Solved Google search link gets redirected (sometimes)

[sick97]

Hello,

I tried everything but I can't figure out why some of my Google search gets redirected. I used melwarebyte, spybot search and destroy, adware, webroot, McAfee, norton 360. None of these software can't catch the bug.

Now not all the search gets redirected only some. So I used hijack this software and I have no idea if anything is wrong.


Thanks in advance for your help.

[HJT log removed by Broni]

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[sick97]

Update

Thanks for welcoming.

Installed Malwarebytes, updated the definition. Ran the program. Below is the log generated by software.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7398

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/7/2011 12:35:09 AM
mbam-log-2011-08-07 (00-35-09).txt

Scan type: Quick scan
Objects scanned: 189463
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----

I'll post GMER report shortly.

Thanks.


Edit:

GMER report found nothing.

 

[sick97]

DDS Update

Completed DDS scan. Following is the report.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Shanaj Nizam at 11:02:15 on 2011-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4261 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{5B2703FF-ED16-4F3A-9591-7143CD41CDD2} : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{5B2703FF-ED16-4F3A-9591-7143CD41CDD2}\8496768653 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{5B2703FF-ED16-4F3A-9591-7143CD41CDD2}\C696E6B6379737F5F475F55343834353 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{5B2703FF-ED16-4F3A-9591-7143CD41CDD2}\D4270224F6E41664964456 : DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{5B2703FF-ED16-4F3A-9591-7143CD41CDD2}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shanaj Nizam\AppData\Roaming\Mozilla\Firefox\Profiles\eaw4v9my.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shanaj Nizam\AppData\Roaming\Mozilla\Firefox\Profiles\eaw4v9my.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\Shanaj Nizam\AppData\Roaming\Mozilla\Firefox\Profiles\eaw4v9my.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Shanaj Nizam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Shanaj Nizam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110805.030\IDSviA64.sys [2011-8-5 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-8-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-9-10 60928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-7 366640]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-7-16 130008]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-10 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-29 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-9-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-10 79360]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);C:\Windows\system32\DRIVERS\PTQHBUS.sys --> C:\Windows\system32\DRIVERS\PTQHBUS.sys [?]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);C:\Windows\system32\DRIVERS\PTQHMDM.sys --> C:\Windows\system32\DRIVERS\PTQHMDM.sys [?]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);C:\Windows\system32\DRIVERS\PTQHVSP.sys --> C:\Windows\system32\DRIVERS\PTQHVSP.sys [?]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-9-10 79360]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2011-08-07 04:28:16 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 04:28:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-07 01:01:03 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2011-08-04 03:27:34 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Roaming\TrueCrypt
2011-08-04 03:26:19 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-08-04 03:25:59 -------- d-----w- C:\Program Files\TrueCrypt
2011-08-03 23:36:00 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Local\Western Digital
2011-08-03 23:24:55 -------- d-----w- C:\Program Files\SyncToy 2.1
2011-08-03 00:05:53 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Roaming\VSRevoGroup
2011-08-02 23:46:45 -------- d-----w- C:\Program Files\WDCSAM
2011-08-02 23:44:25 -------- d-----w- C:\ProgramData\Western Digital
2011-07-23 20:18:04 198656 ----a-w- C:\Windows\System32\Comdlg32.ocx
2011-07-17 22:44:13 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Roaming\Tific
2011-07-17 00:00:19 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-07-16 23:46:26 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-07-16 23:46:26 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-07-16 23:46:26 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-07-16 23:46:26 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-07-16 23:46:26 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-07-16 23:46:26 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-07-16 23:46:18 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-07-16 23:38:01 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-07-16 23:38:00 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-07-16 23:38:00 -------- d-----w- C:\Program Files\Symantec
2011-07-16 23:38:00 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-07-16 23:37:21 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-07-16 23:37:21 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-07-16 23:36:47 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-07-16 23:36:40 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-07-16 23:33:37 -------- d-----w- C:\ProgramData\PCSettings
2011-07-16 23:27:48 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-07-16 23:12:02 -------- d-----w- C:\ProgramData\Norton
2011-07-16 23:09:25 -------- d-----w- C:\ProgramData\NortonInstaller
2011-07-16 22:20:05 53248 ----a-r- C:\Users\Shanaj Nizam\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-16 22:16:08 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Local\Research In Motion
2011-07-16 22:15:19 -------- d-----w- C:\ProgramData\Research In Motion
2011-07-16 22:14:59 -------- d-----w- C:\Program Files (x86)\Research In Motion
2011-07-16 21:53:33 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Roaming\Research In Motion
2011-07-16 21:51:55 31744 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2011-07-16 21:51:10 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2011-07-16 02:34:05 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF3FD68-364F-46BF-B0F6-C68333F3F113}\mpengine.dll
2011-07-15 01:40:50 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Local\lptmp10051
2011-07-15 01:23:51 -------- d-----w- C:\Users\Shanaj Nizam\AppData\Local\PackageAware
2011-07-14 01:26:51 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-08-07 14:55:49 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-08-07 04:40:55 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 01:52:59 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-07-05 01:52:55 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-06-25 19:40:47 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-06-25 19:40:47 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-06-25 19:40:46 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-06-25 19:40:46 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-30 13:42:51 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-05-30 13:42:35 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-05-25 17:20:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-23 09:52:08 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-05-23 07:49:41 173568 ----a-w- C:\Windows\System32\xvid.ax
2011-05-23 07:46:31 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-05-23 07:45:39 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2011-05-18 19:58:40 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-05-18 19:58:26 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
.
============= FINISH: 11:02:50.23 ===============



