[Closed] Possible fake AVG and Security Shield virus

By dover1982
Aug 3, 2012
Topic Status:
Not open for further replies.
  1. I've recently had a threat detection claiming to be AVG Identity Protection, which popped up immediately after two threats were caught by AVG's Resident Shield. I was able to close the first two threats caught by Resident Shield but wasn't able to close out the following threat by AVG Identity Protection, the window remains on top of any other windows being used. I restarted the computer but it was still there after start up. A second AVG Identity Protection alert popped up after re-enabling AVG after doing the preliminary scans but is gone after restarting the computer, though the first AVG Identity Protection is still there. I attempted to remove the initial two threats caught by Resident Shield and there is a green checkmark next to both files as though they were successfully removed but one of those files, in the column that identifies what type of infection, reads : "May be infected by unknown virus Win32/DH{LgMPNg}". I'm still nervous though on whether or not those two initial findings were actually neutralized by Resident Shield. Resident Shield has since found four more objects. I have not clicked any of the options on the AVG Identity Protection pop up. The AVG Identity Protection file doesn't show up in the Online Shield findings or the Virus Vault or anything within the AVG interface. I had a fake Windows Security and Security Shield pop ups, these would be pop up, close on their own temporarily and then reappear continually. The Security Shield prevented me from using Internet Explorer for a short time by IE now works. There were a couple of notifications from AVG that certain programs/objects were trying to access the internet, so I blocked one and the next I wondered if it was a fake or not because Securtiy Shield didn't pop up until after I clicked "block" on the initial one.

    I also have a pop up in the lower right hand corner of the screen that reads :
    "Check your User Account Control Settings
    User Account Control is turned off.
    Click this notification to fix the problem"
    (Though this hasn't popped up today for some reason.)
  2. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.02.07
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mary :: MARY-PC [administrator]
    8/2/2012 11:42:28 AM
    mbam-log-2012-08-02 (11-42-28).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204964
    Time elapsed: 2 minute(s), 26 second(s)
    Memory Processes Detected: 1
    C:\Users\Mary\AppData\Local\temp\755D.tmp (RootKit.0Access) -> 3624 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|YahooPartnerToolbar (Trojan.Cridex) -> Data: C:\Users\Mary\AppData\Roaming\2BA334.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Users\Mary\AppData\Local\temp\755D.tmp (RootKit.0Access) -> Delete on reboot.
    C:\Users\Mary\AppData\Roaming\2BA334.exe (Trojan.Cridex) -> Delete on reboot.
    C:\Users\Mary\AppData\Local\temp\4C6EE887B3CF44.exe (Trojan.Agent.BVXGen) -> Quarantined and deleted successfully.
    (end)
  3. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    GMER didn't produce a log and said that it found no system modifications
  4. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
    Run by Mary at 13:07:09 on 2012-08-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2308 [GMT -4:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\MHotKey.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ChiFuncExt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\CNYHKey.exe
    C:\Users\Mary\AppData\Local\qyvqou.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\ModLedKey.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG10\avgam.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
    uInternet Settings,ProxyOverride = ????????;127.0.0.1:9421;<local>
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [LedKey] CNYHKey.exe
    mRun: [LchDrvKey] LchDrvKey.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DhcpNameServer = 192.168.1.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [LedKey] CNYHKey.exe
    mRun-x64: [LchDrvKey] LchDrvKey.exe
    mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B666f7fc8-a785-4d1b-9863-eb4fc40822e1%7D&mid=ef9351033a2cf750a079032fbdd642b8-c98eeb274289a88edf12d9eb252238c58951ab67&ds=AVG&v=11.1.0.12&lang=us&pr=pa&d=2012-02-25%2019%3A43%3A16&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 91660647;91660647;C:\Windows\system32\DRIVERS\91660647.sys --> C:\Windows\system32\DRIVERS\91660647.sys [?]
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
    S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2012-2-25 167264]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
    S3 PCTSFileEnum;PCTSFileEnum;C:\Program Files (x86)\PC Tools\DMScanning\PCTSFiles.exe [2012-5-9 89016]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-08-02 15:31:37 454656 ----a-w- C:\Users\Mary\AppData\Local\qyvqou.exe
    2012-07-10 23:22:11 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    .
    ==================== Find3M ====================
    .
    2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-05-19 06:23:24 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    .
    ============= FINISH: 13:07:34.78 ===============
  5. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2006 9:39:32 PM
    System Uptime: 8/2/2012 11:52:19 AM (2 hours ago)
    .
    Motherboard: Gateway | | WG43M
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 412.126 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0141
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0141
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0244
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #2
    PNP Device ID: ROOT\*6TO4MP\0244
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0293
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #5
    PNP Device ID: ROOT\*6TO4MP\0293
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0409
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #7
    PNP Device ID: ROOT\*6TO4MP\0409
    Service: tunnel
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&1D01FCF&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.3)
    Akamai NetSession Interface
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Software Update
    AVG PC Tuneup 2011
    Canon MP Navigator EX 2.0
    Canon MP240 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Choice Guard
    Compatibility Pack for the 2007 Office system
    CyberLink Power2Go
    ESET Online Scanner v3
    FlipShare
    Gateway Games
    Gateway Photo Frame 4.2.3.6
    Gateway Recovery Management
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Junk Mail filter update
    KB0817 Keyboard Driver
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Office XP Professional
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    PC Tools on-the-fly Scanner 9.0
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    Xvid 1.2.2 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/2/2012 4:23:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.153 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/2/2012 2:02:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.152 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/2/2012 12:38:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.151 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/2/2012 11:53:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SRTSP SRTSPX
    8/2/2012 11:53:36 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/2/2012 11:53:36 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/2/2012 11:53:36 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/2/2012 11:53:36 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    8/2/2012 11:53:13 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MP240 series Printer with shared resource name Canon MP240 series Printer. Error 1753. The printer cannot be used by others on the network.
    8/2/2012 11:30:56 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5).
