[Closed] Possible fake AVG and Security Shield virus

Status
Not open for further replies.
D

dover1982

Posts: 47   +0
I've recently had a threat detection claiming to be AVG Identity Protection, which popped up immediately after two threats were caught by AVG's Resident Shield. I was able to close the first two threats caught by Resident Shield but wasn't able to close out the following threat by AVG Identity Protection, the window remains on top of any other windows being used. I restarted the computer but it was still there after start up. A second AVG Identity Protection alert popped up after re-enabling AVG after doing the preliminary scans but is gone after restarting the computer, though the first AVG Identity Protection is still there. I attempted to remove the initial two threats caught by Resident Shield and there is a green checkmark next to both files as though they were successfully removed but one of those files, in the column that identifies what type of infection, reads : "May be infected by unknown virus Win32/DH{LgMPNg}". I'm still nervous though on whether or not those two initial findings were actually neutralized by Resident Shield. Resident Shield has since found four more objects. I have not clicked any of the options on the AVG Identity Protection pop up. The AVG Identity Protection file doesn't show up in the Online Shield findings or the Virus Vault or anything within the AVG interface. I had a fake Windows Security and Security Shield pop ups, these would be pop up, close on their own temporarily and then reappear continually. The Security Shield prevented me from using Internet Explorer for a short time by IE now works. There were a couple of notifications from AVG that certain programs/objects were trying to access the internet, so I blocked one and the next I wondered if it was a fake or not because Securtiy Shield didn't pop up until after I clicked "block" on the initial one.

I also have a pop up in the lower right hand corner of the screen that reads :
"Check your User Account Control Settings
User Account Control is turned off.
Click this notification to fix the problem"
(Though this hasn't popped up today for some reason.)
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.02.07
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Mary :: MARY-PC [administrator]
8/2/2012 11:42:28 AM
mbam-log-2012-08-02 (11-42-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204964
Time elapsed: 2 minute(s), 26 second(s)
Memory Processes Detected: 1
C:\Users\Mary\AppData\Local\temp\755D.tmp (RootKit.0Access) -> 3624 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|YahooPartnerToolbar (Trojan.Cridex) -> Data: C:\Users\Mary\AppData\Roaming\2BA334.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Mary\AppData\Local\temp\755D.tmp (RootKit.0Access) -> Delete on reboot.
C:\Users\Mary\AppData\Roaming\2BA334.exe (Trojan.Cridex) -> Delete on reboot.
C:\Users\Mary\AppData\Local\temp\4C6EE887B3CF44.exe (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.
(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Mary at 13:07:09 on 2012-08-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2308 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CNYHKey.exe
C:\Users\Mary\AppData\Local\qyvqou.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
uInternet Settings,ProxyOverride = ????????;127.0.0.1:9421;<local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [LedKey] CNYHKey.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B666f7fc8-a785-4d1b-9863-eb4fc40822e1%7D&mid=ef9351033a2cf750a079032fbdd642b8-c98eeb274289a88edf12d9eb252238c58951ab67&ds=AVG&v=11.1.0.12&lang=us&pr=pa&d=2012-02-25%2019%3A43%3A16&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 91660647;91660647;C:\Windows\system32\DRIVERS\91660647.sys --> C:\Windows\system32\DRIVERS\91660647.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2012-2-25 167264]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 PCTSFileEnum;PCTSFileEnum;C:\Program Files (x86)\PC Tools\DMScanning\PCTSFiles.exe [2012-5-9 89016]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-02 15:31:37 454656 ----a-w- C:\Users\Mary\AppData\Local\qyvqou.exe
2012-07-10 23:22:11 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-19 06:23:24 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
============= FINISH: 13:07:34.78 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2006 9:39:32 PM
System Uptime: 8/2/2012 11:52:19 AM (2 hours ago)
.
Motherboard: Gateway | | WG43M
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 412.126 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0141
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0141
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0244
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0244
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0293
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #5
PNP Device ID: ROOT\*6TO4MP\0293
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0409
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0409
Service: tunnel
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D01FCF&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
AVG PC Tuneup 2011
Canon MP Navigator EX 2.0
Canon MP240 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
ESET Online Scanner v3
FlipShare
Gateway Games
Gateway Photo Frame 4.2.3.6
Gateway Recovery Management
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
KB0817 Keyboard Driver
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
PC Tools on-the-fly Scanner 9.0
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
8/2/2012 4:23:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.153 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/2/2012 2:02:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.152 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/2/2012 12:38:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.151 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/2/2012 11:53:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SRTSP SRTSPX
8/2/2012 11:53:36 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/2/2012 11:53:36 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/2/2012 11:53:36 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/2/2012 11:53:36 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
8/2/2012 11:53:13 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MP240 series Printer with shared resource name Canon MP240 series Printer. Error 1753. The printer cannot be used by others on the network.
8/2/2012 11:30:56 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5).
8/1/2012 8:04:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.148 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 7:43:40 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 7:34:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.146 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 7:05:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.145 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 3:47:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.144 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 3:32:33 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.143 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 12:55:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.142 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 12:26:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.150 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 12:25:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/1/2012 12:11:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.149 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/31/2012 12:10:56 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.139 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/31/2012 12:01:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/31/2012 1:29:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.140 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 7:27:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.129 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 6:09:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 4:53:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.136 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 4:13:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 3:29:30 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.134 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 3:07:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 3:04:46 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.128 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 12:01:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.127 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 1:34:54 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 1:13:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.131 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/30/2012 1:00:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.130 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/29/2012 7:51:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.125 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/29/2012 6:37:20 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.122 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/29/2012 6:19:54 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
7/29/2012 6:19:54 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.
7/29/2012 6:19:14 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MP240 series Printer with shared resource name Canon MP240 series Printer. Error 2114. The printer cannot be used by others on the network.
7/29/2012 6:18:59 AM, Error: EventLog [6008] - The previous system shutdown at 8:31:16 AM on 7/28/2012 was unexpected.
7/29/2012 12:24:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/29/2012 12:11:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.123 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/29/2012 11:06:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.126 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 8:17:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.121 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 7:15:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 7:04:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.119 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 6:25:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 6:12:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.117 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 5:34:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2012 5:22:02 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 8:32:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 7:50:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 7:04:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 3:41:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 3:10:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 2:20:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 12:54:15 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 12:16:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2012 12:01:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.112 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/26/2012 7:34:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/26/2012 7:01:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/26/2012 12:36:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/26/2012 1:46:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
ComboFix keeps saying that my AVG's Anti-Virus and Anti-Spyware protections are running but they're not. I opened the AVG interface and everything was disabled, as I used the instructions you provided. What do you want me to do? Should I run the scan anyways?
 