Below is the information from Attach file from DDS Scan.



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/14/2010 7:40:32 PM
System Uptime: 8/7/2011 7:00:07 AM (4 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz | U2E1 | 1728/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 217.303 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Privacyware Filter Driver
Device ID: ROOT\LEGACY_PWIPF6\0000
Manufacturer:
Name: Privacyware Filter Driver
PNP Device ID: ROOT\LEGACY_PWIPF6\0000
Service: pwipf6
.
==== System Restore Points ===================
.
RP203: 7/23/2011 6:19:13 PM - Removed PSP ISO Compressor
RP204: 7/30/2011 6:35:52 PM - Scheduled Checkpoint
RP205: 8/2/2011 7:43:01 PM - Installed WD SmartWare
RP206: 8/2/2011 7:46:06 PM - Installed SES Driver
RP207: 8/2/2011 7:48:51 PM - Installed WD Software Upgrader
RP208: 8/2/2011 8:02:29 PM - Revo Uninstaller's restore point - Big Fish Games: Game Manager
RP209: 8/3/2011 7:24:07 PM - Installed SyncToy 2.1 (x64)
RP210: 8/3/2011 7:25:55 PM - Removed WD SmartWare
RP211: 8/3/2011 11:26:01 PM - TrueCrypt installation
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Absolute Notifier
Accelerometer
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.10
Amazon MP3 Uploader
AoA Audio Extractor
ATI Catalyst Control Center
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9000 smartphone
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
CDisplayEx 1.8
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Consumer In-Home Service Agreement
D3DX10
DAEMON Tools Lite
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Webcam Central
DivX Setup
EPSON Scan
Feedback Tool
Free CraigsList Reader Pro from CraigsPal 4.5.1
Free Realms
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.0.0.799
HiJackThis
Intel(R) Management Engine Components
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.1.1800
Media Go
Media Go Video Playback Engine 1.64.105.02280
MediaMonkey 3.2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
Norton 360
OpenAL
Pantech PCSuite
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickBooks
QuickBooks Pro 2011
Revo Uninstaller 1.92
Roxio Burn
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
Skype Toolbars
Skype™ 5.3
Sound Blaster X-Fi MB
TrueCrypt
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wneiper
TurboTax 2010 wnhiper
TurboTax 2010 wnjiper
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VLC media player 1.1.10
Voxware Audio decoder 1.6
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
Xfire (remove only)
Xvid Video Codec
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
8/7/2011 12:41:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pwipf6
8/6/2011 7:51:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RABEYAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5B2703FF-ED16-4F3A-9591-7143CD41CDD2}. The master browser is stopping or an election is being forced.
8/5/2011 11:07:14 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
8/5/2011 1:00:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
8/3/2011 8:42:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/2/2011 7:46:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Western Digital Technologies - Other hardware - WD SES Device.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[sick97]

aswMBR report

aswMBR Reprot. As mentioned by you MBR.dat file was created.

