08-25 13:31 4096 c:\windows\SysWOW64\oleaccrc.dll
- 2009-12-11 13:46 . 2009-10-08 21:07 4096 c:\windows\SysWOW64\oleaccrc.dll
+ 2011-12-15 03:24 . 2011-11-08 14:58 2048 c:\windows\system32\tzres.dll
- 2011-08-24 15:44 . 2011-07-11 13:45 2048 c:\windows\system32\tzres.dll
- 2009-12-11 13:46 . 2009-10-08 21:07 4096 c:\windows\system32\oleaccrc.dll
+ 2011-10-11 19:10 . 2011-08-25 13:54 4096 c:\windows\system32\oleaccrc.dll
+ 2012-03-16 20:04 . 2012-03-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-20 00:47 . 2011-09-20 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-16 20:04 . 2012-03-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-20 00:47 . 2011-09-20 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-13 10:17 . 2012-03-13 10:17 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
+ 2012-01-11 14:02 . 2011-10-14 16:03 189952 c:\windows\SysWOW64\winmm.dll
- 2009-12-03 13:53 . 2009-04-11 06:28 189952 c:\windows\SysWOW64\winmm.dll
+ 2012-01-11 14:02 . 2011-11-16 16:23 377344 c:\windows\SysWOW64\winhttp.dll
- 2009-12-09 14:57 . 2009-08-24 11:36 377344 c:\windows\SysWOW64\winhttp.dll
- 2011-08-11 10:11 . 2011-07-22 02:47 231936 c:\windows\SysWOW64\url.dll
+ 2012-02-15 10:00 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-11 19:10 . 2011-08-25 16:15 555520 c:\windows\SysWOW64\UIAutomationCore.dll
- 2009-12-11 13:45 . 2009-10-08 21:08 555520 c:\windows\SysWOW64\UIAutomationCore.dll
+ 2012-01-11 14:02 . 2011-11-16 16:23 278528 c:\windows\SysWOW64\schannel.dll
+ 2012-03-14 05:22 . 2012-01-09 15:54 613376 c:\windows\SysWOW64\rdpencom.dll
+ 2012-01-11 14:02 . 2011-10-25 15:58 497152 c:\windows\SysWOW64\qdvd.dll
- 2009-12-03 13:52 . 2009-04-11 06:28 497152 c:\windows\SysWOW64\qdvd.dll
- 2009-12-03 13:52 . 2009-04-11 06:28 293376 c:\windows\SysWOW64\psisdecd.dll
+ 2011-10-11 19:10 . 2011-07-29 16:01 293376 c:\windows\SysWOW64\psisdecd.dll
- 2011-06-15 14:15 . 2010-12-20 16:35 563712 c:\windows\SysWOW64\oleaut32.dll
+ 2011-10-11 19:10 . 2011-08-25 16:14 563712 c:\windows\SysWOW64\oleaut32.dll
+ 2011-10-11 19:10 . 2011-08-25 16:14 238080 c:\windows\SysWOW64\oleacc.dll
+ 2012-02-15 06:16 . 2011-12-14 16:17 680448 c:\windows\SysWOW64\msvcrt.dll
+ 2012-02-29 23:18 . 2012-02-29 23:18 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-01-12 14:26 . 2012-01-12 14:26 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2012-02-15 10:00 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2011-08-11 10:11 . 2011-07-22 02:45 716800 c:\windows\SysWOW64\jscript.dll
- 2011-08-11 10:11 . 2011-07-22 02:43 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-15 10:00 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
- 2011-03-09 05:41 . 2010-12-29 18:28 429056 c:\windows\SysWOW64\EncDec.dll
+ 2011-12-15 03:24 . 2011-10-14 16:02 429056 c:\windows\SysWOW64\EncDec.dll
- 2011-02-10 04:17 . 2011-01-20 16:08 219648 c:\windows\SysWOW64\d3d10_1core.dll
+ 2012-03-14 05:22 . 2012-02-14 15:45 219648 c:\windows\SysWOW64\d3d10_1core.dll
+ 2012-03-14 05:22 . 2012-02-14 15:45 160768 c:\windows\SysWOW64\d3d10_1.dll
- 2011-02-10 04:17 . 2011-01-20 16:08 160768 c:\windows\SysWOW64\d3d10_1.dll
- 2011-02-10 04:17 . 2011-01-20 13:47 683008 c:\windows\SysWOW64\d2d1.dll
+ 2012-03-14 05:22 . 2012-02-13 13:47 683008 c:\windows\SysWOW64\d2d1.dll
- 2010-09-24 17:50 . 2010-09-24 17:50 149504 c:\windows\system32\ZuneUsbTransport.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 149504 c:\windows\system32\ZuneUsbTransport.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 405504 c:\windows\system32\ZuneNetProxy.dll
- 2010-09-24 17:50 . 2010-09-24 17:50 405504 c:\windows\system32\ZuneNetProxy.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 249344 c:\windows\system32\ZuneMTPZ.dll
- 2010-09-24 17:50 . 2010-09-24 17:50 249344 c:\windows\system32\ZuneMTPZ.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 354304 c:\windows\system32\ZuneCoInst.dll
+ 2012-01-11 14:02 . 2011-11-25 16:25 451072 c:\windows\system32\winsrv.dll
- 2011-08-10 20:28 . 2011-06-17 16:16 451072 c:\windows\system32\winsrv.dll
+ 2012-01-11 14:02 . 2011-10-14 17:31 211968 c:\windows\system32\winmm.dll
- 2009-12-03 13:53 . 2009-04-11 07:11 211968 c:\windows\system32\winmm.dll
- 2009-12-09 14:57 . 2009-08-24 11:47 442368 c:\windows\system32\winhttp.dll
+ 2012-01-11 14:02 . 2011-11-16 16:43 442368 c:\windows\system32\winhttp.dll
+ 2009-06-29 01:15 . 2011-10-15 19:24 352574 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-08-11 10:11 . 2011-07-22 05:35 237056 c:\windows\system32\url.dll
+ 2012-02-15 10:00 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2011-10-11 19:10 . 2011-08-25 16:20 735744 c:\windows\system32\UIAutomationCore.dll
+ 2012-01-11 14:02 . 2011-11-16 16:42 347136 c:\windows\system32\schannel.dll
+ 2012-03-14 05:22 . 2012-01-09 16:16 708096 c:\windows\system32\rdpencom.dll
- 2009-12-03 13:52 . 2009-04-11 07:11 352256 c:\windows\system32\qdvd.dll
+ 2012-01-11 14:02 . 2011-10-25 16:13 352256 c:\windows\system32\qdvd.dll
- 2009-12-03 13:53 . 2009-04-11 07:11 375808 c:\windows\system32\psisdecd.dll
+ 2011-10-11 19:10 . 2011-07-29 16:08 375808 c:\windows\system32\psisdecd.dll
+ 2006-11-02 12:46 . 2012-03-16 01:07 606602 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-16 01:07 105202 c:\windows\system32\perfc009.dat
+ 2011-10-11 19:10 . 2011-08-25 16:19 847360 c:\windows\system32\oleaut32.dll
- 2011-06-15 14:15 . 2010-12-20 16:59 847360 c:\windows\system32\oleaut32.dll
+ 2011-10-11 19:10 . 2011-08-25 16:19 332288 c:\windows\system32\oleacc.dll
+ 2012-02-15 06:16 . 2011-12-14 16:38 621056 c:\windows\system32\msvcrt.dll
- 2009-12-03 13:53 . 2009-04-11 07:11 621056 c:\windows\system32\msvcrt.dll
+ 2012-02-29 23:18 . 2012-02-29 23:18 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2012-02-15 10:00 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
- 2011-08-11 10:11 . 2011-07-22 05:30 248320 c:\windows\system32\ieui.dll
+ 2012-02-15 10:00 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
- 2006-11-02 15:21 . 2011-08-14 17:26 309760 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-02 15:21 . 2012-03-14 10:20 309760 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-15 03:24 . 2011-10-14 17:30 559616 c:\windows\system32\EncDec.dll
- 2011-03-09 05:41 . 2010-12-29 19:01 559616 c:\windows\system32\EncDec.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 149504 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneUsbTransport.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 405504 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneNetProxy.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 249344 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneMTPZ.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 128000 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneIPTransport.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 354304 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneCoInst.dll
+ 2011-06-06 20:49 . 2011-06-06 20:49 708168 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WinUSBCoInstaller.dll
+ 2011-06-06 20:49 . 2011-06-06 20:49 708168 c:\windows\system32\DriverStore\FileRepository\wmzuneserusb.inf_a8c8911e\WinUSBCoInstaller.dll
- 2009-12-03 13:52 . 2009-04-11 05:48 209920 c:\windows\system32\drivers\rdpwd.sys
+ 2012-03-14 05:22 . 2012-01-09 14:27 209920 c:\windows\system32\drivers\rdpwd.sys
+ 2012-01-11 14:02 . 2011-11-17 06:53 515968 c:\windows\system32\drivers\ksecdd.sys
- 2011-02-10 04:17 . 2011-01-20 16:16 327680 c:\windows\system32\d3d10_1core.dll
+ 2012-03-14 05:22 . 2012-02-14 16:49 327680 c:\windows\system32\d3d10_1core.dll
+ 2012-03-14 05:22 . 2012-02-14 16:49 196096 c:\windows\system32\d3d10_1.dll
- 2011-02-10 04:17 . 2011-01-20 16:16 196096 c:\windows\system32\d3d10_1.dll
+ 2012-03-14 05:22 . 2012-02-13 14:06 834048 c:\windows\system32\d2d1.dll
- 2011-02-10 04:17 . 2011-01-20 14:06 834048 c:\windows\system32\d2d1.dll
+ 2010-06-15 11:57 . 2012-03-15 08:33 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2010-06-15 11:57 . 2010-06-15 11:57 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2010-06-15 11:57 . 2012-03-15 08:33 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2010-06-15 11:57 . 2010-06-15 11:57 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2010-10-25 04:24 . 2011-09-20 00:46 286784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-25 04:24 . 2012-03-16 20:02 286784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-22 06:57 . 2011-11-22 06:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-12-26 12:47 . 2011-12-26 12:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-11 14:02 . 2011-12-27 02:51 744720 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-10-11 19:10 . 2011-07-08 11:52 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-26 11:39 . 2011-12-26 11:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-11-22 05:31 . 2011-11-22 05:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-10-11 19:10 . 2011-07-08 11:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-06-15 14:13 . 2011-03-29 10:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-10-11 19:10 . 2011-07-08 11:53 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-15 02:09 . 2012-03-15 04:58 311296 c:\windows\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin
+ 2011-11-18 19:44 . 2011-11-18 19:44 788992 c:\windows\Installer\aa7e9a.msi
+ 2012-01-24 22:41 . 2012-01-24 22:41 922624 c:\windows\Installer\a7335d3.msi
+ 2011-11-07 23:43 . 2011-11-07 23:43 323072 c:\windows\Installer\19d3e9.msi
+ 2011-12-07 15:11 . 2011-12-07 15:11 188416 c:\windows\Installer\13fe5cfb.msi