ComboFix 12-08-04.02 - Mary 08/04/2012 11:57:35.6.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2179 [GMT -4:00]
Running from: c:\users\Mary\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mary\AppData\Local\qyvqou.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-07-10 23:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-01-26 01:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 16:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:31 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 16:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 16:31 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 16:31 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 16:31 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 16:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 16:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 16:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-21 01:36 . 2012-05-21 01:36 388096 ----a-r- c:\users\Mary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-19 06:23 . 2012-05-19 06:24 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-25_23.38.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-10 23:22 . 2012-06-02 00:05 77312 c:\windows\SysWOW64\secur32.dll
- 2012-01-28 00:01 . 2011-11-16 16:24 77312 c:\windows\SysWOW64\secur32.dll
+ 2012-07-11 07:01 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-07-11 07:01 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-12 07:01 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-12 07:01 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-07-11 07:01 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-06-13 14:11 . 2012-04-23 16:00 98304 c:\windows\SysWOW64\cryptnet.dll
+ 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-19 02:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-05-19 02:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-03 10:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-05-19 02:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-08-03 10:41 65178 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-03 10:41 90296 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-05 23:57 . 2012-08-03 10:41 16172 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2407127360-2681154229-4036151088-1000_UserData.bin
+ 2012-07-11 07:01 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
+ 2012-07-11 07:01 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-04-12 07:01 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-07-11 07:01 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
- 2012-04-12 07:01 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-05 23:56 . 2012-05-25 22:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 23:56 . 2012-08-02 15:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 23:56 . 2012-05-25 22:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 23:56 . 2012-05-25 22:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-10 07:13 . 2012-05-10 07:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-10 07:13 . 2012-05-10 07:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-10 07:13 . 2012-05-10 07:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-07-14 09:44 . 2012-07-14 09:44 22016 c:\windows\Installer\dda3b69.msi
+ 2012-06-14 07:18 . 2012-06-14 07:18 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\51b404ef8e47dfb0f4b2511f95c0a00b\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\45cea41d795fbfd7e085a8ad6671b7c8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\bfa0565b9adfa8bfd87f92c9f87c1f4e\WindowsLiveWriter.ni.exe
+ 2012-06-14 07:40 . 2012-06-14 07:40 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\37d69d473475cbc291fd0debaa2630c2\WindowsLiveWriter.ni.exe
+ 2012-06-14 07:22 . 2012-06-14 07:22 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\654fd72fef1789e6fd9af7344e21caa4\WindowsLive.Writer.Api.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4ec0f82171557bfbb2804268b603ec1f\WindowsLive.Writer.Api.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d3f6ff3e9626fdcccb4b7e9f681ebf2f\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3e2877309499e4ab661dc95252da9e39\System.Web.DynamicData.Design.ni.dll
+ 2009-09-10 08:50 . 2012-08-02 17:30 6914 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2010-05-17 00:43 . 2012-08-01 11:05 2906 c:\windows\system32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-25 23:37 . 2012-05-25 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-25 23:37 . 2012-05-25 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-12 07:01 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-11 07:01 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-10 23:22 . 2012-06-02 00:04 278528 c:\windows\SysWOW64\schannel.dll
- 2012-01-28 00:01 . 2011-11-16 16:23 278528 c:\windows\SysWOW64\schannel.dll
+ 2012-07-10 23:22 . 2012-06-02 00:03 204288 c:\windows\SysWOW64\ncrypt.dll
- 2009-12-03 15:32 . 2009-04-11 06:28 204288 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-11 07:01 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
- 2012-04-12 07:01 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
- 2011-07-03 23:32 . 2011-07-03 23:32 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-11 07:01 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-11 07:01 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2012-04-12 07:01 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-13 14:11 . 2012-04-23 16:00 133120 c:\windows\SysWOW64\cryptsvc.dll
+ 2012-06-13 14:11 . 2012-04-23 16:00 984064 c:\windows\SysWOW64\crypt32.dll
+ 2009-09-06 14:43 . 2012-08-04 19:13 642386 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-04-12 07:01 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
+ 2012-07-11 07:01 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-07-10 23:22 . 2012-06-02 00:22 347136 c:\windows\system32\schannel.dll
- 2012-01-28 00:01 . 2011-11-16 16:42 347136 c:\windows\system32\schannel.dll
+ 2006-11-02 12:46 . 2012-08-04 16:18 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-05-19 02:52 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-05-19 02:52 104202 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-04 16:18 104202 c:\windows\system32\perfc009.dat
+ 2012-07-10 23:22 . 2012-06-02 00:22 254464 c:\windows\system32\ncrypt.dll
- 2012-04-12 07:01 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-07-11 07:01 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
- 2011-07-03 23:32 . 2011-07-03 23:32 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-11 07:01 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-11 07:01 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
- 2012-04-12 07:01 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
- 2006-11-02 15:21 . 2012-05-10 10:35 303936 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-02 15:21 . 2012-07-11 17:11 303936 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-13 14:11 . 2012-05-01 14:29 209920 c:\windows\system32\drivers\rdpwd.sys
- 2012-03-14 16:37 . 2012-01-09 14:27 209920 c:\windows\system32\drivers\rdpwd.sys
+ 2012-07-10 23:22 . 2012-06-04 15:29 516480 c:\windows\system32\drivers\ksecdd.sys
+ 2012-06-13 14:11 . 2012-04-23 16:25 174592 c:\windows\system32\cryptsvc.dll
+ 2012-06-13 14:11 . 2012-04-23 16:25 132096 c:\windows\system32\cryptnet.dll
- 2011-02-16 22:00 . 2012-05-25 23:35 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-16 22:00 . 2012-08-04 16:09 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
- 2012-04-12 01:57 . 2012-01-26 11:00 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-13 14:11 . 2012-04-23 11:01 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-12 01:57 . 2012-01-26 11:00 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-13 14:11 . 2012-04-23 11:01 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\88618d3ecf29f3fdeb504a7e8128d109\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
 