---

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 13:19:49
-----------------------------
13:19:49.264 OS Version: Windows x64 6.1.7601 Service Pack 1
13:19:49.265 Number of processors: 4 586 0x2505
13:19:49.266 ComputerName: SHANAJNIZAM-PC UserName: Shanaj Nizam
13:19:51.741 Initialize success
13:20:05.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:20:05.103 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11
13:20:07.158 Disk 0 MBR read successfully
13:20:07.162 Disk 0 MBR scan
13:20:07.166 Disk 0 Windows VISTA default MBR code
13:20:07.171 Service scanning
13:20:10.105 Modules scanning
13:20:10.111 Disk 0 trace - called modules:
13:20:10.138 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:20:10.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ae4790]
13:20:10.151 3 CLASSPNP.SYS[fffff88001b6f43f] -> nt!IofCallDriver -> [0xfffffa800694bce0]
13:20:10.157 5 stdflt.sys[fffff88001abaa4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006808060]
13:20:10.164 Scan finished successfully
13:20:34.372 Disk 0 MBR has been saved successfully to "C:\Users\SN\Desktop\MBR.dat"
13:20:34.378 The log file has been saved successfully to "C:\Users\SN\Desktop\aswMBR.txt"


----

 

[sick97]

Update

Thanks for response.

I tried ran the combofix after disabling Norton 360. I keep getting message 'real time protection is on' but its not.

After clicking ok, I receive message saying I should run combofix at my own risk.

I disabled internet, closed firefox, and shut down norton 360.

Thanks.

 

[Broni]

Go ahead and run Combofix anyway.

 

[sick97]

Update

I did as you directed. However after stage 4 nothing happens. It took about 10 mins to come to stage 4 and it's been in that position for over 2 hrs.

Computer is not frozen though. I opened notepad to test. I'll run the test again tomorrow (its 11pm for now).

Thanks again.

 

[Broni]

Try alternative method, starting at:

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
.....

 

[sick97]

ComboFix

Sorry for delay. I had few things I had to take care off...

Here is the log for combofix. Scan was done in safe mode. the log is split into several post.