    8/1/2012 8:04:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.148 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 7:43:40 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 7:34:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.146 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 7:05:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.145 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 3:47:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.144 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 3:32:33 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.143 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 12:55:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.142 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 12:26:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.150 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 12:25:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/1/2012 12:11:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.149 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/31/2012 12:10:56 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.139 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/31/2012 12:01:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/31/2012 1:29:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.140 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 7:27:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.129 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 6:09:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 4:53:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.136 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 4:13:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 3:29:30 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.134 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 3:07:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 3:04:46 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.128 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 12:01:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.127 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 1:34:54 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 1:13:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.131 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/30/2012 1:00:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.130 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/29/2012 7:51:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.125 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/29/2012 6:37:20 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.122 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/29/2012 6:19:54 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
    7/29/2012 6:19:54 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.
    7/29/2012 6:19:14 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MP240 series Printer with shared resource name Canon MP240 series Printer. Error 2114. The printer cannot be used by others on the network.
    7/29/2012 6:18:59 AM, Error: EventLog [6008] - The previous system shutdown at 8:31:16 AM on 7/28/2012 was unexpected.
    7/29/2012 12:24:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/29/2012 12:11:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.123 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/29/2012 11:06:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.126 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 8:17:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.121 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 7:15:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 7:04:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.119 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 6:25:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 6:12:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.117 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 5:34:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/28/2012 5:22:02 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 8:32:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 7:50:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 7:04:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 3:41:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 3:10:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 2:20:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 12:54:15 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 12:16:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/27/2012 12:01:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.112 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/26/2012 7:34:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/26/2012 7:01:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/26/2012 12:36:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/26/2012 1:46:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001F16F3C1DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  7. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    ComboFix keeps saying that my AVG's Anti-Virus and Anti-Spyware protections are running but they're not. I opened the AVG interface and everything was disabled, as I used the instructions you provided. What do you want me to do? Should I run the scan anyways?
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go ahead with scan anyway, please...
  9. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    ComboFix 12-08-04.02 - Mary 08/04/2012 11:57:35.6.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2179 [GMT -4:00]
    Running from: c:\users\Mary\Desktop\ComboFix.exe
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Mary\AppData\Local\qyvqou.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-04 16:08 . 2012-08-04 16:08 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-07-10 23:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 17:46 . 2012-01-26 01:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-21 16:31 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 16:32 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 16:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 16:31 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:31 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 16:31 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 16:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 16:31 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-21 16:31 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 16:31 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-02 19:19 . 2012-06-21 16:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 16:31 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 19:12 . 2012-06-21 16:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-05-21 01:36 . 2012-05-21 01:36 388096 ----a-r- c:\users\Mary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-19 06:23 . 2012-05-19 06:24 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-05-25_23.38.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-07-10 23:22 . 2012-06-02 00:05 77312 c:\windows\SysWOW64\secur32.dll
    - 2012-01-28 00:01 . 2011-11-16 16:24 77312 c:\windows\SysWOW64\secur32.dll
    + 2012-07-11 07:01 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