c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cb90e8f4f8a6b23eb9f56c7e2e866bcf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\80961515d3044ea901548167c32a5098\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\7abedc6a15e80e3c212baa95941bf58f\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\d3d3488e1e7b49196219986409296048\TaskScheduler.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\3b418c7263e7bee8431e453c3d656213\TaskScheduler.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\d317134f146313d51b3b5ee7a1695884\System.Web.Routing.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\7ed738c9e6e9fd019aefaac8f56c8369\System.Web.Routing.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\00a0903af7c1c11be3cca7a98cb6ce18\System.Web.Entity.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d21212991ecf3309c0ca510c61a237f1\System.Web.Entity.Design.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\51ee514bc742cadcb78b85f0380db9df\System.Web.Entity.Design.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c2380ec5280efd702bfe2e25715d3c11\System.Web.DynamicData.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\765b0ef0320723cd625712734e362ade\System.Web.DynamicData.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\2ed431cbe077cfcd288ecda76d4b96a0\System.Web.Abstractions.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\07eaba9f6f7f91bf97c28254b591d8b7\System.Web.Abstractions.ni.dll
+ 2012-06-14 07:15 . 2012-06-14 07:15 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\8363064608e30064d2740d8d84c0117a\System.ServiceProcess.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\3684a5e85850ee745803ade3c6280f2d\System.ServiceProcess.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\f16066c5217b2bae461d1c3a36b6675a\System.Messaging.ni.dll
+ 2012-06-14 07:15 . 2012-06-14 07:15 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\4432d66cfd92f7294b99e7c0b8d5d4e2\System.Messaging.ni.dll
+ 2012-06-14 07:37 . 2012-06-14 07:37 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\bf139e01549b7cab9fab5bf9da914194\System.Drawing.Design.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\4fe5c7e6ca867dc10be89bb2057d13a7\System.Drawing.Design.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\576f9dcaf73e3e48cb4bd57f88e44c33\System.Configuration.Install.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\e9bd06b6e8d13de7688a7b8d9caae4be\napsnap.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\3c2d0e2498e965850c59c3fa49d805db\napsnap.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d18aaabc1ed8e516fd6e15673ced499f\napinit.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\ae67752c0a44317b61c0070bf9469be5\napinit.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\d5f4f13114a618bff85ea70be9060c28\MMCFxCommon.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\a89f24a37e86820513a964c8c35b933b\MMCFxCommon.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 271872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\89080097376486d7994dbe7015c05e35\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55a4501a238179a84214f31ec3621bd2\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e37340446b8b435f5facfbbd67d7226c\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\a4de1bbf800bcc9e700b80d51f26f91e\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 535552 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\b75a18b30340ebf652e07e7986a444af\mcplayerinterop.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 584704 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\34fb6153dff5681bd9d771dea72db7ff\mcGlidHostObj.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\cbaec0147fffacc1c80d7b03a74a7f9f\EventViewer.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\4d0dfe6d2f6f1d7aaf9e2ed09ba62831\EventViewer.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\d954adca1b18f21f6cd542f0bcd2c1ce\ehExtHost.ni.exe
+ 2012-06-14 07:22 . 2012-06-14 07:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\fbd6d9596ad8384c13c254cec0cb59ea\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\2e31d2221c3f91d293ded861dd11573a\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fdf376885e140a52c5ad893d437c29a2\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0dca4168d4110e7b61b09a8c2766d1f\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d9467df89820fec8df390399f33fc76b\WindowsLive.Writer.Passport.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c4b4ae870f0ebb424bd87715f4fa6b4b\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a63c496369b82ea2ccb6bf0be975dee1\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a4f86241eeac9a0f61e6fd30c88b58dc\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fe622c01025b52a996d87ad67602514\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d6352ec5cfd1934a4f00a1f56563c25\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\990777e97d5a655046d9b326f427ebd2\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\586ca68bd0a17caffb782c8f7873b35e\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4924638f7bd688f70dac589fac581dbd\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3a2b9270a2589f82384dde1cb33377bf\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3448528cc8d5d1c4e81b3c43e3a7e7c7\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\295de356b799bfba94048ec398a95ef0\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\206c3a19cd311372fe92bf2fe56c5d36\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1d9bc3a333b38df7418c6b2335dec5a5\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\15c364f520a52d0767b4f64723021409\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0fdf8bf7c4ba9914027039a4241f4bbb\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f5e66985f62f0d343b7877a89cb00c5\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\03ee165b4294fbb878b5c928bc3a217b\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\9b08f0df3fb78059de966f8573b09e9d\WindowsLive.Client.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0d1cb6ae9e431b1a85d353711e3dd654\WindowsLive.Client.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\38785077f9a360a95eb1fa07feed55bf\WindowsFormsIntegration.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\dff98b9115ba5b0f796550c3604f3ac2\TaskScheduler.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\c52d4da15cc5d404f4d24e9376cc1a35\TaskScheduler.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\aa796aeab295b29e0b377e2230ac3c90\System.Web.Routing.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4d73bbe950309d7589e392c07e767981\System.Web.Routing.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c73a1e201cf0c7eb72f31ce9a65e7950\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c1a4d33fc32145339a8d6ecce8814a82\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\f8313d1191728d85c9a2c28995421886\System.Web.Entity.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\c332e16f64df41792d0cc94eff9a40cc\System.Web.Entity.Design.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\12516f41aa04efa76ca8462e648af096\System.Web.Entity.Design.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\62424ca77c07b7f69fca203232a95e36\System.Web.DynamicData.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3acd7d1f09834f8ad2b6f7c97f12d275\System.Web.DynamicData.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6308ea7dcc6abd9aea29b448a03f0af3\System.Web.Abstractions.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2b7f728157a94c56aaeb7f5a5412366c\System.Web.Abstractions.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70e0ec15e6548c58e84b9a5e37988adf\System.ServiceProcess.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad39a1c48ba36b5210abe02ef03bc2a\System.Messaging.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\15a9539184cc7e075473ae41871e692f\System.Messaging.ni.dll