+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 06:07 . 2010-09-21 06:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
- 2006-11-02 12:40 . 2011-09-06 14:52 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-11-18 19:44 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-11-18 19:44 143360 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-09-06 14:52 143360 c:\windows\inf\infstor.dat
+ 2012-03-16 01:35 . 2005-10-20 19:02 163328 c:\windows\ERDNT\3-15-2012\ERDNT.EXE
+ 2012-01-11 14:02 . 2011-11-01 16:35 196096 c:\windows\ehome\mstvcapn.dll
+ 2012-03-14 22:47 . 2012-03-14 22:47 710304 c:\windows\Downloaded Program Files\qsax.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-13 10:10 . 2012-03-13 10:10 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
+ 2012-03-13 10:15 . 2012-03-13 10:15 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 755200 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8857db4eb5c9797068ff55872e8cff64\PresentationFramework.Luna.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0a5b8a58dc91116727bfc775a1c19b8c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\e75d718c701de8465600c9a291850bd5\WsatConfig.ni.exe
+ 2011-10-12 10:38 . 2011-10-12 10:38 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\d3b8ba89ad6b7e3dd72e903eba259c9a\WsatConfig.ni.exe
+ 2011-10-12 10:38 . 2011-10-12 10:38 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ea6d8df86fc35898ec0ed1931286079d\WindowsFormsIntegration.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\24435f85f70be4cf3bc1837141e1f3f8\WindowsFormsIntegration.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\fcc1bb8b7816577d8ace229d8b10efc1\UIAutomationTypes.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\caf208f16abe2d305effc78e1f81e9b5\UIAutomationProvider.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\ff7ff4d1cef4eb69de7a031b48398987\UIAutomationClient.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\a0aca4bf0a203bb37a754232270cccfa\UIAutomationClient.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da762595ee5b4709e0ee72feeb95cf33\TaskScheduler.ni.dll
+ 2011-10-12 10:38 . 2011-10-12 10:38 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\a386c1261e6fa238c30d1ac51f56ef5b\TaskScheduler.ni.dll
+ 2011-10-12 10:38 . 2011-10-12 10:38 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\e961e5d1c86bf0c2b52249c3eb1d476c\System.Xml.Linq.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\64f3bb54c4e1236d27f817d7fa68172c\System.Xml.Linq.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\65d2ba6625880c2338b91670c438a107\System.Web.Routing.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\305bff6f5396544a7bfc56e84bfa1e87\System.Web.Routing.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\b7e323c4caccb48a6c7cd45c5c8b16f7\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\270d74a31831149b21b5bea91c0aea5a\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a3c3617414cec7911b49ffd306b291f4\System.Web.Entity.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0e0a0efe9ab9642700a8f57a4edbe976\System.Web.Entity.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d5d13f24e51a4fa41be09b8d2241f600\System.Web.Entity.Design.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\c530a47802b240b087da20b94c97cad4\System.Web.Entity.Design.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\86f7d8a68c51823d89921f55ff7e2603\System.Web.DynamicData.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\003e371c8df2a55501c5f738a7c5bec8\System.Web.DynamicData.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\9c64eb12d481157ee49e63fa21d75376\System.Web.Abstractions.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\40994da02056e19475c5958f64195807\System.Web.Abstractions.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\acc28599cfdd7905c0f1dc28dd69c62c\System.Transactions.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\26713be7f0119f1ccd5cb301b4088616\System.Transactions.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\fd5a2f4321cd339b0d7dfcd46aac578c\System.ServiceProcess.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\39c01dd3934350653a7e47d85688a56e\System.ServiceProcess.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\6ec0affc7f8a6ef94bb7457353bed773\System.Security.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\02c9a0da64efb6d60958a061835cb425\System.Security.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\d526d3a3a6657c8cd4508ebe888d50ad\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\9b37cb88d4fe41952c0ff8ec36df639c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\f8f6ea38bbdd49db6a1a029492909d14\System.Net.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\691b5229cb26bbb7fdb9ae20c289ad7f\System.Net.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\513a99c7b2bc651a72ee1c96f2ca9372\System.Messaging.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\43950691e68fa889d8276281c843c90a\System.Messaging.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\bb552a747610ce1e38ca20f767a905b3\System.Management.Instrumentation.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\4667706242b4b409f374dfcd2289dfad\System.Management.Instrumentation.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\ae581129b25b5f40ab1f9ddf55412c60\System.IO.Log.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\1b7cfed2b4bac8be0d75b2e5840e1648\System.IO.Log.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\b936404b70f3d96230370185221d2988\System.IdentityModel.Selectors.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\a66bdd2dddd9808eae7e037ed299971b\System.IdentityModel.Selectors.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1a90a8d222464221458d0ebef4ac8216\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a29ca53b0da167fff25e474202b5aa24\System.Drawing.Design.ni.dll
+ 2011-10-12 10:29 . 2011-10-12 10:29 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\23ae39416a886e06e99e5f1a362a0ca2\System.Drawing.Design.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e3f2322ddd355493f592702d27f9edf0\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d3b45c9a426e4247060210a4442e57c1\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\8ae8c8c594d7ad7f6430b65d72d0cb58\System.Data.Services.Design.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\6501cb8efc619b96b3b6b754f6fcf5aa\System.Data.Services.Design.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\5e7784d0562f54ba2bac4fab3f3c7da6\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\2123c2ac019fe39a10ac3b10ab4086ca\System.Data.DataSetExtensions.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a00d13945ba2ae72e0f81a330405ef94\System.Configuration.Install.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\1bb009ad266e51586d48ce4dc1e15336\System.Configuration.Install.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\e0828964993d832dabb31b17c6d82a02\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\a84b1a7e829536918cbee735c98cf7a4\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\892fa605806b4152e60a5b80d01d646a\System.AddIn.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\4b49b44dcb277e6cba02bec7bdd5f53a\System.AddIn.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fab800c985d2637100bb4a74ee70c5c1\System.AddIn.Contract.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\091348740bb38b85dece99d1deb33d06\sysglobl.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\e50076b441b0a3744dfb857e8c10c7a3\SMSvcHost.ni.exe
+ 2012-02-15 10:36 . 2012-02-15 10:36 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6bcd8ba05cb1434cc5a15e50f67ff1fb\SMSvcHost.ni.exe
+ 2011-10-12 10:34 . 2011-10-12 10:34 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\fa7982dd82101344f9a0ec5a7df12d13\SMDiagnostics.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\57f792edd3d4b372dd74906b9519cb83\SMDiagnostics.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\8f0a08eaa171d56cbb2e4187ab8746b4\ServiceModelReg.ni.exe
+ 2012-01-12 10:10 . 2012-01-12 10:10 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\6ba06b090714e51e8a92499ade057045\ServiceModelReg.ni.exe
+ 2012-02-15 10:29 . 2012-02-15 10:29 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c44df85a8829301af9fe97c6cb3c8124\PresentationFramework.Classic.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b1a7be598a0c377152ef1f42e7c1eac3\PresentationFramework.Royale.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\af19f6e696a20ae3a64a683bb34b6cf0\PresentationFramework.Royale.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\939a859ef807fb6511db2a22ede35d29\PresentationFramework.Luna.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\59a734aadd2294941fd7bbb62e76ab1f\PresentationFramework.Luna.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\574c8f267bed7da9a80d9f3a428099bd\PresentationFramework.Aero.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\3f65d45a3ff81a26fc82e5c6fcc10370\PresentationFramework.Classic.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2617b044b288975dd6ebda2ef9417852\PresentationFramework.Aero.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\900ae2d2a1e97c15ecf1f38a613fb4a9\napsnap.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\155c6b2c094e804bc48f3c697c8b5875\napsnap.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d9abdc76a774e8c77189b025ccb3a052\napinit.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\8ba28cd475eddd59aa72048078b9d38d\napinit.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\c1aca362549bc87db4cd9b39e915fc34\naphlpr.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\db12e1be90224e573376cc86b197d869\napcrypt.ni.dll

