redjack99

SVCHost trojan or Alureon

23 posts in this topic

Hello, Microsoft Security Essentials indicatates I've got the Alureon Trojan. I've ran Malwarebytes and it says I've got a trojan SVChost. I can't seem to get them removed. I'd appreciate any help you can provide. Thanks

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Run by H at 16:53:45 on 2012-03-15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4071 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskeng.exe

-netsvcs

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\sdclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{22495898-5C40-4242-A868-481870BBACDD} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 MpKslf8e589f0;MpKslf8e589f0;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys [2012-3-15 35664]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-2-3 1155072]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-24 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]

S3 UPnPService;UPnPService;C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2009-11-2 548864]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-03-15 23:38:32 20480 ------w- C:\Windows\svchost.exe

2012-03-15 23:37:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\offreg.dll

2012-03-15 23:37:37 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys

2012-03-15 23:19:17 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\mpengine.dll

2012-03-15 02:08:59 -------- d-----w- C:\Windows\Microsoft Antimalware

2012-02-15 06:16:08 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 06:16:08 621056 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-15 06:16:05 404992 ----a-w- C:\Windows\System32\drivers\afd.sys

.

==================== Find3M ====================

.

2012-02-29 23:18:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-09 16:16:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll

2012-01-09 15:54:08 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll

2012-01-09 14:27:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

.

============= FINISH: 16:54:56.47 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/28/2009 7:33:43 AM

System Uptime: 3/15/2012 4:37:10 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 1200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 242.898 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.368 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 932 GiB total, 412.799 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

ActionOutline Pro 3.0

ActiveCheck component for HP Active Support Library

Adobe Flash Player 10 ActiveX

Adobe Photoshop 7.0

Adobe Reader 9.4.7

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

ArcSoft PhotoImpression 6

ArcSoft PhotoStudio 5.5

ArcSoft Print Creations

Audible Download Manager

Belkin 54g USB Network Adapter

Belkin 54Mbps Wireless Network Adapter

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Codec

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.6

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities WFT-E1/E2/E3/E4 Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

Default Manager

DirectX for Managed Code Update (Summer 2004)

DVD Shrink 3.2

DVDFab 6.0.2.2 (June 26, 2009)

EPSON CX9400 User's Guide

EPSON Scan

EPSON Stylus CX9400Fax Series Scanner Driver Update

Firebird SQL Server - MAGIX Edition

FixRedirectVirus

GEAR driver installer for x86 and x64

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HP Support Information

HP Total Care Setup

HP Update

HPAsset component for HP Active Support Library

ImgBurn

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

LabelPrint

LightScribe System Software

Macromedia Dreamweaver MX 2004

Macromedia Extension Manager

Magic Audio Recorder v7.4.0.11

MAGIX MP3 Maker 15 Download version 10.0.0.317 (UK)

MAGIX Screenshare 4.3.6.1987 (UK)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Live Search Toolbar

Microsoft Office 2000 Professional

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Photodex Presenter

PictureMover

Power2Go

PowerDirector

Python 2.6 pywin32-212

Python 2.6.1

Quicken 2006

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Segoe UI

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Veetle TV 0.9.15

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

3/15/2012 6:22:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/15/2012 4:39:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

3/15/2012 4:37:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/15/2012 4:36:30 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.

3/15/2012 4:07:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 8:53:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 8:49:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 6:06:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 6:00:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 5:04:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/14/2012 3:21:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/11/2012 4:20:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.121.1330.0).

3/11/2012 4:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1319.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070643 Error description: Fatal error during installation.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 6

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & TDSSKILLER log & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Do NOT attach your logs. Always Copy & Paste

P.S. Do NOT do any websurfing or online transactions of any kind. Only go to this forum & sites I guide you to.

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by H at 2012-03-15 18:38:41

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 249 GB (42%) free of 596 GB

Total RAM: 6133 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:38:48 PM, on 3/15/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\H.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UPnPService - Magix AG - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10571 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

wininit.exe

C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files\LSI SoftModem\agr64svc.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"

"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"

"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"

"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI

"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"

C:\Windows\System32\svchost.exe -k WerSvcGroup

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"

WLIDSvcM.exe 2392

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e96ceb24-497d-49a7-92d9-9de9531d263b -SystemEventPortName:HostProcess-9e33d973-a39b-4775-9662-24538968d305 -IoCancelEventPortName:HostProcess-77b0192e-bb45-4fd1-9223-bedb624162de -NonStateChangingEventPortName:HostProcess-70206ed7-5c71-4fe7-a8c0-5f97e1b5e304 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3e675d7b-beb4-4c8d-a480-d0e79cfecd6d

"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"

taskeng.exe {8C12CB59-0C1B-48A9-BEF4-9EDF553EA6D6}

-netsvcs

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

taskeng.exe {24E8912B-5B18-4699-8A1C-0D5B7081D73E}

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe"

"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Zune\ZuneLauncher.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"C:\Windows\ehome\ehtray.exe"

"C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe" /Startup

"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"

"C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

"C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

"C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Windows\system32\igfxsrvc.exe -Embedding

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files\iPod\bin\iPodService.exe"

"C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE" -Embedding

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\ehome\ehmsas.exe -Embedding

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto

C:\Windows\system32\sdclt.exe /DETECTFAILURE

C:\Windows\system32\svchost.exe -k SDRSVC

splwow64

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe16_ Global\UsGthrCtrlFltPipeMssGthrPipe16 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648

"C:\Users\H\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\PCDRScheduledMaintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"HP Remote Software"=C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [2009-02-06 172032]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 154648]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 227352]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 202264]

"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-03-05 915512]

"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904]

"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

"HPADVISOR"=c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-04-03 1644088]

"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]

"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]

"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]

"UpdateP2GoShortCut"=c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]

"UpdateLBPShortCut"=c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]

"UpdatePDIRShortCut"=c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]

"UpdatePSTShortCut"=c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]

"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2009-04-09 1328424]

"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-04-09 185640]

"DVDAgent"=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-19 1148200]

"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

"Microsoft Default Manager"=c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-11-12 141600]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2012-01-13 1081416]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Audible Download Manager.lnk - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-02-26 230400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutorun"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-03-15 18:38:41 ----D---- C:\rsit

2012-03-15 18:38:41 ----D---- C:\Program Files\trend micro

2012-03-15 18:33:27 ----D---- C:\Program Files (x86)\ERUNT

2012-03-15 16:38:32 ----N---- C:\Windows\svchost.exe

2012-03-14 19:08:59 ----D---- C:\Windows\Microsoft Antimalware

2012-03-14 03:03:00 ----A---- C:\Windows\system32\MRT.INI

2012-03-13 22:22:24 ----A---- C:\Windows\system32\win32k.sys

2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\DWrite.dll

2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll

2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll

2012-03-13 22:22:23 ----A---- C:\Windows\SYSWOW64\d2d1.dll

2012-03-13 22:22:23 ----A---- C:\Windows\system32\DWrite.dll

2012-03-13 22:22:23 ----A---- C:\Windows\system32\d3d10warp.dll

2012-03-13 22:22:23 ----A---- C:\Windows\system32\d3d10_1core.dll

2012-03-13 22:22:22 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll

2012-03-13 22:22:22 ----A---- C:\Windows\system32\d3d10_1.dll

2012-03-13 22:22:22 ----A---- C:\Windows\system32\d2d1.dll

2012-03-13 22:22:21 ----A---- C:\Windows\system32\rdpencom.dll

2012-03-13 22:22:20 ----A---- C:\Windows\SYSWOW64\rdpencom.dll

2012-03-13 22:22:20 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2012-02-29 16:18:10 ----D---- C:\Windows\system32\Macromed

======List of files/folders modified in the last 1 month======

2012-03-15 18:38:41 ----RD---- C:\Program Files

2012-03-15 18:38:10 ----D---- C:\Windows\temp

2012-03-15 18:35:10 ----D---- C:\Windows\ERDNT

2012-03-15 18:33:27 ----RD---- C:\Program Files (x86)

2012-03-15 18:07:50 ----D---- C:\Windows\System32

2012-03-15 18:07:50 ----D---- C:\Windows\inf

2012-03-15 18:07:50 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-03-15 18:07:15 ----D---- C:\Windows\Prefetch

2012-03-15 16:38:32 ----D---- C:\Windows

2012-03-15 16:19:26 ----SHD---- C:\System Volume Information

2012-03-15 16:09:43 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-15 16:09:38 ----D---- C:\Windows\system32\drivers

2012-03-14 17:46:09 ----SD---- C:\ProgramData\Microsoft

2012-03-14 03:31:06 ----D---- C:\Windows\winsxs

2012-03-14 03:25:23 ----D---- C:\Windows\Microsoft.NET

2012-03-14 03:21:00 ----D---- C:\Windows\system32\catroot

2012-03-14 03:18:37 ----D---- C:\Windows\SysWOW64

2012-03-14 03:18:36 ----D---- C:\Program Files\Windows Mail

2012-03-14 03:18:36 ----D---- C:\Program Files (x86)\Windows Mail

2012-03-14 03:00:51 ----A---- C:\Windows\system32\mrt.exe

2012-03-13 22:22:10 ----D---- C:\Windows\system32\catroot2

2012-03-13 17:28:28 ----D---- C:\Users\H\AppData\Roaming\Amazon

2012-03-13 03:17:34 ----RSD---- C:\Windows\assembly

2012-03-13 03:07:06 ----SHD---- C:\Windows\Installer

2012-02-18 15:16:13 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-02-18 15:09:46 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2008-12-04 407064]

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]

R1 MpKslf8e589f0;MpKslf8e589f0; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys [2012-03-15 35664]

R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-09-18 22784]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-01-20 1254400]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2010-02-04 34152]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-02-26 10276352]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-02-11 1708192]

R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2011-06-26 575488]

R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-07-15 82816]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2009-01-20 195584]

R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984]

R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 112128]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 172544]

S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-20 58496]

S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-20 48768]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-20 61568]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]

S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]

S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]

S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-09 5120]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2008-05-02 8704]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2009-08-28 49152]

S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-10 32768]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2008-05-02 8704]

S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 36864]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2008-08-26 16896]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]

R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 660256]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2008-12-08 242424]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 136176]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-07-04 68096]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

S3 UPnPService;UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-03-15 18:38:49

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\4 Elements\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bejeweled Twist\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Bus Driver\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Farm Mania\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Final Drive Nitro\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Mahjongg Artifacts\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe"

-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"

-->C:\Program Files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

ActionOutline Pro 3.0-->"C:\Program Files (x86)\ActionOutline\unins000.exe"

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe -maintain plugin

Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 9.4.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}

Agere Systems PCI-SV92EX Soft Modem-->C:\Windows\agrsmdel

Amazon MP3 Downloader 1.0.12-->C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Mobile Device Support-->MsiExec.exe /I{9EFC40E3-5F31-4F75-8445-286273F74D8E}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcSoft PhotoImpression 6-->C:\Program Files (x86)\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly

ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}\setup.exe" -l0x9

ArcSoft Print Creations-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9

Audible Download Manager-->C:\Program Files (x86)\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall

Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9

Belkin 54Mbps Wireless Network Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}\setup.exe -runfromtemp -l0x0009 -removeonly

Bonjour-->MsiExec.exe /I{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}

CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"

Canon Internet Library for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"

Canon iP4800 series Printer Driver-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series /L0x0009

Canon MOV Decoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"

Canon MOV Encoder-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon RAW Codec-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\RAWCodec170\CRCUnInstall.ini"

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Utilities CameraWindow-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"

Canon Utilities Digital Photo Professional 3.6-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Digital Photo Professional\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\EOS Utility\Uninst.ini"

Canon Utilities MyCamera-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\MyCamera\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\PhotoStitch\Uninst.ini"

Canon Utilities Picture Style Editor-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\Picture Style Editor\Uninst.ini"

Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities WFT-E1/E2/E3/E4 Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\WFT Utility\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"

Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files (x86)\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall

CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Default Manager-->MsiExec.exe /I{AE469025-08BA-4B2A-915D-CC7765132419}

DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"

DVDFab 6.0.2.2 (June 26, 2009)-->"C:\Program Files (x86)\DVDFab 6\unins000.exe"

EPSON CX9400 User's Guide-->C:\Program Files (x86)\epson\guide\cx9400_e\uninstall.exe

EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\x64\3\EPUPDATE.EXE /R

EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r

EPSON Stylus CX9400Fax Series Scanner Driver Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}\Setup.exe" -l0x9

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}

FixRedirectVirus-->"C:\Program Files (x86)\FixRedirectVirus\uninstall.exe" "/U:C:\Program Files (x86)\FixRedirectVirus\Uninstall\uninstall.xml"

GEAR driver installer for x86 and x64-->MsiExec.exe /I{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}

Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

HP Active Support Library-->"C:\Program Files (x86)\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly

HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly

HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"

HP MediaSmart Demo-->"C:\ProgramData\Hewlett-Packard\HP MediaSmart Demo\unins000.exe"

HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall

HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall

HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall

HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS

HP MediaSmart SmartMenu-->MsiExec.exe /I{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}

HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}

HP Remote Software-->MsiExec.exe /X{5F240DB8-0D74-4F13-86C3-929760392A8D}

HP Total Care Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly

HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"

Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall

Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

iTunes-->MsiExec.exe /I{C9C243B9-03BD-44BA-A592-AB09630AE2D2}

Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall

LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall

LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}

Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall

Macromedia Extension Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall

Magic Audio Recorder v7.4.0.11-->"C:\Program Files (x86)\Magic Audio Recorder\unins000.exe"

MAGIX MP3 Maker 15 Download version 10.0.0.317 (UK)-->C:\Program Files (x86)\MAGIX\MP3_Maker_15_Download_version\unwise.exe

MAGIX Screenshare 4.3.6.1987 (UK)-->C:\Program Files (x86)\MAGIX\PCVisit\unwise.exe

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework64\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}

Microsoft Live Search Toolbar-->c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall

Microsoft Live Search Toolbar-->MsiExec.exe /X{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}

Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}

Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729-->MsiExec.exe /X{4FFA2088-8317-3B14-93CD-4C699DB37843}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetupx64.dll,DoNTUninst

Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\remove.exe

PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}

Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall

Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

Python 2.6 pywin32-212-->"C:\program files (x86)\Python\Removepywin32.exe" -u "C:\program files (x86)\Python\pywin32-wininst.log"

Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}

Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

TomTom HOME 2.8.2.2264-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe

TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Veetle TV 0.9.15-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Mobile Device Updater Component-->MsiExec.exe /X{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}

Zune Language Pack (CHS)-->MsiExec.exe /X{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}

Zune Language Pack (CHT)-->MsiExec.exe /X{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}

Zune Language Pack (CSY)-->MsiExec.exe /X{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}

Zune Language Pack (DAN)-->MsiExec.exe /X{8B112338-2B08-4851-AF84-E7CAD74CEB32}

Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}

Zune Language Pack (ELL)-->MsiExec.exe /X{3589A659-F732-4E65-A89A-5438C332E59D}

Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10}

Zune Language Pack (FIN)-->MsiExec.exe /X{B4870774-5F3A-46D9-9DFE-06FB5599E26B}

Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}

Zune Language Pack (HUN)-->MsiExec.exe /X{C6BE19C6-B102-4038-B2A6-1C313872DBB4}

Zune Language Pack (IND)-->MsiExec.exe /X{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}

Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA}

Zune Language Pack (JPN)-->MsiExec.exe /X{D8A781C9-3892-4E2E-9320-480CF896CFBB}

Zune Language Pack (KOR)-->MsiExec.exe /X{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}

Zune Language Pack (MSL)-->MsiExec.exe /X{76BA306B-2AA0-47C0-AB6B-F313AB56C136}

Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2}

Zune Language Pack (NOR)-->MsiExec.exe /X{5DEFD397-4012-46C3-B6DA-E8013E660772}

Zune Language Pack (PLK)-->MsiExec.exe /X{8960A0A1-BB5A-479E-92CF-65AB9D684B43}

Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9}

Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4}

Zune Language Pack (RUS)-->MsiExec.exe /X{57C51D56-B287-4C11-9192-EC3C46EF76A4}

Zune Language Pack (SVE)-->MsiExec.exe /X{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}

Zune-->C:\Program Files\Zune\ZuneSetup.exe /x

Zune-->MsiExec.exe /X{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: H-PC

Event Code: 4374

Message: Windows Servicing identified that package KB2505189(Update) is not applicable for this system

Record Number: 173034

Source Name: Microsoft-Windows-Servicing

Time Written: 20110324100109.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: H-PC

Event Code: 4374

Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system

Record Number: 172914

Source Name: Microsoft-Windows-Servicing

Time Written: 20110324100025.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: H-PC

Event Code: 4374

Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system

Record Number: 172913

Source Name: Microsoft-Windows-Servicing

Time Written: 20110324100025.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: H-PC

Event Code: 4374

Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system

Record Number: 172907

Source Name: Microsoft-Windows-Servicing

Time Written: 20110324100025.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: H-PC

Event Code: 10010

Message: The server {738F20C7-539E-4A7D-AE00-D6803513A4BB} did not register with DCOM within the required timeout.