+ 2012-06-14 07:38 . 2012-06-14 07:38 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\86d95330e670761c503f6f2e8cbe66b9\System.Drawing.Design.ni.dll
+ 2012-06-14 07:10 . 2012-06-14 07:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\231109965e6e50dca439e7c9199ecb66\System.Drawing.Design.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\559eb472944e19bca4d034eda4bdfcb7\System.Configuration.Install.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\983237d573ce7f6e3cde5e787fb27d18\napsnap.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2840f96c0590375ed722b20354bcd554\napsnap.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\e1de44dda528f5126f251f146f30487a\napinit.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\8b8104fa355233a2da02d6b76eebe92e\napinit.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\abad73384220ae89181e96ac43642187\MMCFxCommon.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\9621076f8f44240e769dd03177d0c47f\MMCFxCommon.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 613888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\325ac1ac15a300e798f799f6e175f930\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ef6a66d52d531be206ac416483aed2b8\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6afc6c8789571a4cb0a464811f84540f\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\388c7bf64c93109096741a046659c5e3\EventViewer.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\11804905535690869865532b52f0454a\EventViewer.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\9dd8a505c3c908c297f22443bd5c28c8\ehExtHost32.ni.exe
+ 2012-06-13 14:11 . 2012-04-23 11:01 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-12 01:57 . 2012-01-26 11:00 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-07-11 07:01 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-11 07:01 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
- 2009-11-25 13:06 . 2009-08-11 16:44 1401856 c:\windows\SysWOW64\msxml6.dll
+ 2012-07-10 23:22 . 2012-06-05 16:47 1401856 c:\windows\SysWOW64\msxml6.dll
+ 2012-07-10 23:22 . 2012-06-05 16:47 1248768 c:\windows\SysWOW64\msxml3.dll
- 2010-08-10 21:18 . 2010-06-11 16:15 1248768 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-11 07:01 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-07-11 07:01 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-11 07:01 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-07-11 07:01 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-07-11 07:01 . 2012-06-13 13:58 2769408 c:\windows\system32\win32k.sys
+ 2012-07-11 07:01 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-07-10 23:22 . 2012-06-05 16:22 1797120 c:\windows\system32\msxml6.dll
- 2009-11-25 13:06 . 2009-08-11 17:06 1797120 c:\windows\system32\msxml6.dll
+ 2012-07-10 23:22 . 2012-06-05 16:22 1869824 c:\windows\system32\msxml3.dll
- 2010-08-10 21:18 . 2010-06-11 16:38 1869824 c:\windows\system32\msxml3.dll
+ 2012-07-11 07:01 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
+ 2012-07-11 07:01 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-06-13 14:11 . 2012-04-23 16:25 1267200 c:\windows\system32\crypt32.dll
+ 2011-07-13 07:19 . 2012-07-28 01:02 1350296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-8192.dat
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
- 2012-05-09 19:32 . 2012-01-03 10:57 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-13 14:11 . 2012-03-22 11:02 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-13 14:11 . 2012-03-22 11:02 5062656 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2009-12-03 15:33 . 2009-03-30 04:39 5062656 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
- 2012-05-09 19:32 . 2012-01-03 10:58 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-13 14:11 . 2012-03-22 11:02 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2009-12-03 15:33 . 2009-03-30 04:42 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-13 14:11 . 2012-03-22 11:02 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-14 07:13 . 2012-06-14 07:13 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-10 07:13 . 2012-05-10 07:13 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-14 07:12 . 2012-06-14 07:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-23 02:46 . 2012-04-23 02:46 1187328 c:\windows\Installer\59e8a04a.msp
+ 2012-03-15 18:26 . 2012-03-15 18:26 4212736 c:\windows\Installer\59e8a043.msp
+ 2012-06-29 06:41 . 2012-06-29 06:41 1955328 c:\windows\Installer\4440d17.msi
+ 2012-06-14 07:19 . 2012-06-14 07:19 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 07:20 . 2012-06-14 07:20 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-14 07:20 . 2012-06-14 07:20 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-14 07:20 . 2012-06-14 07:20 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-14 07:20 . 2012-06-14 07:20 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-14 07:20 . 2012-06-14 07:20 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4435d0313c51c0e2d022384e24f7e280\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\40e4b755f030a61f0b2e729258fc6d2a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e8d16e0da135ebf65b5be7b48556ce2e\System.WorkflowServices.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5ef2b0292d6ef8f7a0b885a593aca44b\System.WorkflowServices.ni.dll
+ 2012-06-14 07:38 . 2012-06-14 07:38 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\4b016f3679666af12f1ce0179765f22e\System.Workflow.Runtime.ni.dll
+ 2012-06-14 07:38 . 2012-06-14 07:38 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\fe1ea6e5fd659ba3677c06282b0d636d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\5d04339e6e9c3509a43400eabac9b1ec\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\b5b17aa58a38b7c4e8b1f6a5d585ff58\System.Workflow.Activities.ni.dll
+ 2012-06-14 07:38 . 2012-06-14 07:38 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\5416c21395744eef4c834dc561775b3c\System.Workflow.Activities.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\19c7bfd896bfd1b6e732d650da6e91b4\System.Web.Services.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\78b713edbe4ea0d93a1894f85a716fdf\System.Web.Mobile.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\3b1523f87594c367b5020cf5913c078d\System.Web.Mobile.ni.dll
+ 2012-06-14 07:44 . 2012-06-14 07:44 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c175d1ec8877250db87759686218afbf\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\902cb1388076b343bf8c9940fbd648c7\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\5409d4a63b335ff02d51d50095e62288\System.Web.Extensions.ni.dll
+ 2012-06-14 07:18 . 2012-06-14 07:18 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\360edfd02353a0df00ace5c12018b3db\System.Web.Extensions.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\6039d7884009694683589bc23a7ee995\System.Printing.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 2319872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\9efc0ccf635c1ce30d2981108e17b00f\System.Drawing.ni.dll
+ 2012-06-14 07:15 . 2012-06-14 07:15 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\f79607fce169ac91cbe1a52e03df9933\System.Deployment.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\4a6752662cb45753081058a4e848dc4b\System.Deployment.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\aedc7938e0a1ef8854e378f1224dfa7d\ReachFramework.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\f6c852c8f7fea1e8df4b33e8d0fcc1ae\PresentationUI.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\50abd377da62b8a687f7b41499a9db75\PresentationUI.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\c2f138d6fe09a7a865698e2070350263\Narrator.ni.exe