    + 2012-07-11 07:01 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    - 2012-04-12 07:01 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    - 2012-04-12 07:01 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-07-11 07:01 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-06-13 14:11 . 2012-04-23 16:00 98304 c:\windows\SysWOW64\cryptnet.dll
    + 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2012-05-19 02:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2012-05-19 02:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2012-08-03 10:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-01-21 03:20 . 2012-05-19 02:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2012-08-03 10:41 65178 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2012-08-03 10:41 90296 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-09-05 23:57 . 2012-08-03 10:41 16172 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2407127360-2681154229-4036151088-1000_UserData.bin
    + 2012-07-11 07:01 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
    + 2012-07-11 07:01 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
    - 2012-04-12 07:01 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-07-11 07:01 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
    - 2012-04-12 07:01 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
    + 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-09-05 23:56 . 2012-05-25 22:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-09-05 23:56 . 2012-08-02 15:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-09-05 23:56 . 2012-05-25 22:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-09-05 23:56 . 2012-05-25 22:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-05-10 07:13 . 2012-05-10 07:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-07-14 09:44 . 2012-07-14 09:44 22016 c:\windows\Installer\dda3b69.msi
    + 2012-06-14 07:18 . 2012-06-14 07:18 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\51b404ef8e47dfb0f4b2511f95c0a00b\System.Web.DynamicData.Design.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\45cea41d795fbfd7e085a8ad6671b7c8\System.Web.DynamicData.Design.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\bfa0565b9adfa8bfd87f92c9f87c1f4e\WindowsLiveWriter.ni.exe
    + 2012-06-14 07:40 . 2012-06-14 07:40 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\37d69d473475cbc291fd0debaa2630c2\WindowsLiveWriter.ni.exe
    + 2012-06-14 07:22 . 2012-06-14 07:22 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\654fd72fef1789e6fd9af7344e21caa4\WindowsLive.Writer.Api.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4ec0f82171557bfbb2804268b603ec1f\WindowsLive.Writer.Api.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d3f6ff3e9626fdcccb4b7e9f681ebf2f\System.Web.DynamicData.Design.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3e2877309499e4ab661dc95252da9e39\System.Web.DynamicData.Design.ni.dll
    + 2009-09-10 08:50 . 2012-08-02 17:30 6914 c:\windows\system32\WDI\ERCQueuedResolutions.dat
    + 2010-05-17 00:43 . 2012-08-01 11:05 2906 c:\windows\system32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
    + 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-05-25 23:37 . 2012-05-25 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-05-25 23:37 . 2012-05-25 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-12 07:01 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
    + 2012-07-11 07:01 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
    + 2012-07-10 23:22 . 2012-06-02 00:04 278528 c:\windows\SysWOW64\schannel.dll
    - 2012-01-28 00:01 . 2011-11-16 16:23 278528 c:\windows\SysWOW64\schannel.dll
    + 2012-07-10 23:22 . 2012-06-02 00:03 204288 c:\windows\SysWOW64\ncrypt.dll
    - 2009-12-03 15:32 . 2009-04-11 06:28 204288 c:\windows\SysWOW64\ncrypt.dll
    + 2012-07-11 07:01 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
    - 2012-04-12 07:01 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
    - 2011-07-03 23:32 . 2011-07-03 23:32 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-07-11 07:01 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-07-11 07:01 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
    - 2012-04-12 07:01 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-06-13 14:11 . 2012-04-23 16:00 133120 c:\windows\SysWOW64\cryptsvc.dll
    + 2012-06-13 14:11 . 2012-04-23 16:00 984064 c:\windows\SysWOW64\crypt32.dll
    + 2009-09-06 14:43 . 2012-08-04 19:13 642386 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2012-04-12 07:01 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
    + 2012-07-11 07:01 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
    + 2012-07-10 23:22 . 2012-06-02 00:22 347136 c:\windows\system32\schannel.dll
    - 2012-01-28 00:01 . 2011-11-16 16:42 347136 c:\windows\system32\schannel.dll
    + 2006-11-02 12:46 . 2012-08-04 16:18 604502 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2012-05-19 02:52 604502 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2012-05-19 02:52 104202 c:\windows\system32\perfc009.dat
    + 2006-11-02 12:46 . 2012-08-04 16:18 104202 c:\windows\system32\perfc009.dat
    + 2012-07-10 23:22 . 2012-06-02 00:22 254464 c:\windows\system32\ncrypt.dll
    - 2012-04-12 07:01 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
    + 2012-07-11 07:01 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
    - 2011-07-03 23:32 . 2011-07-03 23:32 173056 c:\windows\system32\ieUnatt.exe
    + 2012-07-11 07:01 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
    + 2012-07-11 07:01 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
    - 2012-04-12 07:01 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
    - 2006-11-02 15:21 . 2012-05-10 10:35 303936 c:\windows\system32\FNTCACHE.DAT
    + 2006-11-02 15:21 . 2012-07-11 17:11 303936 c:\windows\system32\FNTCACHE.DAT
    + 2012-06-13 14:11 . 2012-05-01 14:29 209920 c:\windows\system32\drivers\rdpwd.sys
    - 2012-03-14 16:37 . 2012-01-09 14:27 209920 c:\windows\system32\drivers\rdpwd.sys
    + 2012-07-10 23:22 . 2012-06-04 15:29 516480 c:\windows\system32\drivers\ksecdd.sys
    + 2012-06-13 14:11 . 2012-04-23 16:25 174592 c:\windows\system32\cryptsvc.dll
    + 2012-06-13 14:11 . 2012-04-23 16:25 132096 c:\windows\system32\cryptnet.dll
    - 2011-02-16 22:00 . 2012-05-25 23:35 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-16 22:00 . 2012-08-04 16:09 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
    - 2012-04-12 01:57 . 2012-01-26 11:00 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
    + 2012-06-13 14:11 . 2012-04-23 11:01 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
    + 2012-04-21 15:03 . 2012-04-21 15:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
    - 2012-04-12 01:57 . 2012-01-26 11:00 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2012-06-13 14:11 . 2012-04-23 11:01 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\88618d3ecf29f3fdeb504a7e8128d109\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