Record Number: 172789

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20110324012658.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: H-PC

Event Code: 400

Message: Timestamp: 09/11/2009 19:24:38.634;

Category: FATAL;

Priority:(4);

Win32 Thread Id: [2108];

Message: Unhandled Exception: System.Runtime.InteropServices.COMException (0x88980406): Exception from HRESULT: 0x88980406

at System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

at System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)

at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget, Nullable`1 channelSet)

at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget)

at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr lParam)

at System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr wparam, IntPtr lparam)

at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)

at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)

at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)

at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler);

EventId: 400;

Severity: Critical;

Machine: H-PC;

Application Domain: HPAdvisor.exe;

Process Id: 2104;

Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;

Extended Properties:

Record Number: 4896

Source Name: HP Advisor

Time Written: 20090912022438.000000-000

Event Type: Error

User:

Computer Name: H-PC

Event Code: 400

Message: Timestamp: 09/11/2009 05:30:08.995;

Category: FATAL;

Priority:(4);

Win32 Thread Id: [2108];

Message: System.NullReferenceException: Object reference not set to an instance of an object.

at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type)

at HPAdvisor.MainFrame.Business.SearchManager.Initialize();

EventId: 400;

Severity: Critical;

Machine: H-PC;

Application Domain: HPAdvisor.exe;

Process Id: 2104;

Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;

Extended Properties:

Record Number: 4881

Source Name: HP Advisor

Time Written: 20090911123009.000000-000

Event Type: Error

User:

Computer Name: H-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 4880

Source Name: Microsoft-Windows-WMI

Time Written: 20090911123003.000000-000

Event Type: Error

User:

Computer Name: H-PC

Event Code: 400

Message: Timestamp: 09/10/2009 06:40:41.149;

Category: FATAL;

Priority:(4);

Win32 Thread Id: [3864];

Message: System.NullReferenceException: Object reference not set to an instance of an object.

at HPAdvisor.MainFrame.Business.SearchManager.GetTarget(String type)

at HPAdvisor.MainFrame.Business.SearchManager.Initialize();

EventId: 400;

Severity: Critical;

Machine: H-PC;

Application Domain: HPAdvisor.exe;

Process Id: 3860;

Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;

Extended Properties:

Record Number: 4841

Source Name: HP Advisor

Time Written: 20090910134041.000000-000

Event Type: Error

User:

Computer Name: H-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 4840

Source Name: Microsoft-Windows-WMI

Time Written: 20090910134028.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: H-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x7e927c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 163478

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111012124150.626515-000

Event Type: Audit Success

User:

Computer Name: H-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x7e927c

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: KIM2-PC

Source Network Address: fe80::6c65:f46:3750:5399

Source Port: 53567

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 163477

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111012124150.610915-000

Event Type: Audit Success

User:

Computer Name: H-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x7e926c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 163476

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111012124150.423715-000

Event Type: Audit Success

User:

Computer Name: H-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x7e926c

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: KIM2-PC

Source Network Address: fe80::6c65:f46:3750:5399

Source Port: 53566

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 163475

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111012124150.423715-000

Event Type: Audit Success

User:

Computer Name: H-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x7de367

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 163474

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111012121002.699715-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Python;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat

"DFSTRACINGON"=FALSE

"OnlineServices"=Online Services

"Platform"=HPD

"PCBRAND"=Pavilion

"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.31

Windows Vista x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

FixRedirectVirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 21

Java version out of date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (10.0.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

18:52:46.0914 4460 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

18:52:47.0284 4460 ============================================================

18:52:47.0284 4460 Current date / time: 2012/03/15 18:52:47.0284

18:52:47.0284 4460 SystemInfo:

18:52:47.0284 4460

18:52:47.0284 4460 OS Version: 6.0.6002 ServicePack: 2.0

18:52:47.0284 4460 Product type: Workstation

18:52:47.0284 4460 ComputerName: H-PC

18:52:47.0284 4460 UserName: H

18:52:47.0284 4460 Windows directory: C:\Windows

18:52:47.0284 4460 System windows directory: C:\Windows

18:52:47.0284 4460 Running under WOW64

18:52:47.0284 4460 Processor architecture: Intel x64

18:52:47.0284 4460 Number of processors: 2

18:52:47.0284 4460 Page size: 0x1000

18:52:47.0284 4460 Boot type: Normal boot

18:52:47.0284 4460 ============================================================

18:52:53.0745 4460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:52:53.0752 4460 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:52:53.0788 4460 \Device\Harddisk0\DR0:

18:52:53.0788 4460 MBR used

18:52:53.0788 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CFDEC9

18:52:53.0788 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48CFDF08, BlocksNum 0x1B58FB9

18:52:53.0788 4460 \Device\Harddisk1\DR1:

18:52:53.0788 4460 MBR used

18:52:53.0788 4460 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

18:52:54.0092 4460 Initialize success

18:52:54.0092 4460 ============================================================

18:52:56.0022 4568 ============================================================

18:52:56.0022 4568 Scan started

18:52:56.0022 4568 Mode: Manual;

18:52:56.0022 4568 ============================================================

18:52:56.0753 4568 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys

18:52:56.0755 4568 61883 - ok

18:52:56.0806 4568 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

18:52:56.0811 4568 ACPI - ok

18:52:56.0942 4568 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

18:52:56.0986 4568 adp94xx - ok

18:52:57.0083 4568 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

18:52:57.0090 4568 adpahci - ok

18:52:57.0170 4568 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

18:52:57.0173 4568 adpu160m - ok

18:52:57.0196 4568 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

18:52:57.0200 4568 adpu320 - ok

18:52:57.0265 4568 Aeleadr - ok

18:52:57.0281 4568 Afc - ok

18:52:57.0369 4568 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

18:52:57.0375 4568 AFD - ok

18:52:57.0505 4568 AgereSoftModem (1cd4b03012d62962274e1c9eb8670a10) C:\Windows\system32\DRIVERS\agrsm64.sys

18:52:57.0525 4568 AgereSoftModem - ok

18:52:57.0617 4568 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

18:52:57.0619 4568 agp440 - ok

18:52:57.0677 4568 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

18:52:57.0680 4568 aic78xx - ok

18:52:57.0732 4568 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

18:52:57.0734 4568 aliide - ok

18:52:57.0781 4568 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

18:52:57.0783 4568 amdide - ok

18:52:57.0847 4568 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

18:52:57.0849 4568 AmdK8 - ok

18:52:57.0913 4568 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

18:52:57.0915 4568 arc - ok

18:52:57.0933 4568 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

18:52:57.0935 4568 arcsas - ok

18:52:57.0994 4568 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

18:52:57.0995 4568 AsyncMac - ok

18:52:58.0038 4568 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

18:52:58.0040 4568 atapi - ok

18:52:58.0112 4568 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys

18:52:58.0114 4568 Avc - ok

18:52:58.0126 4568 Beep - ok

18:52:58.0209 4568 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

18:52:58.0210 4568 blbdrive - ok

18:52:58.0257 4568 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

18:52:58.0259 4568 bowser - ok

18:52:58.0306 4568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

18:52:58.0327 4568 BrFiltLo - ok

18:52:58.0351 4568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

18:52:58.0352 4568 BrFiltUp - ok

18:52:58.0379 4568 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

18:52:58.0382 4568 Brserid - ok

18:52:58.0416 4568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

18:52:58.0418 4568 BrSerWdm - ok

18:52:58.0456 4568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

18:52:58.0458 4568 BrUsbMdm - ok

18:52:58.0471 4568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

18:52:58.0473 4568 BrUsbSer - ok

18:52:58.0502 4568 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

18:52:58.0504 4568 BTHMODEM - ok

18:52:58.0512 4568 catchme - ok

18:52:58.0526 4568 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

18:52:58.0528 4568 cdfs - ok

18:52:58.0564 4568 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

18:52:58.0566 4568 cdrom - ok

18:52:58.0592 4568 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

18:52:58.0594 4568 circlass - ok

18:52:58.0635 4568 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

18:52:58.0641 4568 CLFS - ok

18:52:58.0685 4568 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

18:52:58.0687 4568 cmdide - ok

18:52:58.0707 4568 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

18:52:58.0708 4568 Compbatt - ok

18:52:58.0722 4568 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

18:52:58.0724 4568 crcdisk - ok

18:52:58.0769 4568 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

18:52:58.0772 4568 DfsC - ok

18:52:58.0793 4568 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

18:52:58.0796 4568 disk - ok

18:52:58.0839 4568 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

18:52:58.0840 4568 drmkaud - ok

18:52:58.0885 4568 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

18:52:58.0899 4568 DXGKrnl - ok

18:52:58.0920 4568 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

18:52:58.0924 4568 E1G60 - ok

18:52:58.0966 4568 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

18:52:58.0969 4568 Ecache - ok

18:52:59.0007 4568 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

18:52:59.0015 4568 elxstor - ok

18:52:59.0053 4568 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

18:52:59.0055 4568 ErrDev - ok

18:52:59.0106 4568 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

18:52:59.0111 4568 exfat - ok

18:52:59.0161 4568 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

18:52:59.0165 4568 fastfat - ok

18:52:59.0204 4568 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

18:52:59.0206 4568 fdc - ok

18:52:59.0223 4568 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

18:52:59.0226 4568 FileInfo - ok

18:52:59.0258 4568 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

18:52:59.0259 4568 Filetrace - ok

18:52:59.0307 4568 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

18:52:59.0308 4568 flpydisk - ok

18:52:59.0355 4568 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

18:52:59.0361 4568 FltMgr - ok

18:52:59.0393 4568 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

18:52:59.0395 4568 Fs_Rec - ok

18:52:59.0424 4568 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

18:52:59.0426 4568 gagp30kx - ok

18:52:59.0473 4568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:52:59.0475 4568 GEARAspiWDM - ok

18:52:59.0543 4568 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:52:59.0559 4568 HDAudBus - ok

18:52:59.0588 4568 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

18:52:59.0589 4568 HidBth - ok

18:52:59.0608 4568 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

18:52:59.0610 4568 HidIr - ok

18:52:59.0654 4568 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

18:52:59.0655 4568 HidUsb - ok

18:52:59.0706 4568 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

18:52:59.0708 4568 HpCISSs - ok

18:52:59.0755 4568 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

18:52:59.0765 4568 HTTP - ok

18:52:59.0775 4568 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

18:52:59.0776 4568 i2omp - ok

18:52:59.0793 4568 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

18:52:59.0795 4568 i8042prt - ok

18:52:59.0847 4568 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys

18:52:59.0851 4568 iaStor - ok

18:52:59.0880 4568 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

18:52:59.0886 4568 iaStorV - ok

18:53:00.0125 4568 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:53:00.0219 4568 igfx - ok

18:53:00.0252 4568 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

18:53:00.0253 4568 iirsp - ok

18:53:00.0364 4568 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys

18:53:00.0389 4568 IntcAzAudAddService - ok

18:53:00.0416 4568 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

18:53:00.0417 4568 intelide - ok

18:53:00.0459 4568 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

18:53:00.0459 4568 intelppm - ok

18:53:00.0495 4568 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:53:00.0497 4568 IpFilterDriver - ok

18:53:00.0518 4568 IpInIp - ok

18:53:00.0554 4568 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

18:53:00.0556 4568 IPMIDRV - ok

18:53:00.0579 4568 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

18:53:00.0582 4568 IPNAT - ok

18:53:00.0634 4568 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

18:53:00.0636 4568 IRENUM - ok

18:53:00.0665 4568 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

18:53:00.0666 4568 isapnp - ok

18:53:00.0701 4568 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

18:53:00.0705 4568 iScsiPrt - ok

18:53:00.0731 4568 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

18:53:00.0733 4568 iteatapi - ok

18:53:00.0768 4568 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

18:53:00.0769 4568 iteraid - ok

18:53:00.0779 4568 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

18:53:00.0781 4568 kbdclass - ok

18:53:00.0796 4568 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

18:53:00.0797 4568 kbdhid - ok

18:53:00.0844 4568 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

18:53:00.0853 4568 KSecDD - ok

18:53:00.0867 4568 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

18:53:00.0868 4568 ksthunk - ok

18:53:00.0906 4568 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

18:53:00.0908 4568 lltdio - ok

18:53:00.0954 4568 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

18:53:00.0957 4568 LSI_FC - ok

18:53:00.0999 4568 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

18:53:01.0001 4568 LSI_SAS - ok

18:53:01.0039 4568 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

18:53:01.0042 4568 LSI_SCSI - ok

18:53:01.0068 4568 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

18:53:01.0070 4568 luafv - ok

18:53:01.0096 4568 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

18:53:01.0098 4568 megasas - ok

18:53:01.0137 4568 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

18:53:01.0145 4568 MegaSR - ok

18:53:01.0165 4568 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

18:53:01.0166 4568 Modem - ok

18:53:01.0198 4568 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

18:53:01.0199 4568 monitor - ok

18:53:01.0231 4568 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

18:53:01.0233 4568 mouclass - ok

18:53:01.0252 4568 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

18:53:01.0254 4568 mouhid - ok

18:53:01.0272 4568 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

18:53:01.0275 4568 MountMgr - ok

18:53:01.0299 4568 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

18:53:01.0303 4568 MpFilter - ok

18:53:01.0333 4568 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

18:53:01.0336 4568 mpio - ok

18:53:01.0430 4568 MpKslf8e589f0 (0ebb390b7aeec45ec061d9870a34fd42) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6150438-427C-4306-BE09-174B3D78BF2A}\MpKslf8e589f0.sys

18:53:01.0431 4568 MpKslf8e589f0 - ok

18:53:01.0482 4568 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

18:53:01.0483 4568 MpNWMon - ok

18:53:01.0497 4568 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

18:53:01.0499 4568 mpsdrv - ok

18:53:01.0517 4568 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

18:53:01.0519 4568 Mraid35x - ok

18:53:01.0559 4568 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

18:53:01.0562 4568 MRxDAV - ok

18:53:01.0596 4568 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:53:01.0599 4568 mrxsmb - ok

18:53:01.0632 4568 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:53:01.0637 4568 mrxsmb10 - ok

18:53:01.0654 4568 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:53:01.0657 4568 mrxsmb20 - ok

18:53:01.0675 4568 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

18:53:01.0677 4568 msahci - ok

18:53:01.0695 4568 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

18:53:01.0698 4568 msdsm - ok

18:53:01.0741 4568 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys

18:53:01.0743 4568 MSDV - ok

18:53:01.0760 4568 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

18:53:01.0761 4568 Msfs - ok

18:53:01.0793 4568 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

18:53:01.0794 4568 msisadrv - ok

18:53:01.0828 4568 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

18:53:01.0830 4568 MSKSSRV - ok

18:53:01.0851 4568 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

18:53:01.0853 4568 MSPCLOCK - ok

18:53:01.0867 4568 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

18:53:01.0868 4568 MSPQM - ok

18:53:01.0902 4568 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

18:53:01.0909 4568 MsRPC - ok

18:53:01.0927 4568 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

18:53:01.0928 4568 mssmbios - ok

18:53:01.0936 4568 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

18:53:01.0938 4568 MSTEE - ok

18:53:01.0950 4568 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

18:53:01.0952 4568 Mup - ok

18:53:02.0003 4568 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

18:53:02.0007 4568 NativeWifiP - ok

18:53:02.0069 4568 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

18:53:02.0080 4568 NDIS - ok

18:53:02.0118 4568 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

18:53:02.0119 4568 NdisTapi - ok

18:53:02.0133 4568 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

18:53:02.0135 4568 Ndisuio - ok

18:53:02.0154 4568 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

18:53:02.0158 4568 NdisWan - ok

18:53:02.0175 4568 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

18:53:02.0177 4568 NDProxy - ok

18:53:02.0194 4568 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

18:53:02.0203 4568 NetBIOS - ok

18:53:02.0263 4568 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

18:53:02.0268 4568 netbt - ok

18:53:02.0362 4568 netr7364 (118e9136b5b48dd5b2cc81f78431a69e) C:\Windows\system32\DRIVERS\netr7364.sys

18:53:02.0375 4568 netr7364 - ok

18:53:02.0401 4568 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

18:53:02.0403 4568 nfrd960 - ok

18:53:02.0437 4568 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

18:53:02.0440 4568 NisDrv - ok

18:53:02.0511 4568 nmwcdcx64 (216bdf8b1017bb52692c9ee3c1e50597) C:\Windows\system32\drivers\ccdcmbox64.sys

18:53:02.0512 4568 nmwcdcx64 - ok

18:53:02.0532 4568 nmwcdx64 (c9773ef9cbf2877725a45f07396d5da6) C:\Windows\system32\drivers\ccdcmbx64.sys