+ 2012-06-14 07:18 . 2012-06-14 07:18 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\2717ec9a97cc1f636c01243f8cfd754c\Narrator.ni.exe
+ 2012-06-14 07:17 . 2012-06-14 07:17 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8fe4ad0eb64d45b5d291adf215666e22\MMCEx.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5151cc16597c8f407d97883a8cfa4a50\MMCEx.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\b03b526fba0766ed6ada91d393e7a6fa\MIGUIControls.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\503f4e11fc338b7960d67e82f5371383\MIGUIControls.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\dce1c91304c3c14cb874dbfeb5a41abb\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\96b6285fda67be4d456d2f6a4d75ab52\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdc5230f1a47ff0aa945f267fb2bac71\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\af22d8142f2dad659d4647792f9a5197\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a78ef9e1338af61bd003574bc3ae575f\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\97cd884f6f751cdd2d9e32d5b123744a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 1452032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a06ab5c28297bd6c63651f5924a1638d\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 1452032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\26026c1223afcfcb5bd2de59ef8fdf88\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 7791616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\19b5275ef625ef260b6078f41c4c9859\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\d565b0fb0bb312d5ca28046e25876645\Microsoft.Ink.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\9393721e8605d95f4a4483c80dfd0880\Microsoft.Ink.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\85a4473926ef1f94380ee9be95832772\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\430b0cec2b9bbd9ab4a4a97078319831\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 07:43 . 2012-06-14 07:43 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1b9d195833c5a57fab2ed4060df8e82f\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 07:17 . 2012-06-14 07:17 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0b374589dc0cbfa9ef0f5897e1d9f513\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e7afeccb4dbb0891bbd0cd3c7daeb993\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae82ca44729edb3d3a0eb245d87d22a6\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f4f491c33e6a74e7635043811bb4b68\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c12ebc557c8c1b0eb829893aba08c17\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\10fde5431286edae14daae39f895465a\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0b1737d04496d45a67c79ca7f298d54c\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b0c68df1300f0542e7284d2bbcd63258\System.WorkflowServices.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\5b8cc08ae3924eafbc964490cfa0e2eb\System.WorkflowServices.ni.dll
+ 2012-06-14 07:39 . 2012-06-14 07:39 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\e5b517ac742be27954c3093cfe6d1dd6\System.Workflow.Runtime.ni.dll
+ 2012-06-14 07:10 . 2012-06-14 07:10 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9966409266de9acebb723cea218b1063\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 07:39 . 2012-06-14 07:39 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\865be11ce86f1882176810a3f909511b\System.Workflow.ComponentModel.ni.dll
+ 2012-06-14 07:39 . 2012-06-14 07:39 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\57a2f3b78edc0f5f088b210fabfe3bdc\System.Workflow.Activities.ni.dll
+ 2012-06-14 07:10 . 2012-06-14 07:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\3fe6ba906dc53e723c69c8f956ff9216\System.Workflow.Activities.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\8bc0b9783e75a1e3f2f2c20a81c29e98\System.Web.Mobile.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0b90f82645cbd8de45ef8f5e467af156\System.Web.Mobile.ni.dll
+ 2012-06-14 07:23 . 2012-06-14 07:23 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e835bb4759bc746c5da12d100dbd4d37\System.Web.Extensions.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\89d6ce3139daecdd517135b90e93498b\System.Web.Extensions.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\36fbb8064216ef11bd87afae6ee774dd\System.Printing.ni.dll
+ 2012-06-14 07:10 . 2012-06-14 07:10 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:21 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\1c6c83c0a93426f9dbd51487a4e6cd34\System.Deployment.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3b1507e086784fb78e3d5e671aab1b0d\ReachFramework.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f44ee699d8151d94b6f92a5ebfbb125e\PresentationUI.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f42d14201dfb29938d5c07468ae91df6\PresentationUI.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\c5368a71f78970627b1d48d0df7fcc6a\Narrator.ni.exe
+ 2012-06-14 07:41 . 2012-06-14 07:41 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\ab99814c8ea65f32eb9be47c99323a5e\Narrator.ni.exe
+ 2012-06-14 07:41 . 2012-06-14 07:41 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\cb2db8c862e11358d3bb1b92f85d86bd\MMCEx.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\28fc5d6921a1ddf58964060932110d1a\MMCEx.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\82a54c1a86466437495ab3dd91c58b63\MIGUIControls.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\4233310f8c3f74c580fa4a51d1847f7e\MIGUIControls.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\485b85f35013fa96d9ef25a5596a129c\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cf16c88f8fbb1020031774cf9134c045\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6cd406e769a24da8926874a594d599b2\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\16dc159df194ef2fbb4ae593623dea73\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\09d3142890c6ef56f7c742be21421fc2\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 5532672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\2bcdd1d4eac5c3b1d03985bb4bd1da7b\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\c420edef488501ffe0a8bd56d9756955\Microsoft.Ink.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\502f3920c387050ef7c535280dc3c450\Microsoft.Ink.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\db447c03dfb2f740c7eff1137b76341e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9c9cbb25b52afc8b293fe07eb2da6b27\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 07:22 . 2012-06-14 07:22 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\765364922a0bd3d43434b22a007ecc77\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 07:41 . 2012-06-14 07:41 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\304acbf276a1820a1c11f6f923d52745\Microsoft.Build.Tasks.ni.dll
- 2012-05-09 19:32 . 2012-01-03 10:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-13 14:11 . 2012-03-22 11:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-13 14:11 . 2012-03-22 11:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-03 15:33 . 2009-03-30 04:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-07-10 23:22 . 2012-06-08 17:47 11586048 c:\windows\SysWOW64\shell32.dll
- 2011-02-10 04:24 . 2011-01-21 16:35 11586048 c:\windows\SysWOW64\shell32.dll
+ 2012-07-11 07:01 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2006-11-02 12:33 . 2012-07-11 17:09 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2012-05-10 10:32 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-07-10 23:22 . 2012-06-08 17:59 12899840 c:\windows\system32\shell32.dll
- 2011-02-10 04:24 . 2011-01-21 16:50 12899840 c:\windows\system32\shell32.dll
+ 2012-07-11 07:01 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
+ 2012-07-11 07:01 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
 