--------

ComboFix 11-08-09.02 - Shanaj Nizam 08/10/2011 20:47:11.3.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.4828 [GMT -4:00]
Running from: c:\users\Shanaj Nizam\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe
c:\programdata\PCDr\5830\Downloads\652c72d6-ea41-4060-96f7-060298329393.dll
c:\programdata\PCDr\5830\Downloads\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\5830\Downloads\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\5830\Downloads\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 00:52 . 2011-08-11 00:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-11 00:52 . 2011-08-11 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 01:38 . 2011-08-09 01:38 -------- d-----w- c:\program files (x86)\Machinarium
2011-08-09 01:21 . 2011-08-09 01:21 -------- d-----w- c:\users\SN\AppData\Roaming\.minecraft
2011-08-07 04:28 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 04:28 . 2011-08-07 04:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-07 01:01 . 2011-03-31 03:04 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-08-04 03:27 . 2011-08-04 03:30 -------- d-----w- c:\users\SN\AppData\Roaming\TrueCrypt
2011-08-04 03:26 . 2011-08-04 03:26 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-08-04 03:25 . 2011-08-04 03:26 -------- d-----w- c:\program files\TrueCrypt
2011-08-03 23:36 . 2011-08-03 23:36 -------- d-----w- c:\users\SN\AppData\Local\Western Digital
2011-08-03 23:24 . 2011-08-03 23:24 -------- d-----w- c:\program files\SyncToy 2.1
2011-08-03 23:23 . 2011-08-03 23:23 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-08-03 00:05 . 2011-08-03 00:05 -------- d-----w- c:\users\SN\AppData\Roaming\VSRevoGroup
2011-08-02 23:51 . 2011-08-02 23:51 -------- d-----w- c:\users\Default\AppData\Local\Western Digital
2011-08-02 23:46 . 2011-08-02 23:46 -------- d-----w- c:\program files\DIFX
2011-08-02 23:46 . 2011-08-02 23:46 -------- d-----w- c:\program files\WDCSAM
2011-08-02 23:44 . 2011-08-03 23:29 -------- d-----w- c:\programdata\Western Digital
2011-07-23 20:18 . 2001-05-21 15:46 198656 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-07-17 22:44 . 2011-07-17 22:44 -------- d-----w- c:\users\SN\AppData\Roaming\Tific
2011-07-17 00:00 . 2011-07-17 00:00 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-07-16 23:38 . 2011-07-16 23:38 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-16 23:38 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-16 23:38 . 2011-07-16 23:46 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-07-16 23:38 . 2011-07-16 23:46 -------- d-----w- c:\program files\Symantec
2011-07-16 23:38 . 2011-07-16 23:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-16 23:37 . 2010-08-21 04:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-07-16 23:37 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-07-16 23:36 . 2011-07-17 01:13 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-07-16 23:36 . 2011-07-16 23:36 -------- d-----w- c:\program files (x86)\Norton 360
2011-07-16 23:33 . 2011-07-16 23:33 -------- d-----w- c:\programdata\PCSettings
2011-07-16 23:27 . 2011-07-16 23:27 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-07-16 23:12 . 2011-07-16 23:36 -------- d-----w- c:\programdata\Norton
2011-07-16 22:20 . 2011-07-16 22:20 53248 ----a-r- c:\users\SN\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-16 22:16 . 2011-07-16 22:16 -------- d-----w- c:\users\SN\AppData\Local\Research In Motion
2011-07-16 22:15 . 2011-07-16 22:15 -------- d-----w- c:\programdata\Research In Motion
2011-07-16 22:14 . 2011-07-16 22:14 -------- d-----w- c:\program files (x86)\Research In Motion
2011-07-16 21:53 . 2011-07-16 22:16 -------- d-----w- c:\users\SN\AppData\Roaming\Research In Motion
2011-07-16 21:51 . 2009-01-09 19:02 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2011-07-16 21:51 . 2011-07-16 22:14 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-07-16 02:34 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF3FD68-364F-46BF-B0F6-C68333F3F113}\mpengine.dll
2011-07-16 01:53 . 2011-07-16 01:54 -------- d-----w- c:\users\TEMP
2011-07-15 01:40 . 2011-07-15 01:40 -------- d-----w- c:\users\SN\AppData\Local\lptmp10051
2011-07-15 01:23 . 2011-07-15 01:23 -------- d-----w- c:\users\SN\AppData\Local\PackageAware
2011-07-14 01:26 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 00:53 . 2011-04-16 00:25 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-08-11 00:53 . 2010-12-24 20:57 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-07-06 23:52 . 2011-04-30 18:47 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 01:52 . 2011-07-05 01:52 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-07-05 01:52 . 2010-12-24 20:57 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-06-25 19:40 . 2010-09-10 21:47 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-25 19:40 . 2010-09-10 21:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-25 19:40 . 2010-09-10 21:47 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-25 19:40 . 2010-09-10 21:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-03 05:57 . 2011-07-14 01:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-30 13:42 . 2011-06-05 04:14 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-05-30 13:42 . 2011-06-05 04:14 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-25 17:20 . 2011-05-25 16:15 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 23:14 . 2010-11-27 01:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-28 23:45 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-28 23:45 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-28 23:45 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-28 23:45 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-28 23:45 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-23 09:52 . 2011-06-05 04:14 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2011-05-23 07:49 . 2011-06-05 04:14 173568 ----a-w- c:\windows\system32\xvid.ax