18:53:02.0534 4568 nmwcdx64 - ok

18:53:02.0560 4568 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

18:53:02.0561 4568 Npfs - ok

18:53:02.0584 4568 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

18:53:02.0585 4568 nsiproxy - ok

18:53:02.0650 4568 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

18:53:02.0674 4568 Ntfs - ok

18:53:02.0689 4568 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

18:53:02.0690 4568 Null - ok

18:53:02.0711 4568 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

18:53:02.0714 4568 nvraid - ok

18:53:02.0737 4568 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

18:53:02.0740 4568 nvstor - ok

18:53:02.0761 4568 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

18:53:02.0764 4568 nv_agp - ok

18:53:02.0772 4568 NwlnkFlt - ok

18:53:02.0783 4568 NwlnkFwd - ok

18:53:02.0825 4568 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

18:53:02.0827 4568 ohci1394 - ok

18:53:02.0861 4568 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

18:53:02.0863 4568 Parport - ok

18:53:02.0896 4568 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

18:53:02.0899 4568 partmgr - ok

18:53:02.0917 4568 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

18:53:02.0922 4568 pci - ok

18:53:02.0940 4568 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

18:53:02.0942 4568 pciide - ok

18:53:02.0964 4568 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

18:53:02.0968 4568 pcmcia - ok

18:53:03.0009 4568 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

18:53:03.0011 4568 pcouffin - ok

18:53:03.0043 4568 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

18:53:03.0055 4568 PEAUTH - ok

18:53:03.0124 4568 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

18:53:03.0126 4568 PptpMiniport - ok

18:53:03.0150 4568 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

18:53:03.0152 4568 Processor - ok

18:53:03.0201 4568 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

18:53:03.0203 4568 PSched - ok

18:53:03.0260 4568 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

18:53:03.0280 4568 ql2300 - ok

18:53:03.0306 4568 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

18:53:03.0310 4568 ql40xx - ok

18:53:03.0330 4568 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

18:53:03.0331 4568 QWAVEdrv - ok

18:53:03.0350 4568 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

18:53:03.0351 4568 RasAcd - ok

18:53:03.0366 4568 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:53:03.0371 4568 Rasl2tp - ok

18:53:03.0404 4568 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

18:53:03.0405 4568 RasPppoe - ok

18:53:03.0441 4568 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

18:53:03.0443 4568 RasSstp - ok

18:53:03.0503 4568 rcmirror (1254bd851e51e0e771b0fa2cf926e75e) C:\Windows\system32\DRIVERS\rcmirror.sys

18:53:03.0505 4568 rcmirror - ok

18:53:03.0540 4568 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

18:53:03.0545 4568 rdbss - ok

18:53:03.0568 4568 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:53:03.0569 4568 RDPCDD - ok

18:53:03.0593 4568 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

18:53:03.0600 4568 rdpdr - ok

18:53:03.0608 4568 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

18:53:03.0609 4568 RDPENCDD - ok

18:53:03.0655 4568 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys

18:53:03.0658 4568 RDPWD - ok

18:53:03.0697 4568 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

18:53:03.0699 4568 rspndr - ok

18:53:03.0749 4568 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys

18:53:03.0753 4568 RTL8169 - ok

18:53:03.0780 4568 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

18:53:03.0783 4568 sbp2port - ok

18:53:03.0816 4568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:53:03.0817 4568 secdrv - ok

18:53:03.0844 4568 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

18:53:03.0845 4568 Serenum - ok

18:53:03.0870 4568 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

18:53:03.0873 4568 Serial - ok

18:53:03.0892 4568 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

18:53:03.0894 4568 sermouse - ok

18:53:03.0933 4568 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

18:53:03.0935 4568 sffdisk - ok

18:53:03.0958 4568 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

18:53:03.0959 4568 sffp_mmc - ok

18:53:03.0980 4568 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

18:53:03.0982 4568 sffp_sd - ok

18:53:03.0993 4568 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

18:53:03.0994 4568 sfloppy - ok

18:53:04.0020 4568 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

18:53:04.0022 4568 SiSRaid2 - ok

18:53:04.0041 4568 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

18:53:04.0043 4568 SiSRaid4 - ok

18:53:04.0079 4568 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

18:53:04.0081 4568 Smb - ok

18:53:04.0123 4568 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

18:53:04.0125 4568 spldr - ok

18:53:04.0174 4568 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

18:53:04.0184 4568 srv - ok

18:53:04.0224 4568 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

18:53:04.0228 4568 srv2 - ok

18:53:04.0261 4568 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

18:53:04.0264 4568 srvnet - ok

18:53:04.0299 4568 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

18:53:04.0300 4568 swenum - ok

18:53:04.0321 4568 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

18:53:04.0323 4568 Symc8xx - ok

18:53:04.0339 4568 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

18:53:04.0341 4568 Sym_hi - ok

18:53:04.0356 4568 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

18:53:04.0358 4568 Sym_u3 - ok

18:53:04.0441 4568 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys

18:53:04.0463 4568 Tcpip - ok

18:53:04.0492 4568 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys

18:53:04.0506 4568 Tcpip6 - ok

18:53:04.0521 4568 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys

18:53:04.0523 4568 tcpipreg - ok

18:53:04.0544 4568 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

18:53:04.0546 4568 TDPIPE - ok

18:53:04.0577 4568 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

18:53:04.0579 4568 TDTCP - ok

18:53:04.0623 4568 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

18:53:04.0625 4568 tdx - ok

18:53:04.0663 4568 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

18:53:04.0664 4568 TermDD - ok

18:53:04.0738 4568 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:53:04.0739 4568 tssecsrv - ok

18:53:04.0747 4568 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

18:53:04.0749 4568 tunmp - ok

18:53:04.0776 4568 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

18:53:04.0777 4568 tunnel - ok

18:53:04.0806 4568 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

18:53:04.0808 4568 uagp35 - ok

18:53:04.0839 4568 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

18:53:04.0844 4568 udfs - ok

18:53:04.0878 4568 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

18:53:04.0880 4568 uliagpkx - ok

18:53:04.0918 4568 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

18:53:04.0923 4568 uliahci - ok

18:53:04.0965 4568 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

18:53:04.0968 4568 UlSata - ok

18:53:04.0996 4568 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

18:53:04.0999 4568 ulsata2 - ok

18:53:05.0020 4568 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

18:53:05.0021 4568 umbus - ok

18:53:05.0075 4568 upperdev (f49988fbf59413b974b1380d6f743ebc) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

18:53:05.0076 4568 upperdev - ok

18:53:05.0125 4568 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys

18:53:05.0127 4568 USBAAPL64 - ok

18:53:05.0171 4568 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

18:53:05.0173 4568 usbccgp - ok

18:53:05.0204 4568 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

18:53:05.0206 4568 usbcir - ok

18:53:05.0254 4568 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

18:53:05.0255 4568 usbehci - ok

18:53:05.0288 4568 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

18:53:05.0293 4568 usbhub - ok

18:53:05.0311 4568 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

18:53:05.0313 4568 usbohci - ok

18:53:05.0345 4568 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

18:53:05.0347 4568 usbprint - ok

18:53:05.0365 4568 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

18:53:05.0367 4568 usbscan - ok

18:53:05.0383 4568 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys

18:53:05.0393 4568 usbser - ok

18:53:05.0410 4568 UsbserFilt (0fe9e048fc762dcac087cb9ee1680079) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys

18:53:05.0412 4568 UsbserFilt - ok

18:53:05.0436 4568 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:53:05.0438 4568 USBSTOR - ok

18:53:05.0493 4568 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

18:53:05.0495 4568 usbuhci - ok

18:53:05.0522 4568 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

18:53:05.0524 4568 vga - ok

18:53:05.0533 4568 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

18:53:05.0536 4568 VgaSave - ok

18:53:05.0559 4568 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

18:53:05.0561 4568 viaide - ok

18:53:05.0573 4568 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

18:53:05.0576 4568 volmgr - ok

18:53:05.0608 4568 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

18:53:05.0615 4568 volmgrx - ok

18:53:05.0636 4568 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

18:53:05.0642 4568 volsnap - ok

18:53:05.0676 4568 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

18:53:05.0680 4568 vsmraid - ok

18:53:05.0722 4568 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

18:53:05.0724 4568 WacomPen - ok

18:53:05.0761 4568 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

18:53:05.0763 4568 Wanarp - ok

18:53:05.0771 4568 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

18:53:05.0773 4568 Wanarpv6 - ok

18:53:05.0802 4568 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

18:53:05.0803 4568 Wd - ok

18:53:05.0850 4568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:53:05.0861 4568 Wdf01000 - ok

18:53:05.0955 4568 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys

18:53:05.0957 4568 WinUSB - ok

18:53:06.0010 4568 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

18:53:06.0011 4568 WmiAcpi - ok

18:53:06.0080 4568 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

18:53:06.0082 4568 WpdUsb - ok

18:53:06.0106 4568 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

18:53:06.0107 4568 ws2ifsl - ok

18:53:06.0147 4568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

18:53:06.0151 4568 WudfPf - ok

18:53:06.0176 4568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:53:06.0180 4568 WUDFRd - ok

18:53:06.0255 4568 MBR (0x1B8) (d6ba8bd1e351710a091ac298ef15c30f) \Device\Harddisk0\DR0

18:53:06.0278 4568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

18:53:06.0278 4568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

18:53:06.0305 4568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1

18:53:06.0311 4568 \Device\Harddisk1\DR1 - ok

18:53:06.0317 4568 Boot (0x1200) (c12cacc419cd20f87ab1f6addb039b77) \Device\Harddisk0\DR0\Partition0

18:53:06.0319 4568 \Device\Harddisk0\DR0\Partition0 - ok

18:53:06.0363 4568 Boot (0x1200) (2a7ac89c3fc17aed97b7e75cec596a5f) \Device\Harddisk0\DR0\Partition1

18:53:06.0365 4568 \Device\Harddisk0\DR0\Partition1 - ok

18:53:06.0369 4568 Boot (0x1200) (e0f734d056dccb1fc5aea2ef517d92fb) \Device\Harddisk1\DR1\Partition0

18:53:06.0371 4568 \Device\Harddisk1\DR1\Partition0 - ok

18:53:06.0373 4568 ============================================================

18:53:06.0373 4568 Scan finished

18:53:06.0373 4568 ============================================================

18:53:06.0392 0320 Detected object count: 1

18:53:06.0392 0320 Actual detected object count: 1

18:53:23.0461 0320 \Device\Harddisk0\DR0\# - copied to quarantine

18:53:23.0462 0320 \Device\Harddisk0\DR0 - copied to quarantine

18:53:23.0498 0320 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:53:23.0500 0320 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

18:53:23.0504 0320 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:53:23.0508 0320 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:53:23.0520 0320 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:53:23.0528 0320 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

18:53:23.0529 0320 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:53:23.0530 0320 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:53:23.0531 0320 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:53:23.0533 0320 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:53:23.0535 0320 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

18:53:23.0537 0320 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:53:23.0538 0320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

18:53:23.0539 0320 \Device\Harddisk0\DR0 - ok

18:53:23.0744 0320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

18:54:15.0273 4532 Deinitialize success

QuickScan 32-bit v0.9.9.111

---------------------------

Scan date: Thu Mar 15 19:03:35 2012

Machine ID: 6010BCC1

No infection found.

-------------------

Processes

---------

hpwuSchd Application 3440 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

Adobe Reader and Acrobat Manager 3500 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Apple Mobile Device Service 832 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

Audible Download Manager 3340 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

CyberLink MediaLibray Service 3424 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

CyberLink PowerCinema 3416 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

FABS - file change and backup server 1160 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

HP Advisor 3296 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

HP DVDSmart 3432 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

hpsysdrv Application 3348 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

iTunes 3476 C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 4428 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

Java Platform SE Auto Updater 2 0 3460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

LightScribe 2304 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

RAID Event Monitor 3224 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

RAID Monitor 2988 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

TomTom HOME 3304 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

TomTom HOME 2652 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

Windows® Internet Explorer 3248 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 4696 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Bonjour 1700 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

Network activity

----------------

Process jucheck.exe (4428) connected on port 80 (HTTP) --> 208.50.81.226

Process iexplore.exe (4696) connected on port 80 (HTTP) --> 184.24.207.139

Process iexplore.exe (4696) connected on port 80 (HTTP) --> 174.76.226.18

Process iexplore.exe (4696) connected on port 80 (HTTP) --> 74.125.224.41

Process iexplore.exe (4696) connected on port 80 (HTTP) --> 74.125.224.41

Autoruns and critical files

---------------------------

hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Audible Download Manager C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

CyberLink MediaLibray Service C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

CyberLink PowerCinema C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

Default Manager c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

HP Advisor C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

HP DVDSmart C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

HP Health Check Scheduler c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Microsoft Office 2000 C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe

Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe

Microsoft® Windows® Operating System c:\windows\system32\browseui.dll

Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr

MUI StartMenu Application c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe

MUI StartMenu Application c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

MUI StartMenu Application c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

MUI StartMenu Application c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

TomTom HOME C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

Browser plugins

---------------

AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

Hewlett-Packard Online Support Services C:\Windows\Downloaded Program Files\HPISDataManager.dll

Java Deployment Toolkit 6.0.210.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U21 c:\program files (x86)\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U21 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll

MSN® Toolbar c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll

NPCIG.dll C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

Photodex Presenter Plugin C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

Veetle TV Core C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

Veetle TV Player C:\Program Files (x86)\Veetle\Player\npvlc.dll

Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

(verified) QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

Scan

----

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 826ddbbca98f2e6cd1dfe33cef33994c C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: 0467b9e5c7b38b3c00927d5707abbece C:\Program Files (x86)\Audible\Bin\AAXSDKWin.dll

MD5: 274d7d5fea95a5c48d13b6cdc99d49d4 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

MD5: 8ba469072b5a692b659f856c7e97a230 C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

MD5: db1a23ee7dd2e5e04e7de071a6bef699 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

MD5: 0553190acc65fa705a2a4be193728295 c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll

MD5: 344d0fc67eb8a7d307b6c4898537617d c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll

MD5: dfeff67508d3a9aeb1a85d7b0f513b24 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

MD5: b8eac4507eb4655377b1e094fce7f12e C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

MD5: 0436535f8f37650bd4dadc3397cbee3e C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

MD5: fff1130f7c9fa01d093a1edfc5cce8fc C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

MD5: d4531b9b73b990dc53b4a765e3bd070a C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll

MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

MD5: 27626506e07795bb6357f7f2ef78a90b C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

MD5: 6efb6bf6786ae9b2698d1adb5aab8f73 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonInterfaces.dll

MD5: 5fa6f89c319a0ec4a3eacfe801c6cb67 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonUtility.dll

MD5: c8d679922dff3da914b55e352f959c0d C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.dll

MD5: 1b29f9d1fef53a1a1c93827f494b3434 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

MD5: f8473e5ffe1a8c27bd6bfc74ea8649a8 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MD5: f1244e81e46546b0f149265d8b6d2d6a C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MD5: af2d7790af663ad368a70807f81d39db C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MD5: b7837053d4ed1e0e859eaf196f14eca6 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MD5: 20a771958db2b8ca4372eb95f59fdf3f C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Common.dll

MD5: 7868ed46c34a1b36bea10560f453598f C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll

MD5: eab6bf6676aca731199a35a13d1624a2 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MD5: 21d627dff9d91716bbed332ff599114d C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll

MD5: d1ff91e5d243a1f9632a8d2f9b264271 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.ObjectBuilder.dll

MD5: 31dea5a67ca4c264cec3bf610e7c2ead C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll

MD5: aad1d1ec24aa9ccc508fec685ccfebea C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MD5: d25138109f80975e46355013a25cb0c4 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MD5: 1ed99a136fc6d36b8f6546f521bd8409 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll

MD5: eb132a624f129fd86b73ab29605c89e4 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MD5: 804179071a78f65ca0b0e1c4cd3a11c2 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SystemStatus.dll

MD5: 0c8a70bc3baaf7bf69dca495c1e1ab79 c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MD5: aa9ef0b395097f24d289f64445b2fd2e c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

MD5: f0e2d55bb5c7e106e92df972c1b277a6 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

MD5: afb5637f97b897c29fab2dcdfb20eb24 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\Common\CLRCEngine3.dll

MD5: 42e0ac0cc0a59ac3015426ed4c268dab C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

MD5: 017335c7aefa8ed76750db95a78d6bfa C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

MD5: 30c295d19dbfa6fd5085383c6bdc92f8 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Common\CLRCEngine3.dll

MD5: 7d6e8a3b62d9c612d1fc6d15f0ac10c9 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\CBS.dll

MD5: 632d26889ba961e71e469dd86e48db38 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\HwCtrlMgr.dll

MD5: cd441bf2f5cfd46b5105891ddffdfba2 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

MD5: db3d8979064ce299927cc1da57e9a659 C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

MD5: 690a6df02625a46abee250c6151b7fba C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

MD5: 3ca446212e92933f118041ae6a30e89e C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll

MD5: ff54a05cd0d8cade6afb9a40cd52e635 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll

MD5: 055e69b5e4841098a4eae04ee7eeb0a2 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

MD5: f79525634b192f5a18de503568f94ef3 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

MD5: c19087a83eaf9120ab4a48c994c1db15 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: 3d811bf538d6f359735d757c94f484b6 C:\Program Files (x86)\Internet Explorer\msdbg2.dll

MD5: 3ca2dfd1ee857cde7dccf4235f52d142 C:\Program Files (x86)\Internet Explorer\pdm.dll

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

MD5: 68a553bdfa855c4f1074696682fcdeb6 C:\Program Files (x86)\iTunes\iTunesHelper.exe

MD5: 50083450c9ac100ad0ffcc0862120dd1 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

MD5: fdc1f94b79d3c08e5d66341e3cd6688e C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

MD5: 32c9e8f42348343d72013165ea86a3c6 C:\Program Files (x86)\Microsoft Security Client\Antimalware\MpOAv.dll

MD5: ed327201724ea05d509b7939abe49e98 C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: da41104dbaae7c2508601a4b15b475e5 c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