#11 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 16 March 2012 - 05:49 PM

+ 2011-10-12 10:33 . 2011-10-12 10:33 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\eb2563ff14d1cea338648ac1feeafc1f\MSBuild.ni.exe
+ 2012-02-15 10:32 . 2012-02-15 10:32 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\be5f5567910588933ade41773ce4b42e\MSBuild.ni.exe
+ 2011-10-12 10:35 . 2011-10-12 10:35 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\f5e34def2ddaf9fbab2225e5a302d33f\MMCFxCommon.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\3e266abc08cced266b819ff005fcbd4c\MMCFxCommon.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\c531aae4cac7e3f1f3064a475e35789d\Microsoft.WSMan.Management.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\94f66b0665ea9b4b709b570e7c814fed\Microsoft.WSMan.Management.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\eb2adb1762038f5a21d84fb5b88296be\Microsoft.Vsa.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0e11d1b7322a3ccdcf4f62122608d657\Microsoft.Vsa.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\d7f54f624ab86ec9e05192cbe28a8532\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\39be58c468f0bf887a7548a6388cf419\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec5a27a580cc2bf11095f4734768280c\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\dbe26a57513f494efe75b3188cf366b4\Microsoft.PowerShell.Security.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d1d9afd53ef03252bb4407613ab11a1d\Microsoft.PowerShell.Security.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\bf181ea99e6aa101d6d6fcb21fb851ed\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b6894931958aa9710883b74c252ed514\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a097fc0285187f39c11115f78eef26af\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6fe53936c7ac3038d715852058cf0f56\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5b8c3d452ccb8e38475c4d5ae06d3479\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e4b446852f196438818c0ce9e68605e8\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c981dc80ad13bec94aa54b8fb28b9b86\Microsoft.MediaCenter.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9cd63300be3a34c0f37e141403dd4d02\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f759c116baecccd3042cbbd68f3aa2f\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\513e938deeda74a2e1a9a54e22bb8979\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\0cb9b0e9f02f16b01a2a0ee80b9abd0b\Microsoft.MediaCenter.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\f7e21685d37f5c19150bf300eda5f3d0\Microsoft.ManagementConsole.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\3de8add426da03a3b88c5a35d9d60855\Microsoft.ManagementConsole.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\ca8b9b67ac083de32eaea45d219c2a67\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\b23eceb3a5e8db89f107bdc02ab6cda9\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\7bd112d24e684e5602907515d47f3c01\Microsoft.Build.Utilities.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\1a43bbc417d8f56c5fd3d828bdca0c75\Microsoft.Build.Utilities.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\96c6b81949f7e09457d21c1591996471\Microsoft.Build.Framework.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\592acc376f9c89d56f0c781289b42805\Microsoft.Build.Framework.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\d4aed105d188ae1bfd6ed294f7c0eef6\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\3810a73c2a98b2e6979105d927d2edb8\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\b4408b2b679ab322d62671236b10b1fb\Mcx2Dvcs.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\8724bb8184276f3d4fe41218ebf5f91a\Mcx2Dvcs.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\a5b8d0055fe7295ae8dc4b9f2d184de0\mcupdate.ni.exe
+ 2011-10-12 10:35 . 2011-10-12 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\1c4decc241e2a8c8ee713733948d8086\mcupdate.ni.exe
+ 2012-02-15 10:34 . 2012-02-15 10:34 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\dfce0fb190090fc1f2dd19b400851311\mcstoredb.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\29eb48280c132b50756e460f2d5b9811\mcstoredb.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\ec19ffc4d09fd44d51e071378f5e7a9b\mcstore.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\2a18d543282212deac79ff3c4f47ec43\mcstore.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\2d6522135d6e690fa2615eb9aecfe540\loadmxf.ni.exe
+ 2011-10-12 10:35 . 2011-10-12 10:35 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\23bb4c93c638296182a538f3461c455b\loadmxf.ni.exe
+ 2012-02-15 10:34 . 2012-02-15 10:34 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\aa6adee5f25cd729135acb77410372cd\EventViewer.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\1fbfd420e2a2d97c24c80ac7cc8392c6\EventViewer.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\eacfe9b74df294dc175cb2c85aece537\ehiWUapi.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\29283480f471139af1c4a6fd3b59b205\ehiwmp.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\16440d92821e195feb65203904210d75\ehiUserXp.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\2e9bb1ae3de00a2678978386f6f73de9\ehiReplay.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\638557ed53ca8211c123007bdc3dc548\ehiExtens.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2097683a9fd71551cf96f98efaab805f\ehExtHost.ni.exe
+ 2011-10-12 10:35 . 2011-10-12 10:35 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\0bc1a19c1cb03723ef685b5917e74903\ehExtHost.ni.exe
+ 2012-02-15 10:34 . 2012-02-15 10:34 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\e0bec615bbe96a8a509ab0d536201ce3\ehepgdat.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\9fba8fc4c06bfe3d9a87d2035fa7b156\ehepgdat.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\f110989d6ed5a5dcf4ae4ea4e5020335\ehCIR.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\5d69d006137ed7704b7b7aa2d54f296e\ehCIR.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\3af5fbffd80931f39a49cb1dc5737e5e\CustomMarshalers.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\3f5faea5c8517449702312f28aa6a7bb\ComSvcConfig.ni.exe
+ 2012-02-15 10:32 . 2012-02-15 10:32 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\07306d61405dd95a1fee01c57eaa9a00\ComSvcConfig.ni.exe
+ 2012-02-15 10:32 . 2012-02-15 10:32 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\801dc71b80a1f1f78688f946fa40ef06\BDATunePIA.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\1049e555d490785eeb1e572a8c2c2637\BDATunePIA.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e8563c8160af362e96d497e6435f9b3d\WsatConfig.ni.exe
+ 2012-02-15 10:40 . 2012-02-15 10:40 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9a22784f4af63232128cbaa639e1852b\WindowsFormsIntegration.ni.dll
+ 2011-10-12 10:32 . 2011-10-12 10:32 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9e99520a2393f70ac01988896581bf7f\UIAutomationClient.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\999ef784434ec236757b4a7398763785\TaskScheduler.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\874aa7b98c4ebc7847d0e48b3849fc93\System.Xml.Linq.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\f61de6d2f8709d6cc93e714e9d10aa3c\System.Web.Routing.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\8a832795b4141222aeb6c82bbed830a5\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\803283970c45b6ddf39a28cf7ae5d595\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\87ea3e377880b16200b776a528d93f63\System.Web.Entity.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\6236d05437120962b9bd9e362998a718\System.Web.Entity.Design.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\5f5b0496a401de814417dc9eacb0dd6e\System.Web.DynamicData.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2cf07c7e75857217010fcb222e671191\System.Web.Abstractions.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0ac84704dce924c06b1913f7c75e6fde\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\978343c0c1e0010f3d1fb4608e27fd78\System.Net.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\fc2d7f986338caadb47cd725b4bc8d62\System.Messaging.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b1280401bb5f397382763b772fc62e3d\System.Management.Instrumentation.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0a1e63771844d9cd84d2bba17868fee3\System.IO.Log.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\0c0985a86f0aa0d6aafe90ccdb1ca856\System.IdentityModel.Selectors.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\c1348dd6bf6f9d037120ac438290ad1c\System.Drawing.Design.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c7907c63508c5cf4e47ed493f2b2bf3a\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6ab1e2e9fd59b7381b15b9bd058a4706\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\8687931c636c0d284abbce9911db81b7\System.Data.Services.Design.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\652b3235e6495973ff4c9c17fed8e529\System.Data.Services.Client.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\0692b2c63f2dcab3aa8c594b726c0210\System.Data.Entity.Design.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\78666e17c270fcfa9b36598400963577\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4eac2f7cb1c834955099131df846e157\System.Configuration.Install.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b96dcd3c7ee7b507dc89801b55edaf9e\System.AddIn.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\289d4e6d05fe5ca5f43330483fb0e549\sysglobl.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\446d3bde682c75d360b9741c2ed30f51\SMSvcHost.ni.exe