+ 2011-07-13 07:19 . 2012-07-28 01:02 58296236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-4096.dat
+ 2012-01-28 03:02 . 2012-08-04 16:09 11976996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-12288.dat
+ 2012-06-14 07:20 . 2012-06-14 07:20 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-14 07:20 . 2012-06-14 07:20 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-14 07:19 . 2012-06-14 07:19 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-06-14 07:14 . 2012-06-14 07:14 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-06-14 07:38 . 2012-06-14 07:38 17380352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\9e0a0b099890de9edadbf6d021aa7576\System.Windows.Forms.ni.dll
+ 2012-06-14 07:09 . 2012-06-14 07:09 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\0b336aa7125c56e4cd21c716e0f9d2f3\System.Windows.Forms.ni.dll
+ 2012-06-14 07:15 . 2012-06-14 07:15 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\e8edde233435289b5e5e6aa7c370904c\System.Web.ni.dll
+ 2012-06-14 07:42 . 2012-06-14 07:42 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\5ded60c9ec9be6b40e91234e7af20647\System.Web.ni.dll
+ 2012-06-14 07:37 . 2012-06-14 07:37 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\efa17c5d88fbdaddabd553ec285cf7d9\System.Design.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 13718016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\54d039c0b426868dfbf516b163453fc8\System.Design.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 19179520 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\55afb0f9be76fd75182e8db465ecfc2b\PresentationFramework.ni.dll
+ 2012-06-14 07:08 . 2012-06-14 07:08 16516608 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\254dd327ade27917470bcdd76d0999d5\PresentationCore.ni.dll
+ 2012-06-14 07:16 . 2012-06-14 07:16 20068864 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\88720765bce9fc9086f1266c3cd78f33\ehshell.ni.dll
+ 2012-06-14 07:39 . 2012-06-14 07:39 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
+ 2012-06-14 07:10 . 2012-06-14 07:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\641881db9b8657a9d498c1bc39143856\System.Windows.Forms.ni.dll
+ 2012-06-14 07:21 . 2012-06-14 07:22 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c6f7cd5fa8b8e908410c7d3bb6967543\System.Web.ni.dll
+ 2012-06-14 07:40 . 2012-06-14 07:40 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
+ 2012-06-14 07:10 . 2012-06-14 07:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\487363503cf774d6e5a82544703115a2\System.Design.ni.dll
+ 2012-06-14 07:38 . 2012-06-14 07:38 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\02ccd8236a942b3f89411fab5d2b594a\System.Design.ni.dll
+ 2012-06-14 07:03 . 2012-06-14 07:03 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
+ 2012-06-14 07:02 . 2012-06-14 07:02 12219392 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 06:07 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-27 928096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
S0 91660647;91660647;c:\windows\system32\DRIVERS\91660647.sys [2012-02-04 460888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ????????;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B666f7fc8-a785-4d1b-9863-eb4fc40822e1%7D&mid=ef9351033a2cf750a079032fbdd642b8-c98eeb274289a88edf12d9eb252238c58951ab67&ds=AVG&v=11.1.0.12&lang=us&pr=pa&d=2012-02-25%2019%3A43%3A16&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG10\avgfws.exe
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
.
**************************************************************************
.
Completion time: 2012-08-04 15:16:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 19:16
ComboFix2.txt 2012-05-27 21:14
ComboFix3.txt 2012-05-25 23:43
ComboFix4.txt 2012-05-13 08:40
.
Pre-Run: 443,361,312,768 bytes free
Post-Run: 444,138,745,856 bytes free
.
- - End Of File - - E045F4A83499A07039B44870845A7195
 