  10. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cb90e8f4f8a6b23eb9f56c7e2e866bcf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\80961515d3044ea901548167c32a5098\WindowsFormsIntegration.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\7abedc6a15e80e3c212baa95941bf58f\WindowsFormsIntegration.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\d3d3488e1e7b49196219986409296048\TaskScheduler.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\3b418c7263e7bee8431e453c3d656213\TaskScheduler.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\d317134f146313d51b3b5ee7a1695884\System.Web.Routing.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\7ed738c9e6e9fd019aefaac8f56c8369\System.Web.Routing.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\00a0903af7c1c11be3cca7a98cb6ce18\System.Web.Entity.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d21212991ecf3309c0ca510c61a237f1\System.Web.Entity.Design.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\51ee514bc742cadcb78b85f0380db9df\System.Web.Entity.Design.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c2380ec5280efd702bfe2e25715d3c11\System.Web.DynamicData.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\765b0ef0320723cd625712734e362ade\System.Web.DynamicData.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\2ed431cbe077cfcd288ecda76d4b96a0\System.Web.Abstractions.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\07eaba9f6f7f91bf97c28254b591d8b7\System.Web.Abstractions.ni.dll
    + 2012-06-14 07:15 . 2012-06-14 07:15 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\8363064608e30064d2740d8d84c0117a\System.ServiceProcess.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\3684a5e85850ee745803ade3c6280f2d\System.ServiceProcess.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\f16066c5217b2bae461d1c3a36b6675a\System.Messaging.ni.dll
    + 2012-06-14 07:15 . 2012-06-14 07:15 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\4432d66cfd92f7294b99e7c0b8d5d4e2\System.Messaging.ni.dll
    + 2012-06-14 07:37 . 2012-06-14 07:37 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\bf139e01549b7cab9fab5bf9da914194\System.Drawing.Design.ni.dll
    + 2012-06-14 07:08 . 2012-06-14 07:08 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\4fe5c7e6ca867dc10be89bb2057d13a7\System.Drawing.Design.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\576f9dcaf73e3e48cb4bd57f88e44c33\System.Configuration.Install.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\e9bd06b6e8d13de7688a7b8d9caae4be\napsnap.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\3c2d0e2498e965850c59c3fa49d805db\napsnap.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d18aaabc1ed8e516fd6e15673ced499f\napinit.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\ae67752c0a44317b61c0070bf9469be5\napinit.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\d5f4f13114a618bff85ea70be9060c28\MMCFxCommon.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\a89f24a37e86820513a964c8c35b933b\MMCFxCommon.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 271872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\89080097376486d7994dbe7015c05e35\Microsoft.MediaCenter.iTv.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55a4501a238179a84214f31ec3621bd2\Microsoft.MediaCenter.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e37340446b8b435f5facfbbd67d7226c\Microsoft.ManagementConsole.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\a4de1bbf800bcc9e700b80d51f26f91e\Microsoft.ManagementConsole.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 535552 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\b75a18b30340ebf652e07e7986a444af\mcplayerinterop.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 584704 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\34fb6153dff5681bd9d771dea72db7ff\mcGlidHostObj.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\cbaec0147fffacc1c80d7b03a74a7f9f\EventViewer.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\4d0dfe6d2f6f1d7aaf9e2ed09ba62831\EventViewer.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\d954adca1b18f21f6cd542f0bcd2c1ce\ehExtHost.ni.exe
    + 2012-06-14 07:22 . 2012-06-14 07:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\fbd6d9596ad8384c13c254cec0cb59ea\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\2e31d2221c3f91d293ded861dd11573a\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fdf376885e140a52c5ad893d437c29a2\WindowsLive.Writer.Extensibility.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0dca4168d4110e7b61b09a8c2766d1f\WindowsLive.Writer.BrowserControl.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d9467df89820fec8df390399f33fc76b\WindowsLive.Writer.Passport.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c4b4ae870f0ebb424bd87715f4fa6b4b\WindowsLive.Writer.Controls.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a63c496369b82ea2ccb6bf0be975dee1\WindowsLive.Writer.FileDestinations.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a4f86241eeac9a0f61e6fd30c88b58dc\WindowsLive.Writer.FileDestinations.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fe622c01025b52a996d87ad67602514\WindowsLive.Writer.Localization.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d6352ec5cfd1934a4f00a1f56563c25\WindowsLive.Writer.Mshtml.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\990777e97d5a655046d9b326f427ebd2\WindowsLive.Writer.SpellChecker.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\586ca68bd0a17caffb782c8f7873b35e\WindowsLive.Writer.Localization.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4924638f7bd688f70dac589fac581dbd\WindowsLive.Writer.Extensibility.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3a2b9270a2589f82384dde1cb33377bf\WindowsLive.Writer.Interop.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3448528cc8d5d1c4e81b3c43e3a7e7c7\WindowsLive.Writer.Mshtml.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\295de356b799bfba94048ec398a95ef0\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\206c3a19cd311372fe92bf2fe56c5d36\WindowsLive.Writer.SpellChecker.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1d9bc3a333b38df7418c6b2335dec5a5\WindowsLive.Writer.Controls.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\15c364f520a52d0767b4f64723021409\WindowsLive.Writer.BrowserControl.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0fdf8bf7c4ba9914027039a4241f4bbb\WindowsLive.Writer.BlogClient.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f5e66985f62f0d343b7877a89cb00c5\WindowsLive.Writer.BlogClient.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\03ee165b4294fbb878b5c928bc3a217b\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\9b08f0df3fb78059de966f8573b09e9d\WindowsLive.Client.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0d1cb6ae9e431b1a85d353711e3dd654\WindowsLive.Client.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\38785077f9a360a95eb1fa07feed55bf\WindowsFormsIntegration.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\dff98b9115ba5b0f796550c3604f3ac2\TaskScheduler.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\c52d4da15cc5d404f4d24e9376cc1a35\TaskScheduler.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\aa796aeab295b29e0b377e2230ac3c90\System.Web.Routing.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4d73bbe950309d7589e392c07e767981\System.Web.Routing.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c73a1e201cf0c7eb72f31ce9a65e7950\System.Web.Extensions.Design.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c1a4d33fc32145339a8d6ecce8814a82\System.Web.Extensions.Design.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\f8313d1191728d85c9a2c28995421886\System.Web.Entity.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\c332e16f64df41792d0cc94eff9a40cc\System.Web.Entity.Design.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\12516f41aa04efa76ca8462e648af096\System.Web.Entity.Design.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\62424ca77c07b7f69fca203232a95e36\System.Web.DynamicData.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3acd7d1f09834f8ad2b6f7c97f12d275\System.Web.DynamicData.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6308ea7dcc6abd9aea29b448a03f0af3\System.Web.Abstractions.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2b7f728157a94c56aaeb7f5a5412366c\System.Web.Abstractions.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70e0ec15e6548c58e84b9a5e37988adf\System.ServiceProcess.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad39a1c48ba36b5210abe02ef03bc2a\System.Messaging.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\15a9539184cc7e075473ae41871e692f\System.Messaging.ni.dll