+ 2012-02-15 10:39 . 2012-02-15 10:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\fdbe1d8b1bb279e042cdcc1f8a7b6d2c\ServiceModelReg.ni.exe
+ 2012-02-15 10:31 . 2012-02-15 10:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dcd90ef8aff61786a94c097f30d9947d\PresentationFramework.Luna.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b864ec9d102833ef1fa33daa1e16466e\PresentationFramework.Classic.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\69f6cb0fc6bc6ab87a9f1508c20f211d\PresentationFramework.Royale.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\302a17a6b2ce87bad45bef24ea4181fe\napsnap.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1413e5b9bf9341cc2d3ab7f5c877e782\napinit.ni.dll
+ 2011-10-12 10:32 . 2011-10-12 10:32 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\86024627ce245ddb4d6df1acad88b4c6\naphlpr.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\05f4ab404d811899c2e1755e01dc3eb0\MSBuild.ni.exe
+ 2012-02-15 10:39 . 2012-02-15 10:39 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\198ebc0688376cf34789828a00ccc4cc\MMCFxCommon.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\93989e793f3a083f7895ab1d59540126\Microsoft.WSMan.Management.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fa4b24a0327625473ca63733c4208eff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f2cc66a5386dd5098a938b5a00970a23\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f1b69c37894f84ef4a070a00688615f3\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bc25994e8258b77ffe86fb278efb66c8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a6e1a86b775abb8dd57a784ef7e73c4f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\336c27b9f4ef2dc2bf9068897501faff\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\07e3cc9e89d7d02ce64d1f7af425a73f\Microsoft.MediaCenter.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ffc57525fe80f9b7cda217700adaa8f5\Microsoft.ManagementConsole.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b0b6eb3598ea055202d7e8da4e7716e7\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\01413d9fe40693f0c02615092e4338c9\Microsoft.Build.Utilities.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f065aeb58e21ff26f8f2d3be4d5f933\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\4f7c9b0b6c66d7dd85f7c873cc77c8f7\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\8dfba9717d7d59584769123e286c2ba9\EventViewer.ni.dll
+ 2011-10-12 10:31 . 2011-10-12 10:31 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\6c0adc1b359993851c9af87074f237d5\ehiExtens.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c35db08840537350fc9e65b9cefcff86\ehExtHost32.ni.exe
+ 2011-10-12 10:31 . 2011-10-12 10:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\95fcdaa68b7915044d8409e2a6f50547\ComSvcConfig.ni.exe
+ 2012-02-15 10:00 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-02-15 10:00 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-01-11 14:02 . 2011-10-25 15:58 1314816 c:\windows\SysWOW64\quartz.dll
- 2010-02-09 21:17 . 2009-12-04 18:29 1314816 c:\windows\SysWOW64\quartz.dll
+ 2012-01-11 14:02 . 2011-11-18 20:55 1167984 c:\windows\SysWOW64\ntdll.dll
+ 2009-07-18 03:21 . 2012-02-29 23:18 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2012-02-15 10:00 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-02-15 10:00 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-02-15 10:00 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll
- 2011-03-23 10:53 . 2011-02-22 13:33 1068544 c:\windows\SysWOW64\DWrite.dll
+ 2012-03-14 05:22 . 2012-02-13 13:44 1068544 c:\windows\SysWOW64\DWrite.dll
- 2011-02-10 04:17 . 2011-01-20 14:12 1172480 c:\windows\SysWOW64\d3d10warp.dll
+ 2012-03-14 05:22 . 2012-02-13 14:12 1172480 c:\windows\SysWOW64\d3d10warp.dll
+ 2012-02-15 10:00 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-03-14 05:22 . 2012-02-02 15:34 2765824 c:\windows\system32\win32k.sys
+ 2012-02-15 10:00 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-01-11 14:02 . 2011-10-25 16:13 1570816 c:\windows\system32\quartz.dll
- 2010-02-09 21:17 . 2009-12-04 18:51 1570816 c:\windows\system32\quartz.dll
+ 2012-01-11 14:02 . 2011-11-18 20:55 1585152 c:\windows\system32\ntdll.dll
- 2009-10-08 12:40 . 2009-06-15 15:11 1689600 c:\windows\system32\lsasrv.dll
+ 2012-01-11 14:02 . 2011-11-16 16:41 1689600 c:\windows\system32\lsasrv.dll
+ 2012-02-15 10:00 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll
+ 2012-02-15 10:00 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
+ 2012-03-14 05:22 . 2012-02-13 14:03 1555968 c:\windows\system32\DWrite.dll
- 2011-03-23 10:53 . 2011-02-22 13:53 1555968 c:\windows\system32\DWrite.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 1093632 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneDriver.dll
+ 2011-06-06 20:49 . 2011-06-06 20:49 2152176 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WUDFUpdate_01009.dll
+ 2011-06-06 20:49 . 2011-06-06 20:49 1721576 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WdfCoInstaller01009.dll
+ 2011-06-06 20:49 . 2011-06-06 20:49 1721576 c:\windows\system32\DriverStore\FileRepository\wmzuneserusb.inf_a8c8911e\WdfCoInstaller01009.dll
- 2010-09-24 17:50 . 2010-09-24 17:50 1093632 c:\windows\system32\drivers\UMDF\ZuneDriver.dll
+ 2011-07-22 23:47 . 2011-07-22 23:47 1093632 c:\windows\system32\drivers\UMDF\ZuneDriver.dll
+ 2011-11-09 04:41 . 2011-09-20 21:06 1423744 c:\windows\system32\drivers\tcpip.sys
- 2011-02-10 04:17 . 2011-01-20 14:37 2002944 c:\windows\system32\d3d10warp.dll
+ 2012-03-14 05:22 . 2012-02-13 14:38 2002944 c:\windows\system32\d3d10warp.dll
+ 2009-05-07 08:13 . 2012-03-16 20:02 1838096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-05-07 08:13 . 2011-09-20 00:46 1838096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-02-15 06:16 . 2011-11-01 11:24 3186688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-10-11 19:10 . 2011-07-08 11:52 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-10-11 19:10 . 2011-07-08 11:52 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-02-15 06:16 . 2011-11-01 11:23 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-11 19:10 . 2011-07-08 11:53 5911888 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 5911888 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-10-11 19:10 . 2011-07-08 11:53 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-13 10:04 . 2012-03-13 10:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-09-18 10:10 . 2011-09-18 10:10 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-09-18 10:09 . 2011-09-18 10:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-13 10:03 . 2012-03-13 10:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-15 04:58 . 2012-03-15 14:20 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-205834-00000003-ffffffff.bin
+ 2012-03-15 02:09 . 2012-03-15 04:47 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-180900-00000003-ffffffff.bin
+ 2012-03-15 02:15 . 2012-03-01 22:21 8643640 c:\windows\Microsoft Antimalware\Definition Updates\{A3497196-6933-4B3F-8872-32B645E1FD33}\mpengine.dll
+ 2012-03-15 05:00 . 2012-03-01 22:21 8643640 c:\windows\Microsoft Antimalware\Definition Updates\{43D4610E-6251-4ABD-B764-AA7302EB7D88}\mpengine.dll
+ 2011-10-26 23:36 . 2011-10-26 23:36 2829312 c:\windows\Installer\75add71.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\3c150a28.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2247168 c:\windows\Installer\3c150a1e.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\3c150a0c.msp
+ 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\3c150a02.msp
+ 2011-12-25 12:48 . 2011-12-25 12:48 1505792 c:\windows\Installer\132bb4d3.msp
+ 2011-12-26 13:24 . 2011-12-26 13:24 8835072 c:\windows\Installer\132bb4ca.msp
+ 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\11a8de5c.msp
+ 2011-12-13 07:10 . 2011-12-13 07:10 4703232 c:\windows\Installer\11a8de5b.msp
+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 07:14 . 2011-08-03 07:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-03-16 01:35 . 2012-03-16 01:35 5718016 c:\windows\ERDNT\3-15-2012\Users\00000002\UsrClass.dat
+ 2012-03-16 01:35 . 2012-03-16 01:35 2404352 c:\windows\ERDNT\3-15-2012\Users\00000001\ntuser.dat
+ 2012-03-13 10:09 . 2012-03-13 10:09 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
+ 2012-03-13 10:05 . 2012-03-13 10:05 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b60e888b3b9e41d46dcbd34d9fae80d6\System.Web.Services.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
+ 2012-03-13 10:17 . 2012-03-13 10:17 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll
+ 2012-03-13 10:15 . 2012-03-13 10:15 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ae0350a4319938f36788f102a46ae925\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-13 10:14 . 2012-03-13 10:14 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll
+ 2011-11-18 19:44 . 2011-11-18 19:44 5658624 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\c6107471b8f6d6f2eb782cc788fe3a24\ZuneShell.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 5658624 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\38ec4a36a4ffdee31b203b7796954403\ZuneShell.ni.dll
+ 2011-11-18 19:44 . 2011-11-18 19:44 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\7e73466953b9f6f1ec36b16294bfeba3\ZuneDBApi.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\12d4412023b3deb586d10c5b8d1424a6\ZuneDBApi.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\38422ddfb88ccd3c565063035ebf3244\WindowsBase.ni.dll
+ 2012-02-15 10:28 . 2012-02-15 10:28 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\25872726936ed8841436a524593d63a1\WindowsBase.ni.dll