MD5: 795289e4f6b9b9de61672ebe9e27c316 c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll

MD5: f9c2d44bd6d0cf4e5615c9c4be310f9c C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

MD5: 3fe1c696e0e8425364bffab9893a9012 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts

MD5: a847b258d12b6d1bb124bd5debb05162 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

MD5: efef22b9577e5051057fde1ae381b50c C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

MD5: 8e753b080e0a0cf0b4651187d414059f C:\Program Files (x86)\Veetle\Player\npvlc.dll

MD5: 3152ec8d9f60c4a5ae76fe20d90e10d7 C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files (x86)\Windows Defender\MpOav.dll

MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

MD5: 20d2447795d9910bb4b89e5fb8147f0b C:\Program Files\Bonjour\mdnsNSP.dll

MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

MD5: 006597773be583d1ccf6a913477937e0 C:\Program Files\iPod\bin\iPodService.exe

MD5: 734088cb57aea704ca716c1c6bc5e0e6 C:\Program Files\LSI SoftModem\agr64svc.exe

MD5: 157e9e498206a3366baa7e4697bdd947 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

MD5: 566ddd5d82520da01d75f81428ac4c38 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

MD5: 8b84b3ecfb9d6b50b989d6db8143f365 C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

MD5: b6a7e7f43234bfa6a8e6cc4110cb9448 C:\Program Files\Windows Media Player\WMPNSCFG.exe

MD5: 9c5a0f070196b601d629f5ba9aa921f8 C:\Program Files\Windows Sidebar\sidebar.exe

MD5: 83b6ca03c846fcd47f9883d77d1eb27b C:\Program Files\Zune\WMZuneComm.exe

MD5: 67b787c34fb2888d01b130ae007042d8 C:\Program Files\Zune\ZuneNss.exe

MD5: 4d89fc1c20cf655739efac5da81a67bc C:\Program Files\Zune\ZuneWlanCfgSvc.exe

MD5: 1e345f2a2d95da3190596e691cde9342 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

MD5: cf16c9c9a95c71c4a44918b3d672b54e C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MD5: 534760d947665da0a80bb1a208fb9ede C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll

MD5: 81b65fa4daa14ff78b55b1c2d7cb9eeb C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll

MD5: db26005d7ec9977b323b4c21df6ef73d C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll

MD5: 22ddc71d46da59543544dcdffb12419a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MD5: 80bafb07cf325f12bfec0e1a8f9c77a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll

MD5: 906dea90dc88b73901a466e159b3fde1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MD5: 9ce94dfd13ea911980377f4bff94749c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll

MD5: 315e0f6f1f8b1494c37a99ba250007c9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MD5: d129c44d59d987c688a8c5b503dadb45 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll

MD5: 7758995e4d52bc33520d3781eb2e6093 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MD5: 16449b83b5e91af1e712e2049dc0b98b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MD5: e60cd8df35eb4a9c952af381fef51af3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MD5: f5ce3d5189297b3963c4ab27d3cd1e6c C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll

MD5: 2ab4f7cd23069cbb6b8332ef8027360b C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll

MD5: 50c0949e6219214df11d7519e5052c3b C:\Windows\Downloaded Program Files\HPISDataManager.dll

MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\Windows\Downloaded Program Files\qsax.dll

MD5: 14ce384d2e27b64c256bda4dc39c312d C:\Windows\ehome\ehRecvr.exe

MD5: b93159c1313d66fdfbbe876f5189cd52 C:\Windows\ehome\ehsched.exe

MD5: f5ee2527d74449868e3c3227a59bcd28 C:\Windows\ehome\ehstart.dll

MD5: 65437dad4f238ea9549408a783002222 C:\Windows\ehome\ehTray.exe

MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

MD5: 74751dda198165947fd7454d83f49825 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 35a936c7c029a5b705d3ffd40518d660 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe

MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll

MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\BCRYPT.dll

MD5: 83adc95272b048dfd1563e0ea0f269fb C:\Windows\system32\cewmdm.dll

MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe

MD5: 17f41229e141db1412a3b174a567d71e C:\Windows\system32\d2d1.dll

MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll

MD5: 1c0e15ea80a815494c0a3d471c823ccf C:\Windows\system32\d3d10_1.dll

MD5: 8f14591f6dc35192e2844306a12d41ff C:\Windows\system32\d3d10_1core.dll

MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll

MD5: 4a2e5e1e37aa56773bfd5bc82d36d2ec C:\Windows\system32\D3D10Warp.dll

MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll

MD5: c790b4593c0b48bb1888880fe89bc09b C:\Windows\system32\DWrite.dll

MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll

MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll

MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll

MD5: 0ff4adc942a9353c4aeb1d06eb22b34f C:\Windows\system32\igdumd32.dll

MD5: 67cf6b23bdade026acfbebbe24148738 C:\Windows\system32\igdumdx32.dll

MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL

MD5: a1793136ed32c13adb3740a6557b3d84 C:\Windows\system32\MFC71U.DLL

MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: b1c5adf56c4d47833d32d06a02d4e184 C:\Windows\system32\MSVCP71.dll

MD5: fefc51a19141a9a911b1e161a6662ced C:\Windows\system32\MSVCR71.dll

MD5: 915d3430fe926376dd942ae45a9a1665 C:\Windows\system32\mswmdm.dll

MD5: 39ba737ebf8e7da1cd019fe95333fd70 C:\Windows\system32\Mystify.scr

MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll

MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\System32\shdocvw.dll

MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll

MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\T2EMBED.DLL

MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\uxtheme.dll

MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll

MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\system32\WINHTTP.dll

MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll

MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV

MD5: 9f1fac04a274adf9f65f9e1b851bdb1e C:\Windows\system32\wmdmps.dll

MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll

MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\xmllite.dll

MD5: 0d0e5281784c2c526ba43c2ecd374288 C:\Windows\SysWOW64\drivers\Afc.sys

MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll

MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll

MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll

MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll

MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll

MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll

MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL

MD5: 5789773089bc334c56cc31833f20daf6 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\syswow64\msvcrt.dll

MD5: 6aaf63a85181e39f94ec0641c55a4ef0 C:\Windows\SysWOW64\ntdll.dll

MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll

MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\syswow64\OLEAUT32.dll

MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe

MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll

MD5: da61f5c012a646771587a8cb9c0ae590 C:\Windows\SysWOW64\schannel.dll

MD5: 3a5adb89f057cd7b5a229f1ace53fdf6 C:\Windows\syswow64\Secur32.dll

MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll

MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll

MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll

MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll

MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll

MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll

MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll

MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 0.68 KB recvd

Scanned 382 files and modules - 53 seconds

==============================================================================

Share this post


Link to post
Share on other sites

There was a bit of progress after TDSSKILLER run. But there's a lot more to do.

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Next:

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes.

Share this post


Link to post
Share on other sites

After running aswMBR, the Fix button was not enabled.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-15 20:33:21

-----------------------------

20:33:21.457 OS Version: Windows x64 6.0.6002 Service Pack 2

20:33:21.458 Number of processors: 2 586 0x170A

20:33:21.458 ComputerName: H-PC UserName: H

20:33:22.971 Initialize success

20:34:26.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:34:26.685 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8

20:34:26.688 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

20:34:26.691 Disk 1 Vendor: ST310005 CC36 Size: 953869MB BusType: 8

20:34:26.695 Disk 0 MBR read successfully

20:34:26.700 Disk 0 MBR scan

20:34:26.705 Disk 0 unknown MBR code

20:34:26.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 596475 MB offset 63

20:34:26.735 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14001 MB offset 1221582600

20:34:26.774 Disk 0 scanning C:\Windows\system32\drivers

20:34:32.521 Service scanning

20:34:37.171 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

20:34:43.031 Modules scanning

20:34:43.041 Scan finished successfully

20:35:35.516 Disk 0 MBR has been saved successfully to "C:\Users\H\Desktop\MBR.dat"

20:35:35.530 The log file has been saved successfully to "C:\Users\H\Desktop\aswMBR.txt"

ListParts by Farbar Version: 12-03-2012 03

Ran by H (administrator) on 15-03-2012 at 20:36:44

Windows Vista (X64)

Running From: C:\Users\H\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%

Total physical RAM: 6133.33 MB

Available physical RAM: 4077.29 MB

Total Pagefile: 12379.7 MB

Available Pagefile: 10340.15 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:242.64 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:1.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]

8 Drive j: (Backup HP) (Fixed) (Total:931.51 GB) (Free:412.8 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 596 GB 0 B

Disk 1 Online 932 GB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 582 GB 32 KB

Partition 2 Primary 14 GB 582 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C HP NTFS Partition 582 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D FACTORY_IMA NTFS Partition 14 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 932 GB 1024 KB

======================================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 J Backup HP NTFS Partition 932 GB Healthy

======================================================================================================

****** End Of Log ******

Share this post


Link to post
Share on other sites

The results of aswMBR & Listparts are good. We still have more to do.

But first, a bit of housekeeping:

De-install FixRedirectVirus

Start button > in Start menu -- Control Panel > Uninstall a Program (listed under Programs).

{In Classic view, double click Program and features}.

Remove FixRedirectVirus

Exit Control Panel.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 3

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your

Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 5

Turn back on (re-enable) your MS Security Essentials active monitor.

Reply with copy of contents of Roguekiller report, C:\Combofix.txt, & the latest MBAM scan log

AND tell me, How is your system now ?

There will be a bit more to do, since your Java rutime is out-dated, as well as your Adobe Reader. And we need to make sure your Vista User Account Control is ON.

For the latter, see http://windows.micro...ntrol-on-or-off

Share this post


Link to post
Share on other sites

Wow. My system seems to be much better now. It no longer appears to be hijacked! Thank you very much...

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: H [Admin rights]

Mode: Scan -- Date: 03/16/2012 12:43:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] d6afffae687fce73d04871ac6cc1198a

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS +++++

--- User ---

[MBR] 0a95b3e60a0c0703a17e29a8bd2459ef

[bSP] 2589d35b9b4bf3f2ef56561a925b0bbc : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.16.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

H :: H-PC [administrator]

3/16/2012 1:21:38 PM

mbam-log-2012-03-16 (13-21-38).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 487940

Time elapsed: 1 hour(s), 1 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

ComboFix 12-03-16.03 - H 03/16/2012 12:54:09.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3747 [GMT -7:00]

Running from: c:\users\H\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))

.

.

2012-03-16 20:04 . 2012-03-16 20:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05EBA8D6-43AE-49CF-B9D1-E8577BCC0F41}\offreg.dll

2012-03-16 20:01 . 2012-03-16 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-03-16 20:01 . 2012-03-16 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-16 02:05 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05EBA8D6-43AE-49CF-B9D1-E8577BCC0F41}\mpengine.dll

2012-03-16 02:03 . 2012-03-16 02:03 -------- d-----w- c:\users\H\AppData\Roaming\QuickScan

2012-03-16 01:53 . 2012-03-16 01:53 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-16 01:38 . 2012-03-16 01:38 -------- d-----w- C:\rsit

2012-03-16 01:38 . 2012-03-16 01:38 -------- d-----w- c:\program files\trend micro

2012-03-16 01:33 . 2012-03-16 01:33 -------- d-----w- c:\program files (x86)\ERUNT

2012-03-15 02:08 . 2012-03-15 04:58 -------- d-----w- c:\windows\Microsoft Antimalware

2012-02-29 23:18 . 2012-02-29 23:18 -------- d-----w- c:\windows\system32\Macromed

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-29 23:18 . 2011-06-12 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-10 20:36 . 2012-02-10 20:37 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32CCB676-1E14-43D6-A713-808693944315}\gapaengine.dll

2012-02-08 07:13 . 2011-09-07 15:17 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 12:44 . 2011-09-06 14:59 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-03 14:25 . 2012-02-15 06:16 404992 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-20_00.48.19 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-10-08 12:40 . 2009-06-15 14:54 77312 c:\windows\SysWOW64\secur32.dll

+ 2012-01-11 14:02 . 2011-11-16 16:24 77312 c:\windows\SysWOW64\secur32.dll

+ 2012-01-11 14:02 . 2011-11-18 17:47 66560 c:\windows\SysWOW64\packager.dll

+ 2012-02-15 10:00 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll

- 2011-08-11 10:11 . 2011-07-22 02:44 72704 c:\windows\SysWOW64\mshtmled.dll

- 2011-08-11 10:11 . 2011-07-22 02:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-02-15 10:00 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2006-11-02 12:13 . 2006-11-02 09:46 23552 c:\windows\SysWOW64\mciseq.dll

+ 2012-01-11 14:02 . 2011-10-14 16:00 23552 c:\windows\SysWOW64\mciseq.dll

- 2011-08-11 10:11 . 2011-07-22 02:46 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2012-02-15 10:00 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll

- 2008-01-21 03:20 . 2011-09-06 14:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-03-05 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-09-06 14:55 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-03-05 23:23 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-03-05 23:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2011-09-06 14:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-24 17:50 . 2010-09-24 17:50 67072 c:\windows\system32\ZuneTcp2Udp.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 67072 c:\windows\system32\ZuneTcp2Udp.dll

- 2010-09-24 17:50 . 2010-09-24 17:50 60928 c:\windows\system32\ZuneRegUtil.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 60928 c:\windows\system32\ZuneRegUtil.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 45568 c:\windows\system32\ZunePTDNS.dll

- 2010-09-24 17:50 . 2010-09-24 17:50 45568 c:\windows\system32\ZunePTDNS.dll

+ 2008-01-21 02:23 . 2012-03-16 20:05 61538 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-03-16 20:06 82994 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-06-28 20:21 . 2012-03-16 20:06 17734 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-809377086-3892647188-450367023-1000_UserData.bin

- 2009-10-08 12:40 . 2009-06-15 15:12 94720 c:\windows\system32\secur32.dll

+ 2012-01-11 14:02 . 2011-11-16 16:42 94720 c:\windows\system32\secur32.dll

+ 2012-01-11 14:02 . 2011-11-18 18:07 76800 c:\windows\system32\packager.dll

- 2011-08-11 10:11 . 2011-07-22 05:32 96256 c:\windows\system32\mshtmled.dll

+ 2012-02-15 10:00 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll

+ 2012-02-15 10:00 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2011-08-11 10:11 . 2011-07-22 05:34 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2006-11-02 09:53 . 2006-11-02 11:17 28672 c:\windows\system32\mciwave.dll

+ 2012-01-11 14:02 . 2011-10-14 17:27 28672 c:\windows\system32\mciwave.dll

- 2006-11-02 09:53 . 2006-11-02 11:17 28160 c:\windows\system32\mciseq.dll

+ 2012-01-11 14:02 . 2011-10-14 17:27 28160 c:\windows\system32\mciseq.dll

- 2006-11-02 09:53 . 2006-11-02 11:17 48128 c:\windows\system32\mcicda.dll

+ 2012-01-11 14:02 . 2011-10-14 17:27 48128 c:\windows\system32\mcicda.dll

+ 2012-01-11 14:02 . 2011-11-16 14:34 11264 c:\windows\system32\lsass.exe

- 2009-10-08 12:40 . 2009-06-15 13:15 11264 c:\windows\system32\lsass.exe

+ 2012-02-15 10:00 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll

- 2011-08-11 10:11 . 2011-07-22 05:34 85504 c:\windows\system32\jsproxy.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 67072 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneTcp2Udp.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 60928 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneRegUtil.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 45568 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZunePTDNS.dll

+ 2011-11-09 04:41 . 2011-09-20 14:04 40448 c:\windows\system32\drivers\tcpipreg.sys

- 2011-08-10 20:28 . 2011-06-17 13:56 40448 c:\windows\system32\drivers\tcpipreg.sys

+ 2011-09-11 02:05 . 2011-12-10 22:24 23152 c:\windows\system32\drivers\mbam.sys

+ 2011-12-15 03:24 . 2011-10-25 16:09 85504 c:\windows\system32\csrsrv.dll

- 2011-07-13 00:22 . 2011-04-20 15:58 85504 c:\windows\system32\csrsrv.dll

- 2009-06-28 20:19 . 2011-09-20 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-28 20:19 . 2012-01-31 23:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-06-28 20:19 . 2011-09-20 00:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-06-28 20:19 . 2012-01-31 23:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-28 20:19 . 2011-09-20 00:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-06-28 20:19 . 2012-01-31 23:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-19 03:41 . 2011-06-24 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-19 03:41 . 2012-03-13 02:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-19 03:41 . 2012-03-13 02:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-19 03:41 . 2011-06-24 07:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-19 03:41 . 2011-06-24 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-19 03:41 . 2012-03-13 02:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-22 06:57 . 2011-11-22 06:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe

+ 2011-11-22 05:31 . 2011-11-22 05:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2011-09-18 10:10 . 2011-09-18 10:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-03-15 04:52 . 2012-03-15 04:52 12288 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-205208-00000003-ffffffff.bin

+ 2012-02-04 20:45 . 2012-02-04 20:45 22016 c:\windows\Installer\e8c8e.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fdd.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fd6.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fcf.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fc8.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fc1.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fba.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fb3.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fac.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7fa5.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f9e.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f97.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f90.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f89.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f82.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f7b.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f74.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f56.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f38.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7f1a.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7efc.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7ede.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 29184 c:\windows\Installer\aa7ec0.msi