Don't know if it's a big deal or not but thought I'd just let you know that when the computer restarted after the scan an alert poppoed up saying...
"C:\Windows\System32\GfxUI.exe
A device attached to the sytem is not functioning"
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    DDS::
    uInternet Settings,ProxyOverride = ????????;127.0.0.1:9421;<local>
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
ComboFix 12-08-04.02 - Mary 08/05/2012 16:59:49.7.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2477 [GMT -4:00]
Running from: c:\users\Mary\Desktop\ComboFix.exe
Command switches used :: c:\users\Mary\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 21:11 . 2012-08-05 21:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-05 21:11 . 2012-08-05 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 21:11 . 2012-08-05 21:11 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-07-10 23:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-01-26 01:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 16:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:31 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 16:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 16:31 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 16:31 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 16:31 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 16:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 16:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 16:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-21 01:36 . 2012-05-21 01:36 388096 ----a-r- c:\users\Mary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-19 06:23 . 2012-05-19 06:24 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-04_19.13.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-05 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-05 14:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-03 10:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-05 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-08-05 14:48 65210 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-05 14:48 90296 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 15:45 . 2012-08-03 10:41 90296 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-09-05 23:57 . 2012-08-03 10:41 16172 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2407127360-2681154229-4036151088-1000_UserData.bin
+ 2009-09-05 23:57 . 2012-08-05 14:48 16172 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2407127360-2681154229-4036151088-1000_UserData.bin
- 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 23:56 . 2012-08-05 15:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 23:56 . 2012-08-05 15:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 23:56 . 2012-08-02 15:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-05 23:56 . 2012-08-05 15:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-05 21:14 . 2012-08-05 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 21:14 . 2012-08-05 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-06 14:43 . 2012-08-04 19:13 642386 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-09-06 14:43 . 2012-08-05 20:51 642386 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2012-08-04 16:18 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-05 14:50 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-04 16:18 104202 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-08-05 14:50 104202 c:\windows\system32\perfc009.dat
- 2011-02-16 22:00 . 2012-08-04 16:09 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-16 22:00 . 2012-08-05 21:12 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-28 03:02 . 2012-08-05 21:12 14460628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 06:07 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-27 928096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
S0 91660647;91660647;c:\windows\system32\DRIVERS\91660647.sys [2012-02-04 460888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B666f7fc8-a785-4d1b-9863-eb4fc40822e1%7D&mid=ef9351033a2cf750a079032fbdd642b8-c98eeb274289a88edf12d9eb252238c58951ab67&ds=AVG&v=11.1.0.12&lang=us&pr=pa&d=2012-02-25%2019%3A43%3A16&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG10\avgfws.exe
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\windows\MHotKey.exe
c:\windows\CNYHKey.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\ModLedKey.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2012-08-05 17:23:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 21:23
ComboFix2.txt 2012-08-04 19:16
ComboFix3.txt 2012-05-27 21:14
ComboFix4.txt 2012-05-25 23:43
ComboFix5.txt 2012-08-05 20:56
.
Pre-Run: 443,830,824,960 bytes free
Post-Run: 443,888,807,936 bytes free
.
- - End Of File - - 47AF94E5BA97BDF3C530525EB4130679
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c3979b312cf05e478ba9ab559a79ee2b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-24 07:57:23
# local_time=2012-05-24 03:57:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777213 100 91 0 80894989 0 0
# compatibility_mode=5892 16776574 100 56 59099633 174437551 0 0
# compatibility_mode=8192 67108863 100 0 8849869 8849869 0 0
# scanned=344323
# found=1
# cleaned=0
# scan_time=7402
C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\bdtyetklxn@bdtyetklxn.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c3979b312cf05e478ba9ab559a79ee2b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-06 02:23:53
# local_time=2012-08-06 10:23:53 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 5770423 5770423 0 0
# compatibility_mode=1032 16777213 100 91 0 87312384 0 0
# compatibility_mode=5892 16776574 100 56 65517028 180854946 0 0
# compatibility_mode=8192 67108863 100 0 15267264 15267264 0 0
# scanned=346344
# found=1
# cleaned=1
# scan_time=6792
C:\Qoobox\Quarantine\C\Users\Mary\AppData\Local\qyvqou.exe.vir a variant of Win32/Kryptik.AJIL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Immediately after the ESET scan completed Resident Shield found an object "c:\_OTL\MovedFiles\05312012_071557\C_Users\Mary\AppData\Local\MicrosoftHelp\Akamai\btfry.dll" .... can I go ahead and move it to the vault? I just don't want to clean something without letting you know.
 