+ 2011-11-18 19:44 . 2011-11-18 19:44 6219776 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\9ad61b7eb1735a972e6136d17a42fd93\UIX.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 6219776 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\27438776ffb34d834b239f1197e0485a\UIX.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 2632192 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\88df8e0913ac5d1bc302d132010bc589\UIX.RenderApi.ni.dll
+ 2011-11-18 19:44 . 2011-11-18 19:44 2632192 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\15ef8e1c7b7d83e3764d58334c302cef\UIX.RenderApi.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\d1f22fe58e8a36168016110cca333f35\UIAutomationClientsideProviders.ni.dll
+ 2011-10-12 10:38 . 2011-10-12 10:38 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\7fa48da22e345b49d1f50bbaa5ffc39c\UIAutomationClientsideProviders.ni.dll
+ 2012-02-15 10:30 . 2012-02-15 10:30 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d83de90759ccad6d8dce7cdd16df798d\System.Xml.ni.dll
+ 2011-10-12 10:30 . 2011-10-12 10:30 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d444289d3cf8f139ec57cee71c59a4f9\System.Xml.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\feaffadaa3f97b0c4fb95523f7cae466\System.WorkflowServices.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\4223600dc6133441b1898abaf12031ca\System.WorkflowServices.ni.dll
+ 2012-01-12 10:06 . 2012-01-12 10:06 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\afbeeaf9c41f39886704cbf181b1feb2\System.Workflow.Runtime.ni.dll
+ 2012-02-15 10:30 . 2012-02-15 10:30 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\1388f6ea2b0480b586280f1c3398c20c\System.Workflow.Runtime.ni.dll
+ 2012-02-15 10:30 . 2012-02-15 10:30 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\c90eeca87d0cfad619845cb3f35a2606\System.Workflow.ComponentModel.ni.dll
+ 2012-01-12 10:06 . 2012-01-12 10:06 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ac5a3688b743358aa5b24b9efd971d9d\System.Workflow.ComponentModel.ni.dll
+ 2012-02-15 10:30 . 2012-02-15 10:30 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\566e7ad1d6e98704b926996e959957f0\System.Workflow.Activities.ni.dll
+ 2012-01-12 10:05 . 2012-01-12 10:05 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\007c8c2f4141fd472da7d3558efba598\System.Workflow.Activities.ni.dll
+ 2012-01-12 10:08 . 2012-01-12 10:08 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f3222dbcdeebd53ee1c3f88c9ebf6c94\System.Web.Services.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\202e1c4478bb2a6d6bda717039909f98\System.Web.Services.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\788637c2fe1980943722fdc30e14e54a\System.Web.Mobile.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\525e8846136415d472c2e7ba482ccd54\System.Web.Mobile.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cedfd9b90274b017d11ed50abe8634e8\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c0d2bc2e2357ed023b85d18b96e21d60\System.Web.Extensions.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\0560ed537c7f0f8e894371a4e07d14a9\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\03cd3539739848c8ab17c469cbd383d8\System.Web.Extensions.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\e0ad1fc372b77c63962d0ac7435c8ea7\System.Speech.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\170d1b4e12a2f95dafa23eaa6d688ae9\System.Speech.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\cb5200c2d67ebf37333bdd57a06e7a11\System.ServiceModel.Web.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\161e0c575e47b866c74fc9f67a218704\System.ServiceModel.Web.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0a2450bff855e1635f902a1dcead8aa4\System.Runtime.Serialization.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0923cf543f311891eeae4e5ce30ca46c\System.Runtime.Serialization.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\ff44b057a3140f227295d685d9a4875e\System.Runtime.Remoting.ni.dll
+ 2012-01-12 10:08 . 2012-01-12 10:08 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a0a442c47ac0b846bb886aa405a10138\System.Runtime.Remoting.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\c9a260f49f8d68c27828e886deed8c2a\System.Printing.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\65f0a2b25abe0096d6518638049783b5\System.Printing.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\bad8bf7c0cfe20ebaaec03f38dc02536\System.Management.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2ecec1b5620795b9330bb6fadbe5e319\System.Management.ni.dll
+ 2012-01-12 10:09 . 2012-01-12 10:09 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\74f5ddf803f50c428293fe6115d6eea7\System.IdentityModel.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\50b67e51c77e7563dc9c4c5d241621f8\System.IdentityModel.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1a90a8d222464221458d0ebef4ac8216\System.EnterpriseServices.ni.dll
+ 2011-10-12 10:29 . 2011-10-12 10:29 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\bb534aa272960f375bef0d75162b5249\System.Drawing.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1afaf284590c36dab0dd04900e831003\System.Drawing.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ed7fb15bcbe8f5feffe378ead395e7a5\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d33cb141beadd31bbfacdaaa2a8c9eb0\System.DirectoryServices.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d331e73478ddb35b0cdf57fb5d20f36b\System.DirectoryServices.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\8e50c51664409fd0827cad6f3bd6620f\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7c69e3dc27ebcbcfb593441dde062f9f\System.Deployment.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\1022c06835e5efb9182a51a9cc8bed0a\System.Deployment.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\9b667f51f9e74c247d316347e877bcb8\System.Data.ni.dll
+ 2011-10-12 10:29 . 2011-10-12 10:29 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\54a302a693fe200dca13ae027dd1483e\System.Data.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\ca490db992ca01cd0738cc925ff19667\System.Data.SqlXml.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\890ddce9d0da20701310973b426ad9bc\System.Data.SqlXml.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\623fe421e955fea3584af075f5791b25\System.Data.Services.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3a35cfdccde13bc82cad2d185cbf499b\System.Data.Services.ni.dll
+ 2012-02-15 10:37 . 2012-02-15 10:37 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\ba62bcf7cadca469b4dca5c359a25d5c\System.Data.Services.Client.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\482a5772033d3697d48cd56fabaa8f47\System.Data.Services.Client.ni.dll
+ 2011-10-12 10:34 . 2011-10-12 10:34 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\f94166a266be79a233e9adaef6dab1b7\System.Data.OracleClient.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\44b712cef2634344f6937bc262ef4694\System.Data.OracleClient.ni.dll
+ 2011-10-12 10:29 . 2011-10-12 10:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\a9b091af2bfa6b42d6d4ba21bbab2654\System.Data.Linq.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\526525bada7c41807b7c7f5163cd6b9b\System.Data.Linq.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\e0fae46f26c65a886991bb79b7b9226e\System.Data.Entity.Design.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\31ea0ae493a84f5f9fdb53ac2ea0ef5e\System.Data.Entity.Design.ni.dll
+ 2011-10-12 10:29 . 2011-10-12 10:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\d29cd9af48c9f04e62f28a358ce7a5ef\System.Core.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\8a86a03df8c034f9fe94a90a8b33db3e\System.Core.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ed12ba2bc40f63f4df4a88d0dc63d944\System.Configuration.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\50f97a989230bfb46ad7522a8b5b2512\System.Configuration.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\cea11bf24c34ec3c60e3c625a5352bf8\ReachFramework.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\84498b1de82bbca231c0f2c752f006a0\ReachFramework.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fbbc64b5a3c02693e17b46185eb9c694\PresentationUI.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\2f6ef4c26e7407afd96c67a356654b49\PresentationUI.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\f279cbbbf242e95f1585e0ed3cce3a8c\PresentationBuildTasks.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0bad6e741e9b73cc6cc2c935f0e42785\PresentationBuildTasks.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\fae816622f2bd77ac9cb69ab8caf1439\Narrator.ni.exe
+ 2011-10-12 10:37 . 2011-10-12 10:37 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\5668e146fdbccc3f9f4b21d5a70b7eb4\Narrator.ni.exe
+ 2011-10-12 10:36 . 2011-10-12 10:36 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\acd4d9299552d5e1680f939da1001675\MMCEx.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\813233f023d8a37741bf10a899a40d86\MMCEx.ni.dll
+ 2012-01-12 10:09 . 2012-01-12 10:09 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\6029a4ca1be3d971d470eb2c1ff627e0\MIGUIControls.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\27671a1907d4daac68d35b72cb945526\MIGUIControls.ni.dll
+ 2012-01-12 10:10 . 2012-01-12 10:10 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\7fe40682a4f2f30ddb25da3a8796d282\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\0dd8910bfe51905a020755c33972874b\Microsoft.VisualBasic.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\f0e3b091c929659d66eb6d38806c9918\Microsoft.Transactions.Bridge.ni.dll