    + 2012-06-14 07:38 . 2012-06-14 07:38 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\86d95330e670761c503f6f2e8cbe66b9\System.Drawing.Design.ni.dll
    + 2012-06-14 07:10 . 2012-06-14 07:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\231109965e6e50dca439e7c9199ecb66\System.Drawing.Design.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\559eb472944e19bca4d034eda4bdfcb7\System.Configuration.Install.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\983237d573ce7f6e3cde5e787fb27d18\napsnap.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2840f96c0590375ed722b20354bcd554\napsnap.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\e1de44dda528f5126f251f146f30487a\napinit.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\8b8104fa355233a2da02d6b76eebe92e\napinit.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\abad73384220ae89181e96ac43642187\MMCFxCommon.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\9621076f8f44240e769dd03177d0c47f\MMCFxCommon.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 613888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\325ac1ac15a300e798f799f6e175f930\Microsoft.MediaCenter.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ef6a66d52d531be206ac416483aed2b8\Microsoft.ManagementConsole.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6afc6c8789571a4cb0a464811f84540f\Microsoft.ManagementConsole.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\388c7bf64c93109096741a046659c5e3\EventViewer.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\11804905535690869865532b52f0454a\EventViewer.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\9dd8a505c3c908c297f22443bd5c28c8\ehExtHost32.ni.exe
    + 2012-06-13 14:11 . 2012-04-23 11:01 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2012-04-12 01:57 . 2012-01-26 11:00 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-07-11 07:01 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
    + 2012-07-11 07:01 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
    - 2009-11-25 13:06 . 2009-08-11 16:44 1401856 c:\windows\SysWOW64\msxml6.dll
    + 2012-07-10 23:22 . 2012-06-05 16:47 1401856 c:\windows\SysWOW64\msxml6.dll
    + 2012-07-10 23:22 . 2012-06-05 16:47 1248768 c:\windows\SysWOW64\msxml3.dll
    - 2010-08-10 21:18 . 2010-06-11 16:15 1248768 c:\windows\SysWOW64\msxml3.dll
    + 2012-07-11 07:01 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
    + 2012-07-11 07:01 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
    + 2012-07-11 07:01 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
    + 2012-07-11 07:01 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
    + 2012-07-11 07:01 . 2012-06-13 13:58 2769408 c:\windows\system32\win32k.sys
    + 2012-07-11 07:01 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
    + 2012-07-10 23:22 . 2012-06-05 16:22 1797120 c:\windows\system32\msxml6.dll
    - 2009-11-25 13:06 . 2009-08-11 17:06 1797120 c:\windows\system32\msxml6.dll
    + 2012-07-10 23:22 . 2012-06-05 16:22 1869824 c:\windows\system32\msxml3.dll
    - 2010-08-10 21:18 . 2010-06-11 16:38 1869824 c:\windows\system32\msxml3.dll
    + 2012-07-11 07:01 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
    + 2012-07-11 07:01 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
    + 2012-06-13 14:11 . 2012-04-23 16:25 1267200 c:\windows\system32\crypt32.dll
    + 2011-07-13 07:19 . 2012-07-28 01:02 1350296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-8192.dat
    + 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
    - 2012-05-09 19:32 . 2012-01-03 10:57 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
    + 2012-06-13 14:11 . 2012-03-22 11:02 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
    + 2012-06-13 14:11 . 2012-03-22 11:02 5062656 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
    - 2009-12-03 15:33 . 2009-03-30 04:39 5062656 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
    + 2012-03-15 17:17 . 2012-03-15 17:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
    - 2012-05-09 19:32 . 2012-01-03 10:58 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2012-06-13 14:11 . 2012-03-22 11:02 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2009-12-03 15:33 . 2009-03-30 04:42 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2012-06-13 14:11 . 2012-03-22 11:02 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-06-14 07:13 . 2012-06-14 07:13 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-05-10 07:13 . 2012-05-10 07:13 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-06-14 07:12 . 2012-06-14 07:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-04-23 02:46 . 2012-04-23 02:46 1187328 c:\windows\Installer\59e8a04a.msp
    + 2012-03-15 18:26 . 2012-03-15 18:26 4212736 c:\windows\Installer\59e8a043.msp
    + 2012-06-29 06:41 . 2012-06-29 06:41 1955328 c:\windows\Installer\4440d17.msi
    + 2012-06-14 07:19 . 2012-06-14 07:19 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-06-14 07:20 . 2012-06-14 07:20 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
    + 2012-06-14 07:20 . 2012-06-14 07:20 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
    + 2012-06-14 07:20 . 2012-06-14 07:20 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
    + 2012-06-14 07:20 . 2012-06-14 07:20 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
    + 2012-06-14 07:20 . 2012-06-14 07:20 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4435d0313c51c0e2d022384e24f7e280\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-06-14 07:14 . 2012-06-14 07:14 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
    + 2012-06-14 07:14 . 2012-06-14 07:14 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\40e4b755f030a61f0b2e729258fc6d2a\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e8d16e0da135ebf65b5be7b48556ce2e\System.WorkflowServices.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5ef2b0292d6ef8f7a0b885a593aca44b\System.WorkflowServices.ni.dll
    + 2012-06-14 07:38 . 2012-06-14 07:38 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\4b016f3679666af12f1ce0179765f22e\System.Workflow.Runtime.ni.dll
    + 2012-06-14 07:38 . 2012-06-14 07:38 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\fe1ea6e5fd659ba3677c06282b0d636d\System.Workflow.ComponentModel.ni.dll
    + 2012-06-14 07:09 . 2012-06-14 07:09 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\5d04339e6e9c3509a43400eabac9b1ec\System.Workflow.ComponentModel.ni.dll
    + 2012-06-14 07:09 . 2012-06-14 07:09 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\b5b17aa58a38b7c4e8b1f6a5d585ff58\System.Workflow.Activities.ni.dll