Yes, move it to the vault. That's okay.

Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Before I go ahead with those last steps, I still have the questionable AVG Identity Protection pop up that I mentioned in the originial post. I haven't click any of the options on the pop up and have just left it alone. I now think it is my AVG due to the fact everytime I temporarily disabled AVG for the scans we just did, an identical alert popped up once AVG was re-enabled. Originally I was worried about it because it remained over all other windows, you can't close it out and when I restart the computer it's still there. I've had a virus do that before but never AVG. Should I just attempt to quaratine it and see what happens or what?.... I'll attach a photo


AVGIDPROsnip.JPG
 
Go for the following scan, then, just in case:

Please run the F-Secure Online Scanner
  • Accept the License Agreement and check the box. Then click on Run Check.
  • fsecurescan.png
  • It will ask you to Run the Java plugin. Please confirm.
  • Once the download completes, the window for the scanner will launch.
  • Please confirm anymore prompts, and then select Full Scan.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • It will run its cleaning.
  • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
 
I'm having trouble running F-Secure scan. After I click "Run Check", the scanner window shows a loading symbol but never completes the download. I've let it sit for a few hours but still loading.
 
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • [*]Hidden Startup Objects [*]System Memory [*]Disk Boot Sectors. [*]My Computer. [*]Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.
 
I downloaded the 2011 Virus Removal Tool, I can't find whatever AVP Tool is. The link takes me to the VRT sign up screen.
 
Sorry for your troubles, here is the new set of instructions, the updated ones for this tool (that is the old version):

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

  • Double-click the Setup file to install it on your computer.
  • Once it has installed, review and accept the agreement and press the Start button.
  • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
    image1nz.png
  • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
    image2pmb.png
  • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
    image3vd.png
  • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
    image5mf.png
  • Then, choose Save. Also, in the Automatic Report tab, select Save:
    image4vy.png
  • Please post the reports in your next reply.
  • Once you exit, the tool should uninstall automatically.
 
Status
Not open for further replies.

Similar threads

A
Google is improving security for Gmail's most "sensitive" settings
Replies
1
Views
353
ZedRM
ZedRM
midian182
Amazon sold a fake RTX 4090 with an RTX 4080 GPU and fried components
Replies
10
Views
333
Mr Majestyk
M
midian182
Security researcher charged with defrauding Apple out of $2.5 million, company thanks...
Replies
5
Views
221
WhoCaresAnymore
WhoCaresAnymore

Latest posts

Back