#12 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 16 March 2012 - 05:49 PM

+ 2012-02-15 10:34 . 2012-02-15 10:34 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\33d0757ae05cf2701e0e0a650be1fd6f\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f602483681a340d774a3fb19e3f5faaf\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a8ca266acdc1120f6cbaf16bf1f5be12\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\93a00009479393fb3dc23107fbd06613\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\70876695a10b89775f51fd2033220260\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\51e93fa5d3d932b5446137a795ca9c20\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\4ee8d9de2acfeb69ef137dc0683adfab\Microsoft.PowerShell.Editor.ni.dll
+ 2012-01-12 10:09 . 2012-01-12 10:09 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23408f67b7fddc32d03fa6d8deeafcd7\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0c4f40ac6da2baed13644ab6360fd76c\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9df3f852b8583da755e4cb9a2f6a1842\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-12 10:09 . 2012-01-12 10:09 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3894a5164ae656639bed7f6270f97182\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\a42e9c2f3579a23f3fe9e6763e53ace3\Microsoft.JScript.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\0d63b26057e00a40a7cfdfb58d7593cd\Microsoft.JScript.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a10c7341ff111e139130e620d26d3a0a\Microsoft.Ink.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3045878874146498c9da9a6eed4be62b\Microsoft.Ink.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a122edc697aa66875d7ff60eb40d8227\Microsoft.Build.Tasks.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\82f74fab143033cd45fcd41b17ad022c\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\72488f2c9eb8bf1a2dde5c3496d8522a\Microsoft.Build.Tasks.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\36b5545313b5fe7626a8f19a777fe4be\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\e01249a28f97e19d607b4d3695561775\Microsoft.Build.Engine.ni.dll
+ 2011-10-12 10:33 . 2011-10-12 10:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ce277fc44040a06e7b22f2715d7a05bf\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ac7f321c96e23b280451869622c3de29\Microsoft.Build.Engine.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\9fa4fecb821f6b383105ca9c998822ff\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\cff7496ab1f3cc4bd4c5917a295052b3\ehRecObj.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\0430891c4fd63c2c2c57e8818837b8e9\ehRecObj.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 1984000 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\738c623aea8c89726fa53d742c8307ad\ehiVidCtl.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\98e0dc72b212c67832a3ab534793f196\ehiProxy.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\a0e13fcedfd3edbc2b31061df9e7103c\ehiPlay.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\d1517599f8ef900469465ef058a6e376\ehepg.ni.dll
+ 2011-10-12 10:35 . 2011-10-12 10:35 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\51f89ed8312bfbd2e4b432063c6b94a5\ehepg.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\5764bf0f628c3005df47256066e1546e\UIAutomationClientsideProviders.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\42aab7622ac540a7f723746eb504b8bf\System.WorkflowServices.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\90830f08864867269d0d67ddc69e0c91\System.Workflow.Runtime.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ef2ac8fea39fff26760ecaa2b6a8a1e4\System.Workflow.ComponentModel.ni.dll
+ 2012-02-15 10:32 . 2012-02-15 10:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a9e0a2d0092048b7cbdf047ac67a0a70\System.Workflow.Activities.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9e9b877233af4f943e1bba780b767edb\System.Web.Mobile.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\429a4d04621db0948decbf5ba1179099\System.Web.Extensions.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8c79bebe646434c3e598ccc2f81dfded\System.Speech.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\55fa3e9bbc83c786ece774b817e5aea9\System.ServiceModel.Web.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\bf625b2c81489c9f180244f24c905c6b\System.Printing.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\327db12a0bf01375d7984a1ebaae1e94\System.Management.Automation.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bca583078ddeedc872dd636e2ef62fc9\System.DirectoryServices.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4b20b4caec77caa9c2ecec32801d1f94\System.Data.SqlXml.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\acb2030c6bb75a2bd3bb93006a3a9850\System.Data.Services.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3e80c188333aed0aec65becc922c64cf\System.Data.OracleClient.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\41070ea901fdce7f37b6bc967aa64510\System.Data.Linq.ni.dll
+ 2012-02-15 10:40 . 2012-02-15 10:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19b6aa7e9b2c27c7f73af48e0a02b20b\System.Data.Entity.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\30fe25ea2dd3b99aafe164fb198eed2e\System.Core.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb002fac5d128e82d1b8c77243ec017f\ReachFramework.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0efbdcfbf8a59e108caa1b96d07df18c\PresentationUI.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\54a4b03bb83da6e95ba6644c62a0d249\PresentationBuildTasks.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\771ae0bc781975352dca1e1930152a06\Narrator.ni.exe
+ 2012-02-15 10:39 . 2012-02-15 10:39 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\d3f65df6ca5307d1d9635503e26952c8\MMCEx.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\721eab22dc9448c3a84463ead0641e70\MIGUIControls.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6a5a1bc9e5ba685875280d484d8aeeba\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bfea2eb1264108a486d86a923bd62713\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7d430a20a2015ada714a72f098748fbc\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4af36bc8b46bc6ae86b30c70e19779ce\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7650918339cfbde0e437441b28cb58d1\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\d7fff1d75940f513826f747729a3d10d\Microsoft.JScript.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\552f955312b006ea0c597e554b0768bc\Microsoft.Ink.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e17974befe435fb95ff9c9eba9e48a2b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\07dafaf97513402d4bb1e9ed741025fb\Microsoft.Build.Tasks.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f7e039f4c9127e3fcb8cd4a7c1fd6bc6\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 06:16 . 2011-11-01 11:23 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-08 10:01 . 2010-10-08 10:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 10:06 . 2012-01-12 10:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-11 19:10 . 2011-07-08 11:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-11 14:02 . 2011-12-27 02:51 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-15 14:13 . 2011-03-29 10:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-11 19:10 . 2011-07-08 11:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 10:00 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll
- 2006-11-02 12:33 . 2011-09-17 04:25 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-03-15 00:02 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-02-15 10:00 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll
+ 2006-11-02 12:35 . 2012-03-14 10:00 56297240 c:\windows\system32\mrt.exe
+ 2012-02-29 23:18 . 2012-02-29 23:18 11350688 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2012-02-15 10:00 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll
+ 2010-10-25 04:24 . 2012-03-16 20:02 14586588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-809377086-3892647188-450367023-1000-12288.dat
+ 2011-10-11 19:10 . 2011-07-08 11:52 10020688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-09-16 01:37 . 2011-09-16 01:37 38176256 c:\windows\Installer\d3356fb.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 37148160 c:\windows\Installer\d3356de.msp
+ 2011-07-12 00:33 . 2011-07-12 00:33 23254016 c:\windows\Installer\5110b81.msp
+ 2012-02-16 10:00 . 2012-02-16 10:00 20333056 c:\windows\Installer\50f768b.msp
+ 2011-10-12 10:07 . 2011-10-12 10:07 20333568 c:\windows\Installer\2adb252b.msp
+ 2011-11-22 07:42 . 2011-11-22 07:42 33189888 c:\windows\Installer\18c3fe9.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\11a8de5d.msp
+ 2011-08-04 02:53 . 2011-08-04 02:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-03-13 10:05 . 2012-03-13 10:05 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll
+ 2012-03-13 10:11 . 2012-03-13 10:11 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-03-13 10:13 . 2012-03-13 10:13 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-03-13 10:12 . 2012-03-13 10:12 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-03-13 10:08 . 2012-03-13 10:08 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-13 10:10 . 2012-03-13 10:10 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-13 10:09 . 2012-03-13 10:09 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-03-13 10:05 . 2012-03-13 10:05 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
+ 2012-03-13 10:16 . 2012-03-13 10:16 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
+ 2012-03-13 10:06 . 2012-03-13 10:06 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
+ 2012-03-13 10:05 . 2012-03-13 10:05 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
+ 2011-10-12 10:27 . 2011-10-12 10:27 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\f12d03e6dad70f35e012254871553713\System.ni.dll
+ 2012-02-15 10:27 . 2012-02-15 10:27 10603008 c:\windows\assembly\NativeImages_v2.0.50727_64\System\9c5a20ad9bca08482932ce1b66e020b7\System.ni.dll
+ 2012-02-15 10:30 . 2012-02-15 10:30 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ccc446f5c5936c2704b3ab8a815a8735\System.Windows.Forms.ni.dll
+ 2011-10-12 10:29 . 2011-10-12 10:29 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\5cb03828bc75159bc60c7ba3b192f63d\System.Windows.Forms.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\6a969719f2356dcb2ad153c50580f017\System.Web.ni.dll
+ 2012-01-12 10:08 . 2012-01-12 10:08 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\0a2ea7a9a9d9fd9ae47468adbdee2e05\System.Web.ni.dll
+ 2012-01-12 10:09 . 2012-01-12 10:09 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\efc60b11b649ed506c64172b3373f936\System.ServiceModel.ni.dll
+ 2012-02-15 10:33 . 2012-02-15 10:33 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\dee3b7b085bb4d8d12fbc10e0c1e7d77\System.ServiceModel.ni.dll
+ 2011-10-12 10:36 . 2011-10-12 10:36 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\f20cd853902d31f596cb77e1fb0a5011\System.Management.Automation.ni.dll
+ 2012-02-15 10:35 . 2012-02-15 10:35 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\903f8ff578c0a5f39df8f827c60b6534\System.Management.Automation.ni.dll
+ 2012-01-12 10:05 . 2012-01-12 10:05 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\c41b930b44ddfaef2faf314f690bb35e\System.Design.ni.dll
+ 2012-02-15 10:29 . 2012-02-15 10:29 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\9624fa95cbda77d9a5a9ff6f48f31ca9\System.Design.ni.dll
+ 2012-02-15 10:36 . 2012-02-15 10:36 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\b07702051c0a4be42cb0458ba4cc9869\System.Data.Entity.ni.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\0359dddfa810980ea79ff603f8977974\System.Data.Entity.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9571673404921b0e6a53a4d1d00891a2\PresentationFramework.ni.dll
+ 2012-02-15 10:28 . 2012-02-15 10:28 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7c3a6bfde371b3a5933286f61482ba39\PresentationFramework.ni.dll
+ 2011-10-12 10:28 . 2011-10-12 10:28 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\6cc39b5515d14c1670b7a1a47b947420\PresentationCore.ni.dll
+ 2012-02-15 10:28 . 2012-02-15 10:28 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0f625fbf49e2b82e827e7fbf514a3473\PresentationCore.ni.dll
+ 2011-10-12 10:27 . 2011-10-12 10:27 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\897e1f6e4749dcdf03064150aa556c8c\mscorlib.ni.dll
+ 2012-01-12 10:09 . 2012-01-12 10:09 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\b8a06c151452395f513aaa5d730fb5a4\ehshell.ni.dll
+ 2012-02-15 10:34 . 2012-02-15 10:34 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\685df08aebcc133240f869b141c08c33\ehshell.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
+ 2012-02-15 10:38 . 2012-02-15 10:38 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
+ 2012-02-15 10:39 . 2012-02-15 10:39 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\77f15f1c4c6266eaac33f0396a04e28e\System.Design.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
+ 2012-02-15 10:31 . 2012-02-15 10:31 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
+ 2011-10-12 10:26 . 2011-10-12 10:26 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-4 113664]
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 22:40]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 22:40]
.
2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-03-16 13:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 20:16
ComboFix2.txt 2011-09-20 00:54
.
Pre-Run: 284,586,586,112 bytes free
Post-Run: 287,803,613,184 bytes free
.
- - End Of File - - 242CDCF42F77150E75C4B91CCD5DE84C