    + 2012-06-14 07:38 . 2012-06-14 07:38 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\5416c21395744eef4c834dc561775b3c\System.Workflow.Activities.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\19c7bfd896bfd1b6e732d650da6e91b4\System.Web.Services.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\78b713edbe4ea0d93a1894f85a716fdf\System.Web.Mobile.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\3b1523f87594c367b5020cf5913c078d\System.Web.Mobile.ni.dll
    + 2012-06-14 07:44 . 2012-06-14 07:44 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c175d1ec8877250db87759686218afbf\System.Web.Extensions.Design.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\902cb1388076b343bf8c9940fbd648c7\System.Web.Extensions.Design.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\5409d4a63b335ff02d51d50095e62288\System.Web.Extensions.ni.dll
    + 2012-06-14 07:18 . 2012-06-14 07:18 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\360edfd02353a0df00ace5c12018b3db\System.Web.Extensions.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\6039d7884009694683589bc23a7ee995\System.Printing.ni.dll
    + 2012-06-14 07:08 . 2012-06-14 07:08 2319872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\9efc0ccf635c1ce30d2981108e17b00f\System.Drawing.ni.dll
    + 2012-06-14 07:15 . 2012-06-14 07:15 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\f79607fce169ac91cbe1a52e03df9933\System.Deployment.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\4a6752662cb45753081058a4e848dc4b\System.Deployment.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\aedc7938e0a1ef8854e378f1224dfa7d\ReachFramework.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\f6c852c8f7fea1e8df4b33e8d0fcc1ae\PresentationUI.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\50abd377da62b8a687f7b41499a9db75\PresentationUI.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\c2f138d6fe09a7a865698e2070350263\Narrator.ni.exe
    + 2012-06-14 07:18 . 2012-06-14 07:18 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\2717ec9a97cc1f636c01243f8cfd754c\Narrator.ni.exe
    + 2012-06-14 07:17 . 2012-06-14 07:17 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8fe4ad0eb64d45b5d291adf215666e22\MMCEx.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5151cc16597c8f407d97883a8cfa4a50\MMCEx.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\b03b526fba0766ed6ada91d393e7a6fa\MIGUIControls.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\503f4e11fc338b7960d67e82f5371383\MIGUIControls.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\dce1c91304c3c14cb874dbfeb5a41abb\Microsoft.VisualBasic.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\96b6285fda67be4d456d2f6a4d75ab52\Microsoft.VisualBasic.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdc5230f1a47ff0aa945f267fb2bac71\Microsoft.PowerShell.Editor.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\af22d8142f2dad659d4647792f9a5197\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a78ef9e1338af61bd003574bc3ae575f\Microsoft.PowerShell.Editor.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\97cd884f6f751cdd2d9e32d5b123744a\Microsoft.PowerShell.GPowerShell.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 1452032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a06ab5c28297bd6c63651f5924a1638d\Microsoft.MediaCenter.Bml.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 1452032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\26026c1223afcfcb5bd2de59ef8fdf88\Microsoft.MediaCenter.Bml.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 7791616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\19b5275ef625ef260b6078f41c4c9859\Microsoft.MediaCenter.UI.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\d565b0fb0bb312d5ca28046e25876645\Microsoft.Ink.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\9393721e8605d95f4a4483c80dfd0880\Microsoft.Ink.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\85a4473926ef1f94380ee9be95832772\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\430b0cec2b9bbd9ab4a4a97078319831\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-06-14 07:43 . 2012-06-14 07:43 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1b9d195833c5a57fab2ed4060df8e82f\Microsoft.Build.Tasks.ni.dll
    + 2012-06-14 07:17 . 2012-06-14 07:17 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0b374589dc0cbfa9ef0f5897e1d9f513\Microsoft.Build.Tasks.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e7afeccb4dbb0891bbd0cd3c7daeb993\WindowsLive.Writer.CoreServices.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae82ca44729edb3d3a0eb245d87d22a6\WindowsLive.Writer.CoreServices.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f4f491c33e6a74e7635043811bb4b68\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c12ebc557c8c1b0eb829893aba08c17\WindowsLive.Writer.PostEditor.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\10fde5431286edae14daae39f895465a\WindowsLive.Writer.PostEditor.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0b1737d04496d45a67c79ca7f298d54c\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b0c68df1300f0542e7284d2bbcd63258\System.WorkflowServices.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\5b8cc08ae3924eafbc964490cfa0e2eb\System.WorkflowServices.ni.dll
    + 2012-06-14 07:39 . 2012-06-14 07:39 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\e5b517ac742be27954c3093cfe6d1dd6\System.Workflow.Runtime.ni.dll
    + 2012-06-14 07:10 . 2012-06-14 07:10 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9966409266de9acebb723cea218b1063\System.Workflow.ComponentModel.ni.dll
    + 2012-06-14 07:39 . 2012-06-14 07:39 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\865be11ce86f1882176810a3f909511b\System.Workflow.ComponentModel.ni.dll
    + 2012-06-14 07:39 . 2012-06-14 07:39 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\57a2f3b78edc0f5f088b210fabfe3bdc\System.Workflow.Activities.ni.dll
    + 2012-06-14 07:10 . 2012-06-14 07:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\3fe6ba906dc53e723c69c8f956ff9216\System.Workflow.Activities.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\8bc0b9783e75a1e3f2f2c20a81c29e98\System.Web.Mobile.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0b90f82645cbd8de45ef8f5e467af156\System.Web.Mobile.ni.dll
    + 2012-06-14 07:23 . 2012-06-14 07:23 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e835bb4759bc746c5da12d100dbd4d37\System.Web.Extensions.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\89d6ce3139daecdd517135b90e93498b\System.Web.Extensions.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\36fbb8064216ef11bd87afae6ee774dd\System.Printing.ni.dll
    + 2012-06-14 07:10 . 2012-06-14 07:10 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:21 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\1c6c83c0a93426f9dbd51487a4e6cd34\System.Deployment.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3b1507e086784fb78e3d5e671aab1b0d\ReachFramework.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f44ee699d8151d94b6f92a5ebfbb125e\PresentationUI.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f42d14201dfb29938d5c07468ae91df6\PresentationUI.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\c5368a71f78970627b1d48d0df7fcc6a\Narrator.ni.exe
    + 2012-06-14 07:41 . 2012-06-14 07:41 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\ab99814c8ea65f32eb9be47c99323a5e\Narrator.ni.exe