+ 2011-11-18 19:45 . 2011-11-18 19:45 77312 c:\windows\Installer\aa7ea8.msi

- 2011-09-16 10:03 . 2011-09-16 10:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2012-02-07 10:00 . 2012-02-07 10:00 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2012-02-07 10:01 . 2012-02-07 10:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2011-09-16 10:03 . 2011-09-16 10:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2010-06-04 10:01 . 2011-06-16 10:19 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-06-04 10:01 . 2012-02-16 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2012-01-24 22:41 . 2012-01-24 22:41 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2012-01-24 22:41 . 2012-01-24 22:41 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe

+ 2005-12-02 21:18 . 2005-12-02 21:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe

+ 2009-10-14 20:24 . 2009-10-14 20:24 99976 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe

+ 2008-11-12 06:15 . 2008-11-12 06:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf

+ 2010-09-21 06:07 . 2010-09-21 06:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll

+ 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL

+ 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE

+ 2009-02-27 01:43 . 2009-02-27 01:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL

+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE

+ 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL

+ 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE

- 2006-11-02 12:40 . 2011-09-06 14:52 51200 c:\windows\inf\infpub.dat

+ 2006-11-02 12:40 . 2011-11-18 19:44 51200 c:\windows\inf\infpub.dat

+ 2012-03-13 10:13 . 2012-03-13 10:13 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll

+ 2012-03-13 10:09 . 2012-03-13 10:09 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe

+ 2012-03-13 10:08 . 2012-03-13 10:08 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\9f6d11340d0b68bb30dbad5092e56a92\UIXControls.ni.dll

+ 2011-11-18 19:44 . 2011-11-18 19:44 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\3aa0ddd6d91850ce0b5644f73b62e4a7\UIXControls.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\067175115d10c3d264ab318e820765e5\System.Windows.Presentation.ni.dll

+ 2011-10-12 10:38 . 2011-10-12 10:38 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\00db78298fe5452c0f0841e3688193df\System.Windows.Presentation.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\fbd4e0199e5933302cc414871408c2a3\System.Web.DynamicData.Design.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\32988c989fec0b0a6ea7420b687847f0\System.Web.DynamicData.Design.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\df5c4750465a0c3ad3a84aba30e8940b\PresentationFontCache.ni.exe

+ 2011-10-12 10:37 . 2011-10-12 10:37 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\175efd925a4d4e7deccc7855d6dcb3c9\PresentationFontCache.ni.exe

+ 2011-10-12 10:36 . 2011-10-12 10:36 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\fa0c632bdf12e9d70405212bbcb255ee\PresentationCFFRasterizer.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\0efd3bfda60c6df58207598eeb48f25a\PresentationCFFRasterizer.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\be2487a805f44453b91fbfcc612ddb68\Microsoft.WSMan.Runtime.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\a4a66a531fcba4ae3db28c68033787a4\Microsoft.WSMan.Runtime.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\28baaf9cc7640ebf81cc317dbd5119d6\Microsoft.VisualC.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\d44223fe604b9811a3a57cbf71c3f1f9\ehiExtCOM.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\95ac9a9bdd91cac933680ebd43d98e0a\ehExtCOM.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\2c497fedb47981d3f9cd789d3966ccf4\ehExtCOM.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\42bec19a6f2ecc6f45c4d07b4e2d6083\dfsvc.ni.exe

+ 2011-10-12 10:33 . 2011-10-12 10:33 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\006ccb4b89e6670929d149ff641369ef\Accessibility.ni.dll

+ 2011-10-12 10:32 . 2011-10-12 10:32 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\4b4da1f58f246ac63a6486910ce4feca\System.Windows.Presentation.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d64bb27d9b0901fbaf26a363f664476b\System.Web.DynamicData.Design.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\249d58bfb0fad2bfc6539cc4af8ae7dd\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-12 10:32 . 2011-10-12 10:32 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\fa4e1998745ba5cfd3751d17172a50c1\System.AddIn.Contract.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bed862dc1b6ba4eb085a645d0df2873b\PresentationFontCache.ni.exe

+ 2012-02-15 10:39 . 2012-02-15 10:39 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0949167ed4166f458ba9f3b705b8bc21\PresentationCFFRasterizer.ni.dll

+ 2011-10-12 10:32 . 2011-10-12 10:32 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\67e74beedea6b1c61609c3199a41c112\napcrypt.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\099420b6b2b532b8156e510ae78da504\Microsoft.WSMan.Runtime.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\90b93ddbe3aded4d91ed37540d3b62cd\Microsoft.Vsa.ni.dll

+ 2011-10-12 10:31 . 2011-10-12 10:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\0be0eb42238f115408fd2fab2b9a387f\Microsoft.VisualC.ni.dll

+ 2011-10-12 10:30 . 2011-10-12 10:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e51e9b0e132d5639a9d24d2fc93d84e2\Microsoft.Build.Framework.ni.dll

+ 2011-10-12 10:31 . 2011-10-12 10:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4bcbda8a78ed8746b758f2c961df98f9\Microsoft.Build.Framework.ni.dll

+ 2011-10-12 10:31 . 2011-10-12 10:31 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\188cef9a56634d7e4b9239c388576d94\ehiUserXp.ni.dll

+ 2011-10-12 10:31 . 2011-10-12 10:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\e4c8338d98d38340bd2e9eb91eb4ad78\dfsvc.ni.exe

+ 2011-10-12 10:30 . 2011-10-12 10:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll

- 2011-08-24 15:44 . 2011-07-11 13:25 2048 c:\windows\SysWOW64\tzres.dll

+ 2011-12-15 03:24 . 2011-11-08 14:42 2048 c:\windows\SysWOW64\tzres.dll

+ 2011-10-11 19:10 . 2011-08-25 13:31 4096 c:\windows\SysWOW64\oleaccrc.dll

- 2009-12-11 13:46 . 2009-10-08 21:07 4096 c:\windows\SysWOW64\oleaccrc.dll

+ 2011-12-15 03:24 . 2011-11-08 14:58 2048 c:\windows\system32\tzres.dll

- 2011-08-24 15:44 . 2011-07-11 13:45 2048 c:\windows\system32\tzres.dll

- 2009-12-11 13:46 . 2009-10-08 21:07 4096 c:\windows\system32\oleaccrc.dll

+ 2011-10-11 19:10 . 2011-08-25 13:54 4096 c:\windows\system32\oleaccrc.dll

+ 2012-03-16 20:04 . 2012-03-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-09-20 00:47 . 2011-09-20 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-16 20:04 . 2012-03-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-20 00:47 . 2011-09-20 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-13 10:17 . 2012-03-13 10:17 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe

+ 2012-01-11 14:02 . 2011-10-14 16:03 189952 c:\windows\SysWOW64\winmm.dll

- 2009-12-03 13:53 . 2009-04-11 06:28 189952 c:\windows\SysWOW64\winmm.dll

+ 2012-01-11 14:02 . 2011-11-16 16:23 377344 c:\windows\SysWOW64\winhttp.dll

- 2009-12-09 14:57 . 2009-08-24 11:36 377344 c:\windows\SysWOW64\winhttp.dll

- 2011-08-11 10:11 . 2011-07-22 02:47 231936 c:\windows\SysWOW64\url.dll

+ 2012-02-15 10:00 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll

+ 2011-10-11 19:10 . 2011-08-25 16:15 555520 c:\windows\SysWOW64\UIAutomationCore.dll

- 2009-12-11 13:45 . 2009-10-08 21:08 555520 c:\windows\SysWOW64\UIAutomationCore.dll

+ 2012-01-11 14:02 . 2011-11-16 16:23 278528 c:\windows\SysWOW64\schannel.dll

+ 2012-03-14 05:22 . 2012-01-09 15:54 613376 c:\windows\SysWOW64\rdpencom.dll

+ 2012-01-11 14:02 . 2011-10-25 15:58 497152 c:\windows\SysWOW64\qdvd.dll

- 2009-12-03 13:52 . 2009-04-11 06:28 497152 c:\windows\SysWOW64\qdvd.dll

- 2009-12-03 13:52 . 2009-04-11 06:28 293376 c:\windows\SysWOW64\psisdecd.dll

+ 2011-10-11 19:10 . 2011-07-29 16:01 293376 c:\windows\SysWOW64\psisdecd.dll

- 2011-06-15 14:15 . 2010-12-20 16:35 563712 c:\windows\SysWOW64\oleaut32.dll

+ 2011-10-11 19:10 . 2011-08-25 16:14 563712 c:\windows\SysWOW64\oleaut32.dll

+ 2011-10-11 19:10 . 2011-08-25 16:14 238080 c:\windows\SysWOW64\oleacc.dll

+ 2012-02-15 06:16 . 2011-12-14 16:17 680448 c:\windows\SysWOW64\msvcrt.dll

+ 2012-02-29 23:18 . 2012-02-29 23:18 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe

+ 2012-01-12 14:26 . 2012-01-12 14:26 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe

+ 2012-02-15 10:00 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll

- 2011-08-11 10:11 . 2011-07-22 02:45 716800 c:\windows\SysWOW64\jscript.dll

- 2011-08-11 10:11 . 2011-07-22 02:43 176640 c:\windows\SysWOW64\ieui.dll

+ 2012-02-15 10:00 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll

- 2011-03-09 05:41 . 2010-12-29 18:28 429056 c:\windows\SysWOW64\EncDec.dll

+ 2011-12-15 03:24 . 2011-10-14 16:02 429056 c:\windows\SysWOW64\EncDec.dll

- 2011-02-10 04:17 . 2011-01-20 16:08 219648 c:\windows\SysWOW64\d3d10_1core.dll

+ 2012-03-14 05:22 . 2012-02-14 15:45 219648 c:\windows\SysWOW64\d3d10_1core.dll

+ 2012-03-14 05:22 . 2012-02-14 15:45 160768 c:\windows\SysWOW64\d3d10_1.dll

- 2011-02-10 04:17 . 2011-01-20 16:08 160768 c:\windows\SysWOW64\d3d10_1.dll

- 2011-02-10 04:17 . 2011-01-20 13:47 683008 c:\windows\SysWOW64\d2d1.dll

+ 2012-03-14 05:22 . 2012-02-13 13:47 683008 c:\windows\SysWOW64\d2d1.dll

- 2010-09-24 17:50 . 2010-09-24 17:50 149504 c:\windows\system32\ZuneUsbTransport.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 149504 c:\windows\system32\ZuneUsbTransport.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 405504 c:\windows\system32\ZuneNetProxy.dll

- 2010-09-24 17:50 . 2010-09-24 17:50 405504 c:\windows\system32\ZuneNetProxy.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 249344 c:\windows\system32\ZuneMTPZ.dll

- 2010-09-24 17:50 . 2010-09-24 17:50 249344 c:\windows\system32\ZuneMTPZ.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 354304 c:\windows\system32\ZuneCoInst.dll

+ 2012-01-11 14:02 . 2011-11-25 16:25 451072 c:\windows\system32\winsrv.dll

- 2011-08-10 20:28 . 2011-06-17 16:16 451072 c:\windows\system32\winsrv.dll

+ 2012-01-11 14:02 . 2011-10-14 17:31 211968 c:\windows\system32\winmm.dll

- 2009-12-03 13:53 . 2009-04-11 07:11 211968 c:\windows\system32\winmm.dll

- 2009-12-09 14:57 . 2009-08-24 11:47 442368 c:\windows\system32\winhttp.dll

+ 2012-01-11 14:02 . 2011-11-16 16:43 442368 c:\windows\system32\winhttp.dll

+ 2009-06-29 01:15 . 2011-10-15 19:24 352574 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2011-08-11 10:11 . 2011-07-22 05:35 237056 c:\windows\system32\url.dll

+ 2012-02-15 10:00 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll

+ 2011-10-11 19:10 . 2011-08-25 16:20 735744 c:\windows\system32\UIAutomationCore.dll

+ 2012-01-11 14:02 . 2011-11-16 16:42 347136 c:\windows\system32\schannel.dll

+ 2012-03-14 05:22 . 2012-01-09 16:16 708096 c:\windows\system32\rdpencom.dll

- 2009-12-03 13:52 . 2009-04-11 07:11 352256 c:\windows\system32\qdvd.dll

+ 2012-01-11 14:02 . 2011-10-25 16:13 352256 c:\windows\system32\qdvd.dll

- 2009-12-03 13:53 . 2009-04-11 07:11 375808 c:\windows\system32\psisdecd.dll

+ 2011-10-11 19:10 . 2011-07-29 16:08 375808 c:\windows\system32\psisdecd.dll

+ 2006-11-02 12:46 . 2012-03-16 01:07 606602 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2012-03-16 01:07 105202 c:\windows\system32\perfc009.dat

+ 2011-10-11 19:10 . 2011-08-25 16:19 847360 c:\windows\system32\oleaut32.dll

- 2011-06-15 14:15 . 2010-12-20 16:59 847360 c:\windows\system32\oleaut32.dll

+ 2011-10-11 19:10 . 2011-08-25 16:19 332288 c:\windows\system32\oleacc.dll

+ 2012-02-15 06:16 . 2011-12-14 16:38 621056 c:\windows\system32\msvcrt.dll

- 2009-12-03 13:53 . 2009-04-11 07:11 621056 c:\windows\system32\msvcrt.dll

+ 2012-02-29 23:18 . 2012-02-29 23:18 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe

+ 2012-02-15 10:00 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll

- 2011-08-11 10:11 . 2011-07-22 05:30 248320 c:\windows\system32\ieui.dll

+ 2012-02-15 10:00 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll

- 2006-11-02 15:21 . 2011-08-14 17:26 309760 c:\windows\system32\FNTCACHE.DAT

+ 2006-11-02 15:21 . 2012-03-14 10:20 309760 c:\windows\system32\FNTCACHE.DAT

+ 2011-12-15 03:24 . 2011-10-14 17:30 559616 c:\windows\system32\EncDec.dll

- 2011-03-09 05:41 . 2010-12-29 19:01 559616 c:\windows\system32\EncDec.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 149504 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneUsbTransport.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 405504 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneNetProxy.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 249344 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneMTPZ.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 128000 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneIPTransport.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 354304 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneCoInst.dll

+ 2011-06-06 20:49 . 2011-06-06 20:49 708168 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WinUSBCoInstaller.dll

+ 2011-06-06 20:49 . 2011-06-06 20:49 708168 c:\windows\system32\DriverStore\FileRepository\wmzuneserusb.inf_a8c8911e\WinUSBCoInstaller.dll

- 2009-12-03 13:52 . 2009-04-11 05:48 209920 c:\windows\system32\drivers\rdpwd.sys

+ 2012-03-14 05:22 . 2012-01-09 14:27 209920 c:\windows\system32\drivers\rdpwd.sys

+ 2012-01-11 14:02 . 2011-11-17 06:53 515968 c:\windows\system32\drivers\ksecdd.sys

- 2011-02-10 04:17 . 2011-01-20 16:16 327680 c:\windows\system32\d3d10_1core.dll

+ 2012-03-14 05:22 . 2012-02-14 16:49 327680 c:\windows\system32\d3d10_1core.dll

+ 2012-03-14 05:22 . 2012-02-14 16:49 196096 c:\windows\system32\d3d10_1.dll

- 2011-02-10 04:17 . 2011-01-20 16:16 196096 c:\windows\system32\d3d10_1.dll

+ 2012-03-14 05:22 . 2012-02-13 14:06 834048 c:\windows\system32\d2d1.dll

- 2011-02-10 04:17 . 2011-01-20 14:06 834048 c:\windows\system32\d2d1.dll

+ 2010-06-15 11:57 . 2012-03-15 08:33 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2010-06-15 11:57 . 2010-06-15 11:57 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2010-06-15 11:57 . 2012-03-15 08:33 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2010-06-15 11:57 . 2010-06-15 11:57 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2010-10-25 04:24 . 2011-09-20 00:46 286784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-10-25 04:24 . 2012-03-16 20:02 286784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-22 06:57 . 2011-11-22 06:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll

+ 2011-12-26 12:47 . 2011-12-26 12:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe

+ 2012-01-11 14:02 . 2011-12-27 02:51 744720 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll

+ 2011-10-11 19:10 . 2011-07-08 11:52 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll

+ 2011-11-22 05:31 . 2011-11-22 05:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

+ 2011-12-26 11:39 . 2011-12-26 11:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe

+ 2011-11-22 05:31 . 2011-11-22 05:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2011-10-11 19:10 . 2011-07-08 11:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-06-15 14:13 . 2011-03-29 10:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-10-11 19:10 . 2011-07-08 11:53 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-03-15 02:09 . 2012-03-15 04:58 311296 c:\windows\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin

+ 2011-11-18 19:44 . 2011-11-18 19:44 788992 c:\windows\Installer\aa7e9a.msi

+ 2012-01-24 22:41 . 2012-01-24 22:41 922624 c:\windows\Installer\a7335d3.msi

+ 2011-11-07 23:43 . 2011-11-07 23:43 323072 c:\windows\Installer\19d3e9.msi

+ 2011-12-07 15:11 . 2011-12-07 15:11 188416 c:\windows\Installer\13fe5cfb.msi

+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe

+ 2010-09-21 06:07 . 2010-09-21 06:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe

+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe

- 2006-11-02 12:40 . 2011-09-06 14:52 143360 c:\windows\inf\infstrng.dat

+ 2006-11-02 12:40 . 2011-11-18 19:44 143360 c:\windows\inf\infstrng.dat

+ 2006-11-02 12:40 . 2011-11-18 19:44 143360 c:\windows\inf\infstor.dat

- 2006-11-02 12:40 . 2011-09-06 14:52 143360 c:\windows\inf\infstor.dat

+ 2012-03-16 01:35 . 2005-10-20 19:02 163328 c:\windows\ERDNT\3-15-2012\ERDNT.EXE

+ 2012-01-11 14:02 . 2011-11-01 16:35 196096 c:\windows\ehome\mstvcapn.dll

+ 2012-03-14 22:47 . 2012-03-14 22:47 710304 c:\windows\Downloaded Program Files\qsax.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe

+ 2012-03-13 10:10 . 2012-03-13 10:10 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5a7e968020fcc15deaead9c8f27feeab\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe

+ 2012-03-13 10:15 . 2012-03-13 10:15 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 755200 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8857db4eb5c9797068ff55872e8cff64\PresentationFramework.Luna.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0a5b8a58dc91116727bfc775a1c19b8c\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\e75d718c701de8465600c9a291850bd5\WsatConfig.ni.exe

+ 2011-10-12 10:38 . 2011-10-12 10:38 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\d3b8ba89ad6b7e3dd72e903eba259c9a\WsatConfig.ni.exe

+ 2011-10-12 10:38 . 2011-10-12 10:38 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ea6d8df86fc35898ec0ed1931286079d\WindowsFormsIntegration.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\24435f85f70be4cf3bc1837141e1f3f8\WindowsFormsIntegration.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\fcc1bb8b7816577d8ace229d8b10efc1\UIAutomationTypes.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\caf208f16abe2d305effc78e1f81e9b5\UIAutomationProvider.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\ff7ff4d1cef4eb69de7a031b48398987\UIAutomationClient.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\a0aca4bf0a203bb37a754232270cccfa\UIAutomationClient.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da762595ee5b4709e0ee72feeb95cf33\TaskScheduler.ni.dll

+ 2011-10-12 10:38 . 2011-10-12 10:38 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\a386c1261e6fa238c30d1ac51f56ef5b\TaskScheduler.ni.dll

+ 2011-10-12 10:38 . 2011-10-12 10:38 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\e961e5d1c86bf0c2b52249c3eb1d476c\System.Xml.Linq.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\64f3bb54c4e1236d27f817d7fa68172c\System.Xml.Linq.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\65d2ba6625880c2338b91670c438a107\System.Web.Routing.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\305bff6f5396544a7bfc56e84bfa1e87\System.Web.Routing.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\b7e323c4caccb48a6c7cd45c5c8b16f7\System.Web.RegularExpressions.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\270d74a31831149b21b5bea91c0aea5a\System.Web.RegularExpressions.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a3c3617414cec7911b49ffd306b291f4\System.Web.Entity.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0e0a0efe9ab9642700a8f57a4edbe976\System.Web.Entity.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d5d13f24e51a4fa41be09b8d2241f600\System.Web.Entity.Design.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\c530a47802b240b087da20b94c97cad4\System.Web.Entity.Design.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\86f7d8a68c51823d89921f55ff7e2603\System.Web.DynamicData.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\003e371c8df2a55501c5f738a7c5bec8\System.Web.DynamicData.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\9c64eb12d481157ee49e63fa21d75376\System.Web.Abstractions.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\40994da02056e19475c5958f64195807\System.Web.Abstractions.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\acc28599cfdd7905c0f1dc28dd69c62c\System.Transactions.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\26713be7f0119f1ccd5cb301b4088616\System.Transactions.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\fd5a2f4321cd339b0d7dfcd46aac578c\System.ServiceProcess.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\39c01dd3934350653a7e47d85688a56e\System.ServiceProcess.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\6ec0affc7f8a6ef94bb7457353bed773\System.Security.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\02c9a0da64efb6d60958a061835cb425\System.Security.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\d526d3a3a6657c8cd4508ebe888d50ad\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\9b37cb88d4fe41952c0ff8ec36df639c\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\f8f6ea38bbdd49db6a1a029492909d14\System.Net.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\691b5229cb26bbb7fdb9ae20c289ad7f\System.Net.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\513a99c7b2bc651a72ee1c96f2ca9372\System.Messaging.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\43950691e68fa889d8276281c843c90a\System.Messaging.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\bb552a747610ce1e38ca20f767a905b3\System.Management.Instrumentation.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\4667706242b4b409f374dfcd2289dfad\System.Management.Instrumentation.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\ae581129b25b5f40ab1f9ddf55412c60\System.IO.Log.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\1b7cfed2b4bac8be0d75b2e5840e1648\System.IO.Log.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\b936404b70f3d96230370185221d2988\System.IdentityModel.Selectors.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\a66bdd2dddd9808eae7e037ed299971b\System.IdentityModel.Selectors.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.Wrapper.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1a90a8d222464221458d0ebef4ac8216\System.EnterpriseServices.Wrapper.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a29ca53b0da167fff25e474202b5aa24\System.Drawing.Design.ni.dll

+ 2011-10-12 10:29 . 2011-10-12 10:29 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\23ae39416a886e06e99e5f1a362a0ca2\System.Drawing.Design.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e3f2322ddd355493f592702d27f9edf0\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d3b45c9a426e4247060210a4442e57c1\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\8ae8c8c594d7ad7f6430b65d72d0cb58\System.Data.Services.Design.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\6501cb8efc619b96b3b6b754f6fcf5aa\System.Data.Services.Design.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\5e7784d0562f54ba2bac4fab3f3c7da6\System.Data.DataSetExtensions.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\2123c2ac019fe39a10ac3b10ab4086ca\System.Data.DataSetExtensions.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\a00d13945ba2ae72e0f81a330405ef94\System.Configuration.Install.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\1bb009ad266e51586d48ce4dc1e15336\System.Configuration.Install.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\e0828964993d832dabb31b17c6d82a02\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\a84b1a7e829536918cbee735c98cf7a4\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\892fa605806b4152e60a5b80d01d646a\System.AddIn.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\4b49b44dcb277e6cba02bec7bdd5f53a\System.AddIn.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fab800c985d2637100bb4a74ee70c5c1\System.AddIn.Contract.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\091348740bb38b85dece99d1deb33d06\sysglobl.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\e50076b441b0a3744dfb857e8c10c7a3\SMSvcHost.ni.exe

+ 2012-02-15 10:36 . 2012-02-15 10:36 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6bcd8ba05cb1434cc5a15e50f67ff1fb\SMSvcHost.ni.exe

+ 2011-10-12 10:34 . 2011-10-12 10:34 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\fa7982dd82101344f9a0ec5a7df12d13\SMDiagnostics.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\57f792edd3d4b372dd74906b9519cb83\SMDiagnostics.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\8f0a08eaa171d56cbb2e4187ab8746b4\ServiceModelReg.ni.exe

+ 2012-01-12 10:10 . 2012-01-12 10:10 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\6ba06b090714e51e8a92499ade057045\ServiceModelReg.ni.exe

+ 2012-02-15 10:29 . 2012-02-15 10:29 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c44df85a8829301af9fe97c6cb3c8124\PresentationFramework.Classic.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b1a7be598a0c377152ef1f42e7c1eac3\PresentationFramework.Royale.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\af19f6e696a20ae3a64a683bb34b6cf0\PresentationFramework.Royale.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\939a859ef807fb6511db2a22ede35d29\PresentationFramework.Luna.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\59a734aadd2294941fd7bbb62e76ab1f\PresentationFramework.Luna.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\574c8f267bed7da9a80d9f3a428099bd\PresentationFramework.Aero.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\3f65d45a3ff81a26fc82e5c6fcc10370\PresentationFramework.Classic.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2617b044b288975dd6ebda2ef9417852\PresentationFramework.Aero.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\900ae2d2a1e97c15ecf1f38a613fb4a9\napsnap.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\155c6b2c094e804bc48f3c697c8b5875\napsnap.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d9abdc76a774e8c77189b025ccb3a052\napinit.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\8ba28cd475eddd59aa72048078b9d38d\napinit.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\c1aca362549bc87db4cd9b39e915fc34\naphlpr.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\db12e1be90224e573376cc86b197d869\napcrypt.ni.dll

Share this post


Link to post
Share on other sites

+ 2011-10-12 10:33 . 2011-10-12 10:33 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\eb2563ff14d1cea338648ac1feeafc1f\MSBuild.ni.exe

+ 2012-02-15 10:32 . 2012-02-15 10:32 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\be5f5567910588933ade41773ce4b42e\MSBuild.ni.exe

+ 2011-10-12 10:35 . 2011-10-12 10:35 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\f5e34def2ddaf9fbab2225e5a302d33f\MMCFxCommon.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\3e266abc08cced266b819ff005fcbd4c\MMCFxCommon.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\c531aae4cac7e3f1f3064a475e35789d\Microsoft.WSMan.Management.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\94f66b0665ea9b4b709b570e7c814fed\Microsoft.WSMan.Management.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\eb2adb1762038f5a21d84fb5b88296be\Microsoft.Vsa.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0e11d1b7322a3ccdcf4f62122608d657\Microsoft.Vsa.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\d7f54f624ab86ec9e05192cbe28a8532\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\39be58c468f0bf887a7548a6388cf419\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec5a27a580cc2bf11095f4734768280c\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\dbe26a57513f494efe75b3188cf366b4\Microsoft.PowerShell.Security.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d1d9afd53ef03252bb4407613ab11a1d\Microsoft.PowerShell.Security.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\bf181ea99e6aa101d6d6fcb21fb851ed\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b6894931958aa9710883b74c252ed514\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a097fc0285187f39c11115f78eef26af\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6fe53936c7ac3038d715852058cf0f56\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5b8c3d452ccb8e38475c4d5ae06d3479\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e4b446852f196438818c0ce9e68605e8\Microsoft.MediaCenter.Shell.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c981dc80ad13bec94aa54b8fb28b9b86\Microsoft.MediaCenter.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9cd63300be3a34c0f37e141403dd4d02\Microsoft.MediaCenter.Sports.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f759c116baecccd3042cbbd68f3aa2f\Microsoft.MediaCenter.Shell.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\513e938deeda74a2e1a9a54e22bb8979\Microsoft.MediaCenter.Sports.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\0cb9b0e9f02f16b01a2a0ee80b9abd0b\Microsoft.MediaCenter.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\f7e21685d37f5c19150bf300eda5f3d0\Microsoft.ManagementConsole.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\3de8add426da03a3b88c5a35d9d60855\Microsoft.ManagementConsole.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\ca8b9b67ac083de32eaea45d219c2a67\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\b23eceb3a5e8db89f107bdc02ab6cda9\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\7bd112d24e684e5602907515d47f3c01\Microsoft.Build.Utilities.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\1a43bbc417d8f56c5fd3d828bdca0c75\Microsoft.Build.Utilities.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\96c6b81949f7e09457d21c1591996471\Microsoft.Build.Framework.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\592acc376f9c89d56f0c781289b42805\Microsoft.Build.Framework.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\d4aed105d188ae1bfd6ed294f7c0eef6\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\3810a73c2a98b2e6979105d927d2edb8\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\b4408b2b679ab322d62671236b10b1fb\Mcx2Dvcs.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\8724bb8184276f3d4fe41218ebf5f91a\Mcx2Dvcs.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\a5b8d0055fe7295ae8dc4b9f2d184de0\mcupdate.ni.exe

+ 2011-10-12 10:35 . 2011-10-12 10:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\1c4decc241e2a8c8ee713733948d8086\mcupdate.ni.exe

+ 2012-02-15 10:34 . 2012-02-15 10:34 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\dfce0fb190090fc1f2dd19b400851311\mcstoredb.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\29eb48280c132b50756e460f2d5b9811\mcstoredb.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\ec19ffc4d09fd44d51e071378f5e7a9b\mcstore.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\2a18d543282212deac79ff3c4f47ec43\mcstore.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\2d6522135d6e690fa2615eb9aecfe540\loadmxf.ni.exe

+ 2011-10-12 10:35 . 2011-10-12 10:35 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\23bb4c93c638296182a538f3461c455b\loadmxf.ni.exe

+ 2012-02-15 10:34 . 2012-02-15 10:34 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\aa6adee5f25cd729135acb77410372cd\EventViewer.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\1fbfd420e2a2d97c24c80ac7cc8392c6\EventViewer.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\eacfe9b74df294dc175cb2c85aece537\ehiWUapi.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\29283480f471139af1c4a6fd3b59b205\ehiwmp.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\16440d92821e195feb65203904210d75\ehiUserXp.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\2e9bb1ae3de00a2678978386f6f73de9\ehiReplay.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\638557ed53ca8211c123007bdc3dc548\ehiExtens.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2097683a9fd71551cf96f98efaab805f\ehExtHost.ni.exe

+ 2011-10-12 10:35 . 2011-10-12 10:35 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\0bc1a19c1cb03723ef685b5917e74903\ehExtHost.ni.exe

+ 2012-02-15 10:34 . 2012-02-15 10:34 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\e0bec615bbe96a8a509ab0d536201ce3\ehepgdat.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\9fba8fc4c06bfe3d9a87d2035fa7b156\ehepgdat.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\f110989d6ed5a5dcf4ae4ea4e5020335\ehCIR.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\5d69d006137ed7704b7b7aa2d54f296e\ehCIR.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\3af5fbffd80931f39a49cb1dc5737e5e\CustomMarshalers.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\3f5faea5c8517449702312f28aa6a7bb\ComSvcConfig.ni.exe

+ 2012-02-15 10:32 . 2012-02-15 10:32 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\07306d61405dd95a1fee01c57eaa9a00\ComSvcConfig.ni.exe

+ 2012-02-15 10:32 . 2012-02-15 10:32 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\801dc71b80a1f1f78688f946fa40ef06\BDATunePIA.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\1049e555d490785eeb1e572a8c2c2637\BDATunePIA.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e8563c8160af362e96d497e6435f9b3d\WsatConfig.ni.exe

+ 2012-02-15 10:40 . 2012-02-15 10:40 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9a22784f4af63232128cbaa639e1852b\WindowsFormsIntegration.ni.dll

+ 2011-10-12 10:32 . 2011-10-12 10:32 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9e99520a2393f70ac01988896581bf7f\UIAutomationClient.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\999ef784434ec236757b4a7398763785\TaskScheduler.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\874aa7b98c4ebc7847d0e48b3849fc93\System.Xml.Linq.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\f61de6d2f8709d6cc93e714e9d10aa3c\System.Web.Routing.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\8a832795b4141222aeb6c82bbed830a5\System.Web.RegularExpressions.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\803283970c45b6ddf39a28cf7ae5d595\System.Web.Extensions.Design.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\87ea3e377880b16200b776a528d93f63\System.Web.Entity.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\6236d05437120962b9bd9e362998a718\System.Web.Entity.Design.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\5f5b0496a401de814417dc9eacb0dd6e\System.Web.DynamicData.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2cf07c7e75857217010fcb222e671191\System.Web.Abstractions.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0ac84704dce924c06b1913f7c75e6fde\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\978343c0c1e0010f3d1fb4608e27fd78\System.Net.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\fc2d7f986338caadb47cd725b4bc8d62\System.Messaging.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b1280401bb5f397382763b772fc62e3d\System.Management.Instrumentation.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0a1e63771844d9cd84d2bba17868fee3\System.IO.Log.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\0c0985a86f0aa0d6aafe90ccdb1ca856\System.IdentityModel.Selectors.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\c1348dd6bf6f9d037120ac438290ad1c\System.Drawing.Design.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c7907c63508c5cf4e47ed493f2b2bf3a\System.DirectoryServices.Protocols.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6ab1e2e9fd59b7381b15b9bd058a4706\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\8687931c636c0d284abbce9911db81b7\System.Data.Services.Design.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\652b3235e6495973ff4c9c17fed8e529\System.Data.Services.Client.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\0692b2c63f2dcab3aa8c594b726c0210\System.Data.Entity.Design.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\78666e17c270fcfa9b36598400963577\System.Data.DataSetExtensions.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4eac2f7cb1c834955099131df846e157\System.Configuration.Install.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b96dcd3c7ee7b507dc89801b55edaf9e\System.AddIn.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\289d4e6d05fe5ca5f43330483fb0e549\sysglobl.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\446d3bde682c75d360b9741c2ed30f51\SMSvcHost.ni.exe

+ 2012-02-15 10:39 . 2012-02-15 10:39 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\fdbe1d8b1bb279e042cdcc1f8a7b6d2c\ServiceModelReg.ni.exe

+ 2012-02-15 10:31 . 2012-02-15 10:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dcd90ef8aff61786a94c097f30d9947d\PresentationFramework.Luna.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b864ec9d102833ef1fa33daa1e16466e\PresentationFramework.Classic.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\69f6cb0fc6bc6ab87a9f1508c20f211d\PresentationFramework.Royale.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\302a17a6b2ce87bad45bef24ea4181fe\napsnap.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1413e5b9bf9341cc2d3ab7f5c877e782\napinit.ni.dll