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 17 March 2012 - 07:50 AM

In your next reply, go to folder C:\qoobox find the log-file ComboFix-quarantined-files.txt and Attach it.

MBAM result i most excellent: it tagged nothing. It appears the earlier run of TDSSKILLER did the heavy lifting.

This system needs Java runtime updated, and Adobe Reader updated as well.

Posted Image
Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Step 2
Older versions of Adobe Reader pose a potential security risk.
De-install your Adobe Reader: Remove Adobe Reader.

Get the latest version from http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan or any "toolbar"

Step 3
Close any apps you started. And Start MS Security Essentials.
Do an UPDATE run.
Making sure it is updated, do a full scan of system.

Let me know the results of MSE scan, Attach the ComboFix-quarantined-files.txt,
and tell me, How is your system now?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 17 March 2012 - 09:36 PM

Well, the full MSE scan only 5 the 5 trojans from the ComboFix quarantined file...They are
Win64/Alureon.gen!F
Win32/Alureon.gen!AD
Win64/Alureon.gen!J
Win32/Orsam!rts
Win32/Alureon.FK

And, I'm sorry, but I don't see an option to attach a file. I found the ComboFix file, but can you tell me how to attach it?

#15 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 17 March 2012 - 09:41 PM

Ah, found it

Attached Files



#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 March 2012 - 10:21 AM

Let's follow-up with some other scans and a report.
Step 1
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:
{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}
  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology

    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/...c4.php?page=faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

Step 2
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3
You have Security Check utility already. Start & run it.

Reply with copy of contents of the ESET scan log
Latest MBAM scan log
& Checkup.txt
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#17 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 18 March 2012 - 02:03 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=333d0e57897ef54d8bd2a3956fc25ecd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-18 06:44:01
# local_time=2012-03-18 11:44:01 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 15847621 168689131 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=312582
# found=7
# cleaned=0
# scan_time=5816
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\extensions\{7a1c9476-a882-49b9-a94c-1cb91100b1d7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
H :: H-PC [administrator]

3/18/2012 11:48:23 AM
mbam-log-2012-03-18 (11-48-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191485
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Results of screen317's Security Check version 0.99.31
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

#18 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 March 2012 - 02:39 PM

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :files
    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe
    C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe
    C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta
    C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta
    C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta
    C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

After doing that, do the cleanup steps in the following. And follow the tips to keep your system safer.


If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combofix Posted Image
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\H\Desktop\ComboFix /uninstall
  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.

    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter
IF in the case Combofix un-install has an issue, skip that step.

NEXT
  • Please double-click OTL.exe Posted Image to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
I re-emphasize again, an important safety feature of Windows is UAC. Turn it ON
see http://windows.micro...ntrol-on-or-off
We are finished here. Best regards.

Edited by Maurice Naggar, 18 March 2012 - 02:42 PM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#19 redjack99

redjack99

    New Member

  • Members
  • Pip
  • 14 posts

Posted 18 March 2012 - 03:07 PM

Thanks for all of your help. Here is the results of OTL:

========== FILES ==========
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully.
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe moved successfully.
C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta moved successfully.
C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta moved successfully.
C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta moved successfully.
File\Folder C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe not found.

OTL by OldTimer - Version 3.2.39.1 log created on 03182012_130156


It couldn't find the last file, but did not ask me to reboot. Not sure if that is an issue or something lingering to be concerned about?

I'll begin the cleanup process you reference and the steps to protect myself in the future. Thanks again for all of your efforts and time.

#20 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 March 2012 - 03:13 PM

No need for concern on the file not found in this list. I believe the 2nd line took care of the parent entry.
You are welcome. Please keep safety/security foremost in mind.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users