    + 2012-06-14 07:41 . 2012-06-14 07:41 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\cb2db8c862e11358d3bb1b92f85d86bd\MMCEx.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\28fc5d6921a1ddf58964060932110d1a\MMCEx.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\82a54c1a86466437495ab3dd91c58b63\MIGUIControls.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\4233310f8c3f74c580fa4a51d1847f7e\MIGUIControls.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\485b85f35013fa96d9ef25a5596a129c\Microsoft.VisualBasic.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cf16c88f8fbb1020031774cf9134c045\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6cd406e769a24da8926874a594d599b2\Microsoft.PowerShell.Editor.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\16dc159df194ef2fbb4ae593623dea73\Microsoft.PowerShell.GPowerShell.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\09d3142890c6ef56f7c742be21421fc2\Microsoft.PowerShell.Editor.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 5532672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\2bcdd1d4eac5c3b1d03985bb4bd1da7b\Microsoft.MediaCenter.UI.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\c420edef488501ffe0a8bd56d9756955\Microsoft.Ink.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\502f3920c387050ef7c535280dc3c450\Microsoft.Ink.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\db447c03dfb2f740c7eff1137b76341e\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9c9cbb25b52afc8b293fe07eb2da6b27\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-06-14 07:22 . 2012-06-14 07:22 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\765364922a0bd3d43434b22a007ecc77\Microsoft.Build.Tasks.ni.dll
    + 2012-06-14 07:41 . 2012-06-14 07:41 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\304acbf276a1820a1c11f6f923d52745\Microsoft.Build.Tasks.ni.dll
    - 2012-05-09 19:32 . 2012-01-03 10:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-06-13 14:11 . 2012-03-22 11:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-06-13 14:11 . 2012-03-22 11:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2009-12-03 15:33 . 2009-03-30 04:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-07-10 23:22 . 2012-06-08 17:47 11586048 c:\windows\SysWOW64\shell32.dll
    - 2011-02-10 04:24 . 2011-01-21 16:35 11586048 c:\windows\SysWOW64\shell32.dll
    + 2012-07-11 07:01 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
    + 2006-11-02 12:33 . 2012-07-11 17:09 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2006-11-02 12:33 . 2012-05-10 10:32 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-07-10 23:22 . 2012-06-08 17:59 12899840 c:\windows\system32\shell32.dll
    - 2011-02-10 04:24 . 2011-01-21 16:50 12899840 c:\windows\system32\shell32.dll
    + 2012-07-11 07:01 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
    + 2012-07-11 07:01 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
  11. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    + 2011-07-13 07:19 . 2012-07-28 01:02 58296236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-4096.dat
    + 2012-01-28 03:02 . 2012-08-04 16:09 11976996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-12288.dat
    + 2012-06-14 07:20 . 2012-06-14 07:20 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
    + 2012-06-14 07:20 . 2012-06-14 07:20 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
    + 2012-06-14 07:19 . 2012-06-14 07:19 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
    + 2012-06-14 07:14 . 2012-06-14 07:14 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    + 2012-06-14 07:14 . 2012-06-14 07:14 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    + 2012-06-14 07:14 . 2012-06-14 07:14 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    + 2012-06-14 07:38 . 2012-06-14 07:38 17380352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\9e0a0b099890de9edadbf6d021aa7576\System.Windows.Forms.ni.dll
    + 2012-06-14 07:09 . 2012-06-14 07:09 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\0b336aa7125c56e4cd21c716e0f9d2f3\System.Windows.Forms.ni.dll
    + 2012-06-14 07:15 . 2012-06-14 07:15 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\e8edde233435289b5e5e6aa7c370904c\System.Web.ni.dll
    + 2012-06-14 07:42 . 2012-06-14 07:42 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\5ded60c9ec9be6b40e91234e7af20647\System.Web.ni.dll
    + 2012-06-14 07:37 . 2012-06-14 07:37 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\efa17c5d88fbdaddabd553ec285cf7d9\System.Design.ni.dll
    + 2012-06-14 07:08 . 2012-06-14 07:08 13718016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\54d039c0b426868dfbf516b163453fc8\System.Design.ni.dll
    + 2012-06-14 07:08 . 2012-06-14 07:08 19179520 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\55afb0f9be76fd75182e8db465ecfc2b\PresentationFramework.ni.dll
    + 2012-06-14 07:08 . 2012-06-14 07:08 16516608 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\254dd327ade27917470bcdd76d0999d5\PresentationCore.ni.dll
    + 2012-06-14 07:16 . 2012-06-14 07:16 20068864 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\88720765bce9fc9086f1266c3cd78f33\ehshell.ni.dll
    + 2012-06-14 07:39 . 2012-06-14 07:39 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    + 2012-06-14 07:10 . 2012-06-14 07:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\641881db9b8657a9d498c1bc39143856\System.Windows.Forms.ni.dll
    + 2012-06-14 07:21 . 2012-06-14 07:22 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c6f7cd5fa8b8e908410c7d3bb6967543\System.Web.ni.dll
    + 2012-06-14 07:40 . 2012-06-14 07:40 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    + 2012-06-14 07:10 . 2012-06-14 07:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\487363503cf774d6e5a82544703115a2\System.Design.ni.dll
    + 2012-06-14 07:38 . 2012-06-14 07:38 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\02ccd8236a942b3f89411fab5d2b594a\System.Design.ni.dll
    + 2012-06-14 07:03 . 2012-06-14 07:03 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
    + 2012-06-14 07:02 . 2012-06-14 07:02 12219392 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-11 06:07 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LedKey"="CNYHKey.exe" [2008-04-24 339968]
    "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-27 928096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    S0 91660647;91660647;c:\windows\system32\DRIVERS\91660647.sys [2012-02-04 460888]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = ????????;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B666f7fc8-a785-4d1b-9863-eb4fc40822e1%7D&mid=ef9351033a2cf750a079032fbdd642b8-c98eeb274289a88edf12d9eb252238c58951ab67&ds=AVG&v=11.1.0.12&lang=us&pr=pa&d=2012-02-25%2019%3A43%3A16&sap=ku&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\AVG\AVG10\avgfws.exe
    c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    c:\program files (x86)\AVG\AVG10\avgam.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\MHotKey.exe
    c:\windows\ChiFuncExt.exe
    c:\windows\CNYHKey.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-04 15:16:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-04 19:16
    ComboFix2.txt 2012-05-27 21:14
    ComboFix3.txt 2012-05-25 23:43
    ComboFix4.txt 2012-05-13 08:40
    .
    Pre-Run: 443,361,312,768 bytes free
    Post-Run: 444,138,745,856 bytes free
    .
    - - End Of File - - E045F4A83499A07039B44870845A7195
  12. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    Don't know if it's a big deal or not but thought I'd just let you know that when the computer restarted after the scan an alert poppoed up saying...