+ 2011-10-12 10:32 . 2011-10-12 10:32 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\86024627ce245ddb4d6df1acad88b4c6\naphlpr.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\05f4ab404d811899c2e1755e01dc3eb0\MSBuild.ni.exe

+ 2012-02-15 10:39 . 2012-02-15 10:39 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\198ebc0688376cf34789828a00ccc4cc\MMCFxCommon.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\93989e793f3a083f7895ab1d59540126\Microsoft.WSMan.Management.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fa4b24a0327625473ca63733c4208eff\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f2cc66a5386dd5098a938b5a00970a23\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f1b69c37894f84ef4a070a00688615f3\Microsoft.PowerShell.Security.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bc25994e8258b77ffe86fb278efb66c8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a6e1a86b775abb8dd57a784ef7e73c4f\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\336c27b9f4ef2dc2bf9068897501faff\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\07e3cc9e89d7d02ce64d1f7af425a73f\Microsoft.MediaCenter.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ffc57525fe80f9b7cda217700adaa8f5\Microsoft.ManagementConsole.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b0b6eb3598ea055202d7e8da4e7716e7\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\01413d9fe40693f0c02615092e4338c9\Microsoft.Build.Utilities.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8f065aeb58e21ff26f8f2d3be4d5f933\Microsoft.Build.Engine.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\4f7c9b0b6c66d7dd85f7c873cc77c8f7\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\8dfba9717d7d59584769123e286c2ba9\EventViewer.ni.dll

+ 2011-10-12 10:31 . 2011-10-12 10:31 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\6c0adc1b359993851c9af87074f237d5\ehiExtens.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c35db08840537350fc9e65b9cefcff86\ehExtHost32.ni.exe

+ 2011-10-12 10:31 . 2011-10-12 10:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\95fcdaa68b7915044d8409e2a6f50547\ComSvcConfig.ni.exe

+ 2012-02-15 10:00 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll

+ 2012-02-15 10:00 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll

+ 2012-01-11 14:02 . 2011-10-25 15:58 1314816 c:\windows\SysWOW64\quartz.dll

- 2010-02-09 21:17 . 2009-12-04 18:29 1314816 c:\windows\SysWOW64\quartz.dll

+ 2012-01-11 14:02 . 2011-11-18 20:55 1167984 c:\windows\SysWOW64\ntdll.dll

+ 2009-07-18 03:21 . 2012-02-29 23:18 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2012-02-15 10:00 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll

+ 2012-02-15 10:00 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll

+ 2012-02-15 10:00 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll

- 2011-03-23 10:53 . 2011-02-22 13:33 1068544 c:\windows\SysWOW64\DWrite.dll

+ 2012-03-14 05:22 . 2012-02-13 13:44 1068544 c:\windows\SysWOW64\DWrite.dll

- 2011-02-10 04:17 . 2011-01-20 14:12 1172480 c:\windows\SysWOW64\d3d10warp.dll

+ 2012-03-14 05:22 . 2012-02-13 14:12 1172480 c:\windows\SysWOW64\d3d10warp.dll

+ 2012-02-15 10:00 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll

+ 2012-03-14 05:22 . 2012-02-02 15:34 2765824 c:\windows\system32\win32k.sys

+ 2012-02-15 10:00 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll

+ 2012-01-11 14:02 . 2011-10-25 16:13 1570816 c:\windows\system32\quartz.dll

- 2010-02-09 21:17 . 2009-12-04 18:51 1570816 c:\windows\system32\quartz.dll

+ 2012-01-11 14:02 . 2011-11-18 20:55 1585152 c:\windows\system32\ntdll.dll

- 2009-10-08 12:40 . 2009-06-15 15:11 1689600 c:\windows\system32\lsasrv.dll

+ 2012-01-11 14:02 . 2011-11-16 16:41 1689600 c:\windows\system32\lsasrv.dll

+ 2012-02-15 10:00 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll

+ 2012-02-15 10:00 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll

+ 2012-03-14 05:22 . 2012-02-13 14:03 1555968 c:\windows\system32\DWrite.dll

- 2011-03-23 10:53 . 2011-02-22 13:53 1555968 c:\windows\system32\DWrite.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 1093632 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\ZuneDriver.dll

+ 2011-06-06 20:49 . 2011-06-06 20:49 2152176 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WUDFUpdate_01009.dll

+ 2011-06-06 20:49 . 2011-06-06 20:49 1721576 c:\windows\system32\DriverStore\FileRepository\zune.inf_3e7d44d1\WdfCoInstaller01009.dll

+ 2011-06-06 20:49 . 2011-06-06 20:49 1721576 c:\windows\system32\DriverStore\FileRepository\wmzuneserusb.inf_a8c8911e\WdfCoInstaller01009.dll

- 2010-09-24 17:50 . 2010-09-24 17:50 1093632 c:\windows\system32\drivers\UMDF\ZuneDriver.dll

+ 2011-07-22 23:47 . 2011-07-22 23:47 1093632 c:\windows\system32\drivers\UMDF\ZuneDriver.dll

+ 2011-11-09 04:41 . 2011-09-20 21:06 1423744 c:\windows\system32\drivers\tcpip.sys

- 2011-02-10 04:17 . 2011-01-20 14:37 2002944 c:\windows\system32\d3d10warp.dll

+ 2012-03-14 05:22 . 2012-02-13 14:38 2002944 c:\windows\system32\d3d10warp.dll

+ 2009-05-07 08:13 . 2012-03-16 20:02 1838096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-05-07 08:13 . 2011-09-20 00:46 1838096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll

+ 2011-11-22 06:57 . 2011-11-22 06:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll

+ 2011-11-22 06:57 . 2011-11-22 06:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll

+ 2011-11-22 06:57 . 2011-11-22 06:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll

+ 2011-11-22 06:57 . 2011-11-22 06:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll

+ 2012-02-15 06:16 . 2011-11-01 11:24 3186688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll

+ 2011-10-11 19:10 . 2011-07-08 11:52 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll

+ 2011-10-11 19:10 . 2011-07-08 11:52 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll

+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll

+ 2011-11-22 05:31 . 2011-11-22 05:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-11-22 05:31 . 2011-11-22 05:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2011-11-22 05:31 . 2011-11-22 05:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2012-02-15 06:16 . 2011-11-01 11:23 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-10-11 19:10 . 2011-07-08 11:53 5911888 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 5911888 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2011-10-11 19:10 . 2011-07-08 11:53 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-03-13 10:04 . 2012-03-13 10:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-09-18 10:10 . 2011-09-18 10:10 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-09-18 10:09 . 2011-09-18 10:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-03-13 10:03 . 2012-03-13 10:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-03-15 04:58 . 2012-03-15 14:20 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-205834-00000003-ffffffff.bin

+ 2012-03-15 02:09 . 2012-03-15 04:47 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-03142012-180900-00000003-ffffffff.bin

+ 2012-03-15 02:15 . 2012-03-01 22:21 8643640 c:\windows\Microsoft Antimalware\Definition Updates\{A3497196-6933-4B3F-8872-32B645E1FD33}\mpengine.dll

+ 2012-03-15 05:00 . 2012-03-01 22:21 8643640 c:\windows\Microsoft Antimalware\Definition Updates\{43D4610E-6251-4ABD-B764-AA7302EB7D88}\mpengine.dll

+ 2011-10-26 23:36 . 2011-10-26 23:36 2829312 c:\windows\Installer\75add71.msp

+ 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\3c150a28.msp

+ 2011-11-01 20:34 . 2011-11-01 20:34 2247168 c:\windows\Installer\3c150a1e.msp

+ 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\3c150a0c.msp

+ 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\3c150a02.msp

+ 2011-12-25 12:48 . 2011-12-25 12:48 1505792 c:\windows\Installer\132bb4d3.msp

+ 2011-12-26 13:24 . 2011-12-26 13:24 8835072 c:\windows\Installer\132bb4ca.msp

+ 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\11a8de5c.msp

+ 2011-12-13 07:10 . 2011-12-13 07:10 4703232 c:\windows\Installer\11a8de5b.msp

+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL

+ 2011-08-03 07:14 . 2011-08-03 07:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL

+ 2012-03-16 01:35 . 2012-03-16 01:35 5718016 c:\windows\ERDNT\3-15-2012\Users\00000002\UsrClass.dat

+ 2012-03-16 01:35 . 2012-03-16 01:35 2404352 c:\windows\ERDNT\3-15-2012\Users\00000001\ntuser.dat

+ 2012-03-13 10:09 . 2012-03-13 10:09 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b18f859bfbbe0897cade0aa931c22477\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll

+ 2012-03-13 10:05 . 2012-03-13 10:05 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b60e888b3b9e41d46dcbd34d9fae80d6\System.Web.Services.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll

+ 2012-03-13 10:17 . 2012-03-13 10:17 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll

+ 2012-03-13 10:15 . 2012-03-13 10:15 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ae0350a4319938f36788f102a46ae925\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2012-03-13 10:14 . 2012-03-13 10:14 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll

+ 2011-11-18 19:44 . 2011-11-18 19:44 5658624 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\c6107471b8f6d6f2eb782cc788fe3a24\ZuneShell.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 5658624 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\38ec4a36a4ffdee31b203b7796954403\ZuneShell.ni.dll

+ 2011-11-18 19:44 . 2011-11-18 19:44 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\7e73466953b9f6f1ec36b16294bfeba3\ZuneDBApi.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 3635712 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\12d4412023b3deb586d10c5b8d1424a6\ZuneDBApi.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\38422ddfb88ccd3c565063035ebf3244\WindowsBase.ni.dll

+ 2012-02-15 10:28 . 2012-02-15 10:28 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\25872726936ed8841436a524593d63a1\WindowsBase.ni.dll

+ 2011-11-18 19:44 . 2011-11-18 19:44 6219776 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\9ad61b7eb1735a972e6136d17a42fd93\UIX.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 6219776 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\27438776ffb34d834b239f1197e0485a\UIX.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 2632192 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\88df8e0913ac5d1bc302d132010bc589\UIX.RenderApi.ni.dll

+ 2011-11-18 19:44 . 2011-11-18 19:44 2632192 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\15ef8e1c7b7d83e3764d58334c302cef\UIX.RenderApi.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\d1f22fe58e8a36168016110cca333f35\UIAutomationClientsideProviders.ni.dll

+ 2011-10-12 10:38 . 2011-10-12 10:38 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\7fa48da22e345b49d1f50bbaa5ffc39c\UIAutomationClientsideProviders.ni.dll

+ 2012-02-15 10:30 . 2012-02-15 10:30 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d83de90759ccad6d8dce7cdd16df798d\System.Xml.ni.dll

+ 2011-10-12 10:30 . 2011-10-12 10:30 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d444289d3cf8f139ec57cee71c59a4f9\System.Xml.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\feaffadaa3f97b0c4fb95523f7cae466\System.WorkflowServices.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\4223600dc6133441b1898abaf12031ca\System.WorkflowServices.ni.dll

+ 2012-01-12 10:06 . 2012-01-12 10:06 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\afbeeaf9c41f39886704cbf181b1feb2\System.Workflow.Runtime.ni.dll

+ 2012-02-15 10:30 . 2012-02-15 10:30 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\1388f6ea2b0480b586280f1c3398c20c\System.Workflow.Runtime.ni.dll

+ 2012-02-15 10:30 . 2012-02-15 10:30 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\c90eeca87d0cfad619845cb3f35a2606\System.Workflow.ComponentModel.ni.dll

+ 2012-01-12 10:06 . 2012-01-12 10:06 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ac5a3688b743358aa5b24b9efd971d9d\System.Workflow.ComponentModel.ni.dll

+ 2012-02-15 10:30 . 2012-02-15 10:30 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\566e7ad1d6e98704b926996e959957f0\System.Workflow.Activities.ni.dll

+ 2012-01-12 10:05 . 2012-01-12 10:05 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\007c8c2f4141fd472da7d3558efba598\System.Workflow.Activities.ni.dll

+ 2012-01-12 10:08 . 2012-01-12 10:08 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f3222dbcdeebd53ee1c3f88c9ebf6c94\System.Web.Services.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\202e1c4478bb2a6d6bda717039909f98\System.Web.Services.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\788637c2fe1980943722fdc30e14e54a\System.Web.Mobile.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\525e8846136415d472c2e7ba482ccd54\System.Web.Mobile.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cedfd9b90274b017d11ed50abe8634e8\System.Web.Extensions.Design.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c0d2bc2e2357ed023b85d18b96e21d60\System.Web.Extensions.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\0560ed537c7f0f8e894371a4e07d14a9\System.Web.Extensions.Design.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\03cd3539739848c8ab17c469cbd383d8\System.Web.Extensions.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\e0ad1fc372b77c63962d0ac7435c8ea7\System.Speech.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\170d1b4e12a2f95dafa23eaa6d688ae9\System.Speech.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\cb5200c2d67ebf37333bdd57a06e7a11\System.ServiceModel.Web.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\161e0c575e47b866c74fc9f67a218704\System.ServiceModel.Web.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0a2450bff855e1635f902a1dcead8aa4\System.Runtime.Serialization.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0923cf543f311891eeae4e5ce30ca46c\System.Runtime.Serialization.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\ff44b057a3140f227295d685d9a4875e\System.Runtime.Remoting.ni.dll

+ 2012-01-12 10:08 . 2012-01-12 10:08 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a0a442c47ac0b846bb886aa405a10138\System.Runtime.Remoting.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\c9a260f49f8d68c27828e886deed8c2a\System.Printing.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\65f0a2b25abe0096d6518638049783b5\System.Printing.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\bad8bf7c0cfe20ebaaec03f38dc02536\System.Management.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2ecec1b5620795b9330bb6fadbe5e319\System.Management.ni.dll

+ 2012-01-12 10:09 . 2012-01-12 10:09 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\74f5ddf803f50c428293fe6115d6eea7\System.IdentityModel.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\50b67e51c77e7563dc9c4c5d241621f8\System.IdentityModel.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\caab7166e3bd29ad25ddab20072bfa47\System.EnterpriseServices.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1a90a8d222464221458d0ebef4ac8216\System.EnterpriseServices.ni.dll

+ 2011-10-12 10:29 . 2011-10-12 10:29 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\bb534aa272960f375bef0d75162b5249\System.Drawing.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1afaf284590c36dab0dd04900e831003\System.Drawing.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ed7fb15bcbe8f5feffe378ead395e7a5\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d33cb141beadd31bbfacdaaa2a8c9eb0\System.DirectoryServices.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d331e73478ddb35b0cdf57fb5d20f36b\System.DirectoryServices.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\8e50c51664409fd0827cad6f3bd6620f\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7c69e3dc27ebcbcfb593441dde062f9f\System.Deployment.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\1022c06835e5efb9182a51a9cc8bed0a\System.Deployment.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\9b667f51f9e74c247d316347e877bcb8\System.Data.ni.dll

+ 2011-10-12 10:29 . 2011-10-12 10:29 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\54a302a693fe200dca13ae027dd1483e\System.Data.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\ca490db992ca01cd0738cc925ff19667\System.Data.SqlXml.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\890ddce9d0da20701310973b426ad9bc\System.Data.SqlXml.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\623fe421e955fea3584af075f5791b25\System.Data.Services.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3a35cfdccde13bc82cad2d185cbf499b\System.Data.Services.ni.dll

+ 2012-02-15 10:37 . 2012-02-15 10:37 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\ba62bcf7cadca469b4dca5c359a25d5c\System.Data.Services.Client.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\482a5772033d3697d48cd56fabaa8f47\System.Data.Services.Client.ni.dll

+ 2011-10-12 10:34 . 2011-10-12 10:34 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\f94166a266be79a233e9adaef6dab1b7\System.Data.OracleClient.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\44b712cef2634344f6937bc262ef4694\System.Data.OracleClient.ni.dll

+ 2011-10-12 10:29 . 2011-10-12 10:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\a9b091af2bfa6b42d6d4ba21bbab2654\System.Data.Linq.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\526525bada7c41807b7c7f5163cd6b9b\System.Data.Linq.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\e0fae46f26c65a886991bb79b7b9226e\System.Data.Entity.Design.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\31ea0ae493a84f5f9fdb53ac2ea0ef5e\System.Data.Entity.Design.ni.dll

+ 2011-10-12 10:29 . 2011-10-12 10:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\d29cd9af48c9f04e62f28a358ce7a5ef\System.Core.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\8a86a03df8c034f9fe94a90a8b33db3e\System.Core.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ed12ba2bc40f63f4df4a88d0dc63d944\System.Configuration.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\50f97a989230bfb46ad7522a8b5b2512\System.Configuration.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\cea11bf24c34ec3c60e3c625a5352bf8\ReachFramework.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\84498b1de82bbca231c0f2c752f006a0\ReachFramework.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fbbc64b5a3c02693e17b46185eb9c694\PresentationUI.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\2f6ef4c26e7407afd96c67a356654b49\PresentationUI.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\f279cbbbf242e95f1585e0ed3cce3a8c\PresentationBuildTasks.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0bad6e741e9b73cc6cc2c935f0e42785\PresentationBuildTasks.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\fae816622f2bd77ac9cb69ab8caf1439\Narrator.ni.exe

+ 2011-10-12 10:37 . 2011-10-12 10:37 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\5668e146fdbccc3f9f4b21d5a70b7eb4\Narrator.ni.exe

+ 2011-10-12 10:36 . 2011-10-12 10:36 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\acd4d9299552d5e1680f939da1001675\MMCEx.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\813233f023d8a37741bf10a899a40d86\MMCEx.ni.dll

+ 2012-01-12 10:09 . 2012-01-12 10:09 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\6029a4ca1be3d971d470eb2c1ff627e0\MIGUIControls.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\27671a1907d4daac68d35b72cb945526\MIGUIControls.ni.dll

+ 2012-01-12 10:10 . 2012-01-12 10:10 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\7fe40682a4f2f30ddb25da3a8796d282\Microsoft.VisualBasic.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\0dd8910bfe51905a020755c33972874b\Microsoft.VisualBasic.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\f0e3b091c929659d66eb6d38806c9918\Microsoft.Transactions.Bridge.ni.dll

Share this post


Link to post
Share on other sites

+ 2012-02-15 10:34 . 2012-02-15 10:34 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\33d0757ae05cf2701e0e0a650be1fd6f\Microsoft.Transactions.Bridge.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f602483681a340d774a3fb19e3f5faaf\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a8ca266acdc1120f6cbaf16bf1f5be12\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\93a00009479393fb3dc23107fbd06613\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\70876695a10b89775f51fd2033220260\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\51e93fa5d3d932b5446137a795ca9c20\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\4ee8d9de2acfeb69ef137dc0683adfab\Microsoft.PowerShell.Editor.ni.dll

+ 2012-01-12 10:09 . 2012-01-12 10:09 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23408f67b7fddc32d03fa6d8deeafcd7\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0c4f40ac6da2baed13644ab6360fd76c\Microsoft.PowerShell.Editor.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9df3f852b8583da755e4cb9a2f6a1842\Microsoft.MediaCenter.UI.ni.dll

+ 2012-01-12 10:09 . 2012-01-12 10:09 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3894a5164ae656639bed7f6270f97182\Microsoft.MediaCenter.UI.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\a42e9c2f3579a23f3fe9e6763e53ace3\Microsoft.JScript.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\0d63b26057e00a40a7cfdfb58d7593cd\Microsoft.JScript.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a10c7341ff111e139130e620d26d3a0a\Microsoft.Ink.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3045878874146498c9da9a6eed4be62b\Microsoft.Ink.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a122edc697aa66875d7ff60eb40d8227\Microsoft.Build.Tasks.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\82f74fab143033cd45fcd41b17ad022c\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\72488f2c9eb8bf1a2dde5c3496d8522a\Microsoft.Build.Tasks.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\36b5545313b5fe7626a8f19a777fe4be\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\e01249a28f97e19d607b4d3695561775\Microsoft.Build.Engine.ni.dll

+ 2011-10-12 10:33 . 2011-10-12 10:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ce277fc44040a06e7b22f2715d7a05bf\Microsoft.Build.Engine.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\ac7f321c96e23b280451869622c3de29\Microsoft.Build.Engine.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\9fa4fecb821f6b383105ca9c998822ff\Microsoft.Build.Engine.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\cff7496ab1f3cc4bd4c5917a295052b3\ehRecObj.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\0430891c4fd63c2c2c57e8818837b8e9\ehRecObj.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 1984000 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\738c623aea8c89726fa53d742c8307ad\ehiVidCtl.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\98e0dc72b212c67832a3ab534793f196\ehiProxy.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\a0e13fcedfd3edbc2b31061df9e7103c\ehiPlay.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\d1517599f8ef900469465ef058a6e376\ehepg.ni.dll

+ 2011-10-12 10:35 . 2011-10-12 10:35 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\51f89ed8312bfbd2e4b432063c6b94a5\ehepg.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\5764bf0f628c3005df47256066e1546e\UIAutomationClientsideProviders.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\42aab7622ac540a7f723746eb504b8bf\System.WorkflowServices.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\90830f08864867269d0d67ddc69e0c91\System.Workflow.Runtime.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ef2ac8fea39fff26760ecaa2b6a8a1e4\System.Workflow.ComponentModel.ni.dll

+ 2012-02-15 10:32 . 2012-02-15 10:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a9e0a2d0092048b7cbdf047ac67a0a70\System.Workflow.Activities.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9e9b877233af4f943e1bba780b767edb\System.Web.Mobile.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\429a4d04621db0948decbf5ba1179099\System.Web.Extensions.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8c79bebe646434c3e598ccc2f81dfded\System.Speech.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\55fa3e9bbc83c786ece774b817e5aea9\System.ServiceModel.Web.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\bf625b2c81489c9f180244f24c905c6b\System.Printing.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\327db12a0bf01375d7984a1ebaae1e94\System.Management.Automation.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bca583078ddeedc872dd636e2ef62fc9\System.DirectoryServices.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4b20b4caec77caa9c2ecec32801d1f94\System.Data.SqlXml.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\acb2030c6bb75a2bd3bb93006a3a9850\System.Data.Services.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3e80c188333aed0aec65becc922c64cf\System.Data.OracleClient.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\41070ea901fdce7f37b6bc967aa64510\System.Data.Linq.ni.dll

+ 2012-02-15 10:40 . 2012-02-15 10:40 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19b6aa7e9b2c27c7f73af48e0a02b20b\System.Data.Entity.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\30fe25ea2dd3b99aafe164fb198eed2e\System.Core.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb002fac5d128e82d1b8c77243ec017f\ReachFramework.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0efbdcfbf8a59e108caa1b96d07df18c\PresentationUI.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\54a4b03bb83da6e95ba6644c62a0d249\PresentationBuildTasks.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\771ae0bc781975352dca1e1930152a06\Narrator.ni.exe

+ 2012-02-15 10:39 . 2012-02-15 10:39 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\d3f65df6ca5307d1d9635503e26952c8\MMCEx.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\721eab22dc9448c3a84463ead0641e70\MIGUIControls.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6a5a1bc9e5ba685875280d484d8aeeba\Microsoft.Transactions.Bridge.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bfea2eb1264108a486d86a923bd62713\Microsoft.PowerShell.Editor.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7d430a20a2015ada714a72f098748fbc\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4af36bc8b46bc6ae86b30c70e19779ce\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7650918339cfbde0e437441b28cb58d1\Microsoft.MediaCenter.UI.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\d7fff1d75940f513826f747729a3d10d\Microsoft.JScript.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\552f955312b006ea0c597e554b0768bc\Microsoft.Ink.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e17974befe435fb95ff9c9eba9e48a2b\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\07dafaf97513402d4bb1e9ed741025fb\Microsoft.Build.Tasks.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f7e039f4c9127e3fcb8cd4a7c1fd6bc6\Microsoft.Build.Engine.ni.dll

+ 2012-02-15 06:16 . 2011-11-01 11:23 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-10-08 10:01 . 2010-10-08 10:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2012-01-12 10:06 . 2012-01-12 10:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-10-11 19:10 . 2011-07-08 11:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-01-11 14:02 . 2011-12-27 02:51 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-06-15 14:13 . 2011-03-29 10:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-11 19:10 . 2011-07-08 11:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-02-15 10:00 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll

- 2006-11-02 12:33 . 2011-09-17 04:25 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2006-11-02 12:33 . 2012-03-15 00:02 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-02-15 10:00 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll

+ 2006-11-02 12:35 . 2012-03-14 10:00 56297240 c:\windows\system32\mrt.exe

+ 2012-02-29 23:18 . 2012-02-29 23:18 11350688 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

+ 2012-02-15 10:00 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll

+ 2010-10-25 04:24 . 2012-03-16 20:02 14586588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-809377086-3892647188-450367023-1000-12288.dat

+ 2011-10-11 19:10 . 2011-07-08 11:52 10020688 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll

+ 2011-09-16 01:37 . 2011-09-16 01:37 38176256 c:\windows\Installer\d3356fb.msp

+ 2011-09-16 01:37 . 2011-09-16 01:37 37148160 c:\windows\Installer\d3356de.msp

+ 2011-07-12 00:33 . 2011-07-12 00:33 23254016 c:\windows\Installer\5110b81.msp

+ 2012-02-16 10:00 . 2012-02-16 10:00 20333056 c:\windows\Installer\50f768b.msp

+ 2011-10-12 10:07 . 2011-10-12 10:07 20333568 c:\windows\Installer\2adb252b.msp

+ 2011-11-22 07:42 . 2011-11-22 07:42 33189888 c:\windows\Installer\18c3fe9.msp

+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\11a8de5d.msp

+ 2011-08-04 02:53 . 2011-08-04 02:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL

+ 2012-03-13 10:05 . 2012-03-13 10:05 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll

+ 2012-03-13 10:11 . 2012-03-13 10:11 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll

+ 2012-03-13 10:13 . 2012-03-13 10:13 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll

+ 2012-03-13 10:12 . 2012-03-13 10:12 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll

+ 2012-03-13 10:08 . 2012-03-13 10:08 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll

+ 2012-03-13 10:10 . 2012-03-13 10:10 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll

+ 2012-03-13 10:09 . 2012-03-13 10:09 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll

+ 2012-03-13 10:05 . 2012-03-13 10:05 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll

+ 2012-03-13 10:16 . 2012-03-13 10:16 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll

+ 2012-03-13 10:06 . 2012-03-13 10:06 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll

+ 2012-03-13 10:05 . 2012-03-13 10:05 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll

+ 2011-10-12 10:27 . 2011-10-12 10:27 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\f12d03e6dad70f35e012254871553713\System.ni.dll

+ 2012-02-15 10:27 . 2012-02-15 10:27 10603008 c:\windows\assembly\NativeImages_v2.0.50727_64\System\9c5a20ad9bca08482932ce1b66e020b7\System.ni.dll

+ 2012-02-15 10:30 . 2012-02-15 10:30 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ccc446f5c5936c2704b3ab8a815a8735\System.Windows.Forms.ni.dll

+ 2011-10-12 10:29 . 2011-10-12 10:29 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\5cb03828bc75159bc60c7ba3b192f63d\System.Windows.Forms.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\6a969719f2356dcb2ad153c50580f017\System.Web.ni.dll

+ 2012-01-12 10:08 . 2012-01-12 10:08 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\0a2ea7a9a9d9fd9ae47468adbdee2e05\System.Web.ni.dll

+ 2012-01-12 10:09 . 2012-01-12 10:09 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\efc60b11b649ed506c64172b3373f936\System.ServiceModel.ni.dll

+ 2012-02-15 10:33 . 2012-02-15 10:33 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\dee3b7b085bb4d8d12fbc10e0c1e7d77\System.ServiceModel.ni.dll

+ 2011-10-12 10:36 . 2011-10-12 10:36 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\f20cd853902d31f596cb77e1fb0a5011\System.Management.Automation.ni.dll

+ 2012-02-15 10:35 . 2012-02-15 10:35 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\903f8ff578c0a5f39df8f827c60b6534\System.Management.Automation.ni.dll

+ 2012-01-12 10:05 . 2012-01-12 10:05 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\c41b930b44ddfaef2faf314f690bb35e\System.Design.ni.dll

+ 2012-02-15 10:29 . 2012-02-15 10:29 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\9624fa95cbda77d9a5a9ff6f48f31ca9\System.Design.ni.dll

+ 2012-02-15 10:36 . 2012-02-15 10:36 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\b07702051c0a4be42cb0458ba4cc9869\System.Data.Entity.ni.dll

+ 2011-10-12 10:37 . 2011-10-12 10:37 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\0359dddfa810980ea79ff603f8977974\System.Data.Entity.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9571673404921b0e6a53a4d1d00891a2\PresentationFramework.ni.dll

+ 2012-02-15 10:28 . 2012-02-15 10:28 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7c3a6bfde371b3a5933286f61482ba39\PresentationFramework.ni.dll

+ 2011-10-12 10:28 . 2011-10-12 10:28 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\6cc39b5515d14c1670b7a1a47b947420\PresentationCore.ni.dll

+ 2012-02-15 10:28 . 2012-02-15 10:28 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0f625fbf49e2b82e827e7fbf514a3473\PresentationCore.ni.dll

+ 2011-10-12 10:27 . 2011-10-12 10:27 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\897e1f6e4749dcdf03064150aa556c8c\mscorlib.ni.dll

+ 2012-01-12 10:09 . 2012-01-12 10:09 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\b8a06c151452395f513aaa5d730fb5a4\ehshell.ni.dll

+ 2012-02-15 10:34 . 2012-02-15 10:34 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\685df08aebcc133240f869b141c08c33\ehshell.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

+ 2012-02-15 10:38 . 2012-02-15 10:38 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll

+ 2012-02-15 10:39 . 2012-02-15 10:39 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\77f15f1c4c6266eaac33f0396a04e28e\System.Design.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll

+ 2012-02-15 10:31 . 2012-02-15 10:31 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll

+ 2011-10-12 10:26 . 2011-10-12 10:26 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]

"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]

"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-4 113664]

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 22:40]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-24 22:40]

.

2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]

"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2012-03-16 13:16:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-16 20:16

ComboFix2.txt 2011-09-20 00:54

.

Pre-Run: 284,586,586,112 bytes free

Post-Run: 287,803,613,184 bytes free

.

- - End Of File - - 242CDCF42F77150E75C4B91CCD5DE84C

Share this post


Link to post
Share on other sites

In your next reply, go to folder C:\qoobox find the log-file ComboFix-quarantined-files.txt and Attach it.

MBAM result i most excellent: it tagged nothing. It appears the earlier run of TDSSKILLER did the heavy lifting.

This system needs Java runtime updated, and Adobe Reader updated as well.

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Step 2

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Remove Adobe Reader.

Get the latest version from http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar"

Step 3

Close any apps you started. And Start MS Security Essentials.

Do an UPDATE run.

Making sure it is updated, do a full scan of system.

Let me know the results of MSE scan, Attach the ComboFix-quarantined-files.txt,

and tell me, How is your system now?

Share this post


Link to post
Share on other sites

Well, the full MSE scan only 5 the 5 trojans from the ComboFix quarantined file...They are

Win64/Alureon.gen!F

Win32/Alureon.gen!AD

Win64/Alureon.gen!J

Win32/Orsam!rts

Win32/Alureon.FK

And, I'm sorry, but I don't see an option to attach a file. I found the ComboFix file, but can you tell me how to attach it?

Share this post


Link to post
Share on other sites

Let's follow-up with some other scans and a report.

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

Step 2

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3

You have Security Check utility already. Start & run it.

Reply with copy of contents of the ESET scan log

Latest MBAM scan log

& Checkup.txt

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=333d0e57897ef54d8bd2a3956fc25ecd

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-03-18 06:44:01

# local_time=2012-03-18 11:44:01 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 56 15847621 168689131 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=312582

# found=7

# cleaned=0

# scan_time=5816

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I

C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\88eksb5t.default\extensions\{7a1c9476-a882-49b9-a94c-1cb91100b1d7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan (unable to clean) 00000000000000000000000000000000 I

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.18.03

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

H :: H-PC [administrator]

3/18/2012 11:48:23 AM

mbam-log-2012-03-18 (11-48-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191485

Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Results of screen317's Security Check version 0.99.31

Windows Vista x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 31

Adobe Reader X (10.1.2)

Mozilla Firefox (11.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

ID: 18   Posted (edited)

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :files
    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe
    C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe
    C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta
    C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta
    C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta
    C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes.

After doing that, do the cleanup steps in the following. And follow the tips to keep your system safer.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combofix icon_exclaim.gif

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\H\Desktop\ComboFix /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Please double-click OTL.exe otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

I re-emphasize again, an important safety feature of Windows is UAC. Turn it ON

see http://windows.micro...ntrol-on-or-off

We are finished here. Best regards.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Thanks for all of your help. Here is the results of OTL:

========== FILES ==========

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully.

C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe moved successfully.

C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0001.dta moved successfully.

C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0003.dta moved successfully.

C:\TDSSKiller_Quarantine\15.03.2012_18.52.47\mbr0000\tdlfs0000\tsk0004.dta moved successfully.

File\Folder C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe not found.

OTL by OldTimer - Version 3.2.39.1 log created on 03182012_130156

It couldn't find the last file, but did not ask me to reboot. Not sure if that is an issue or something lingering to be concerned about?

I'll begin the cleanup process you reference and the steps to protect myself in the future. Thanks again for all of your efforts and time.

Share this post


Link to post
Share on other sites

No need for concern on the file not found in this list. I believe the 2nd line took care of the parent entry.

You are welcome. Please keep safety/security foremost in mind.

Share this post


Link to post
Share on other sites

one more question I just attempted to run the OTL cleanup, and it didn't really seem to remove any of the files or programs that you had me download. It did remove the OTL program, though. But I still have aswMBR, RSITx65...etc on my desktop

Should I just now go in and uninstall all of those programs individually?

Share this post


Link to post
Share on other sites

The OTL Cleanup run will remove the tools that it "is programmed to remove".

You may simply deleted aswMBR.exe

RSITx64.exe

RogueKiller.exe

TDSSKILLER.exe

Listparts.exe or others (if present) on your Desktop that I had you get, with 1 exception.

ERUNT you should keep and use periodically to backup the Windows registry.

Share this post


Link to post
Share on other sites

This having been resolved, it is now closed.

Cheers.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.