    "C:\Windows\System32\GfxUI.exe
    A device attached to the sytem is not functioning"
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  14. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    ComboFix 12-08-04.02 - Mary 08/05/2012 16:59:49.7.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2477 [GMT -4:00]
    Running from: c:\users\Mary\Desktop\ComboFix.exe
    Command switches used :: c:\users\Mary\Desktop\CFScript.txt
    AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-05 21:11 . 2012-08-05 21:11 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-08-05 21:11 . 2012-08-05 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-05 21:11 . 2012-08-05 21:11 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-07-10 23:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 17:46 . 2012-01-26 01:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-21 16:31 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 16:32 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 16:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 16:31 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:31 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 16:31 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 16:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 16:31 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-21 16:31 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 16:31 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-02 19:19 . 2012-06-21 16:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 16:31 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 19:12 . 2012-06-21 16:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-05-21 01:36 . 2012-05-21 01:36 388096 ----a-r- c:\users\Mary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-19 06:23 . 2012-05-19 06:24 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-08-04_19.13.46 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2012-08-05 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2012-08-05 14:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-21 03:20 . 2012-08-03 10:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2012-08-05 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-01-21 03:20 . 2012-08-03 10:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2012-08-05 14:48 65210 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2012-08-05 14:48 90296 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2006-11-02 15:45 . 2012-08-03 10:41 90296 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-09-05 23:57 . 2012-08-03 10:41 16172 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2407127360-2681154229-4036151088-1000_UserData.bin
    + 2009-09-05 23:57 . 2012-08-05 14:48 16172 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2407127360-2681154229-4036151088-1000_UserData.bin
    - 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-09-05 23:56 . 2012-08-05 15:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-09-05 23:56 . 2012-08-05 15:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-09-05 23:56 . 2012-08-02 15:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-09-05 23:56 . 2012-08-02 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-09-05 23:56 . 2012-08-05 15:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-05 21:14 . 2012-08-05 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-05 21:14 . 2012-08-05 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-04 16:11 . 2012-08-04 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-09-06 14:43 . 2012-08-04 19:13 642386 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-09-06 14:43 . 2012-08-05 20:51 642386 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2006-11-02 12:46 . 2012-08-04 16:18 604502 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2012-08-05 14:50 604502 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2012-08-04 16:18 104202 c:\windows\system32\perfc009.dat
    + 2006-11-02 12:46 . 2012-08-05 14:50 104202 c:\windows\system32\perfc009.dat
    - 2011-02-16 22:00 . 2012-08-04 16:09 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-16 22:00 . 2012-08-05 21:12 287624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-28 03:02 . 2012-08-05 21:12 14460628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2407127360-2681154229-4036151088-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-11 06:07 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LedKey"="CNYHKey.exe" [2008-04-24 339968]
    "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-27 928096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    S0 91660647;91660647;c:\windows\system32\DRIVERS\91660647.sys [2012-02-04 460888]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 2114376]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B666f7fc8-a785-4d1b-9863-eb4fc40822e1%7D&mid=ef9351033a2cf750a079032fbdd642b8-c98eeb274289a88edf12d9eb252238c58951ab67&ds=AVG&v=11.1.0.12&lang=us&pr=pa&d=2012-02-25%2019%3A43%3A16&sap=ku&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\AVG\AVG10\avgfws.exe
    c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    c:\program files (x86)\AVG\AVG10\avgam.exe
    c:\windows\MHotKey.exe
    c:\windows\CNYHKey.exe
    c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\windows\ModLedKey.exe
    c:\windows\ChiFuncExt.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-05 17:23:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-05 21:23
    ComboFix2.txt 2012-08-04 19:16
    ComboFix3.txt 2012-05-27 21:14
    ComboFix4.txt 2012-05-25 23:43
    ComboFix5.txt 2012-08-05 20:56
    .
    Pre-Run: 443,830,824,960 bytes free
    Post-Run: 443,888,807,936 bytes free
    .
    - - End Of File - - 47AF94E5BA97BDF3C530525EB4130679
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  16. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=12
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=c3979b312cf05e478ba9ab559a79ee2b
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-05-24 07:57:23
    # local_time=2012-05-24 03:57:23 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1032 16777213 100 91 0 80894989 0 0
    # compatibility_mode=5892 16776574 100 56 59099633 174437551 0 0
    # compatibility_mode=8192 67108863 100 0 8849869 8849869 0 0
    # scanned=344323
    # found=1
    # cleaned=0
    # scan_time=7402
    C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\axfc2q7p.default\extensions\bdtyetklxn@bdtyetklxn.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=c3979b312cf05e478ba9ab559a79ee2b
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-06 02:23:53
    # local_time=2012-08-06 10:23:53 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 5770423 5770423 0 0
    # compatibility_mode=1032 16777213 100 91 0 87312384 0 0
    # compatibility_mode=5892 16776574 100 56 65517028 180854946 0 0
    # compatibility_mode=8192 67108863 100 0 15267264 15267264 0 0
    # scanned=346344
    # found=1
    # cleaned=1
    # scan_time=6792
    C:\Qoobox\Quarantine\C\Users\Mary\AppData\Local\qyvqou.exe.vir a variant of Win32/Kryptik.AJIL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


    Immediately after the ESET scan completed Resident Shield found an object "c:\_OTL\MovedFiles\05312012_071557\C_Users\Mary\AppData\Local\MicrosoftHelp\Akamai\btfry.dll" .... can I go ahead and move it to the vault? I just don't want to clean something without letting you know.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, move it to the vault. That's okay.

    Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
  18. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    Before I go ahead with those last steps, I still have the questionable AVG Identity Protection pop up that I mentioned in the originial post. I haven't click any of the options on the pop up and have just left it alone. I now think it is my AVG due to the fact everytime I temporarily disabled AVG for the scans we just did, an identical alert popped up once AVG was re-enabled. Originally I was worried about it because it remained over all other windows, you can't close it out and when I restart the computer it's still there. I've had a virus do that before but never AVG. Should I just attempt to quaratine it and see what happens or what?.... I'll attach a photo


    AVGIDPROsnip.JPG
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go for the following scan, then, just in case:

    Please run the F-Secure Online Scanner
    • Accept the License Agreement and check the box. Then click on Run Check.
    • [​IMG]
    • It will ask you to Run the Java plugin. Please confirm.
    • Once the download completes, the window for the scanner will launch.
    • Please confirm anymore prompts, and then select Full Scan.
    • The scan will take some time to finish, so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • It will run its cleaning.
    • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
  20. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    I'm having trouble running F-Secure scan. After I click "Run Check", the scanner window shows a loading symbol but never completes the download. I've let it sit for a few hours but still loading.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Have you tried in other browsers?
  22. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    Yes, I've tried Firefox and IE, same problem with both.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Save these instructions so you can have access to them while in Safe Mode.

    Please click here to download AVP Tool by Kaspersky.
    • Save it to your desktop.
    • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double click the setup file to run it.
    • Click Next to continue.
    • Accept the License agreement and click on next.
    • It will, by default, install it to your desktop folder. Click Next.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.
    • [*]Hidden Startup Objects [*]System Memory [*]Disk Boot Sectors. [*]My Computer. [*]Also any other drives (Removable that you may have)
    Leave the rest of the settings as they appear as default.
    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be neutralized then choose the delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.
  24. dover1982

    dover1982 Newcomer, in training Topic Starter Posts: 47

    I downloaded the 2011 Virus Removal Tool, I can't find whatever AVP Tool is. The link takes me to the VRT sign up screen.
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry for your troubles, here is the new set of instructions, the updated ones for this tool (that is the old version):

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.