2011-05-23 07:46 . 2011-06-05 04:14 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-05-23 07:45 . 2011-06-05 04:14 696832 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-18 19:58 . 2011-04-16 00:25 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-05-18 19:58 . 2011-04-16 00:25 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-30_20.02.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-27 18:45 . 2010-04-27 18:45 72856 c:\windows\SysWOW64\xliveinstallhost.exe
+ 2011-07-15 01:42 . 2011-05-23 18:31 30424 c:\windows\SysWOW64\wrLZMA.dll
- 2009-07-13 23:16 . 2009-07-14 01:14 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-07-14 01:26 . 2011-06-03 05:57 25600 c:\windows\SysWOW64\setup16.exe
- 2009-07-14 00:13 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-06-28 23:45 . 2011-05-04 04:28 86528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-05-01 00:49 . 2011-02-18 05:39 31232 c:\windows\SysWOW64\prevhost.exe
- 2011-03-01 00:42 . 2010-11-20 12:17 31232 c:\windows\SysWOW64\prevhost.exe
- 2009-07-13 23:15 . 2009-07-14 01:16 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-07-14 01:26 . 2011-06-03 06:00 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-06-28 23:45 . 2011-05-04 04:32 59392 c:\windows\SysWOW64\msscntrs.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 59392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-06-17 23:07 . 2011-04-22 23:26 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2010-08-20 19:22 . 2010-12-09 18:53 24576 c:\windows\SysWOW64\inttdt.dll
+ 2011-05-01 00:50 . 2011-03-11 05:31 74240 c:\windows\SysWOW64\fsutil.exe
+ 2009-07-14 04:54 . 2011-08-11 00:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-30 19:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-11 00:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-30 19:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-11 00:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-14 01:26 . 2011-06-03 06:57 13312 c:\windows\system32\wow64cpu.dll
- 2011-03-01 00:42 . 2010-11-20 13:27 13312 c:\windows\system32\wow64cpu.dll
+ 2010-09-10 21:51 . 2011-08-11 00:26 66366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-11 00:26 37192 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-15 00:30 . 2011-08-11 00:26 21092 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2445394396-189493613-16335978-1001_UserData.bin
+ 2011-03-21 17:22 . 2011-03-21 17:22 74272 c:\windows\system32\RtNicProp64.dll
- 2011-01-21 11:36 . 2011-01-21 11:36 74272 c:\windows\system32\RtNicProp64.dll
+ 2011-05-01 00:49 . 2011-02-18 10:51 31232 c:\windows\system32\prevhost.exe
- 2011-03-01 00:43 . 2010-11-20 13:25 31232 c:\windows\system32\prevhost.exe
+ 2011-07-14 01:26 . 2011-06-03 06:57 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
+ 2011-06-28 23:45 . 2011-05-04 05:22 75264 c:\windows\system32\msscntrs.dll
- 2009-07-14 00:29 . 2009-07-14 01:41 75264 c:\windows\system32\msscntrs.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 96256 c:\windows\system32\mshtmled.dll
+ 2011-06-17 23:07 . 2011-04-23 01:19 96256 c:\windows\system32\mshtmled.dll
+ 2011-04-30 18:56 . 2011-08-11 00:36 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-04-30 18:56 . 2011-04-30 17:48 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-05-01 00:50 . 2011-03-11 06:30 96768 c:\windows\system32\fsutil.exe
+ 2011-07-16 23:38 . 2010-08-21 04:59 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_AABE64655D8D5936ABBDF4C4B48BA5458FA0A505\x64\GEARAspiWDM.sys
+ 2009-07-14 05:30 . 2011-08-07 01:01 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-04-26 02:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-02-13 15:02 . 2009-02-13 15:02 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_amd64_neutral_8206e7d34f6b0583\wdcsam64.sys
+ 2011-05-01 00:50 . 2011-03-11 04:37 91648 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS
+ 2011-05-10 21:06 . 2011-03-25 03:29 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 52736 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
+ 2011-08-07 01:01 . 2011-03-31 03:04 43640 c:\windows\system32\DriverStore\FileRepository\symimv.inf_amd64_neutral_a4c86ef224b08f82\SymIMV.sys
+ 2011-03-21 17:22 . 2011-03-21 17:22 74272 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_67382e2b864c5c80\RtNicProp64.dll
+ 2011-02-16 22:23 . 2011-02-16 22:23 74240 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_ed29477b60e43669\RimUsb_AMD64.sys
+ 2011-07-16 21:51 . 2009-01-09 19:02 31744 c:\windows\system32\DriverStore\FileRepository\rimserial.inf_amd64_neutral_095f8f326d5d196a\RimSerial_AMD64.sys
+ 2011-07-14 01:26 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthenum.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_5c3d0d1e97e99e10\amdxata.sys
+ 2008-05-06 20:06 . 2008-05-06 20:06 14464 c:\windows\system32\drivers\wdcsam64.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2011-05-01 00:50 . 2011-03-11 04:37 91648 c:\windows\system32\drivers\USBSTOR.SYS
- 2011-03-01 00:43 . 2010-11-20 10:44 91648 c:\windows\system32\drivers\USBSTOR.SYS
- 2009-07-14 00:06 . 2009-07-14 00:06 25600 c:\windows\system32\drivers\usbohci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 25600 c:\windows\system32\drivers\usbohci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 52736 c:\windows\system32\drivers\usbehci.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 98816 c:\windows\system32\drivers\usbccgp.sys
- 2011-03-01 00:43 . 2010-11-20 10:44 98816 c:\windows\system32\drivers\usbccgp.sys
+ 2008-05-20 22:33 . 2011-02-16 22:23 74240 c:\windows\system32\drivers\RimUsb_AMD64.sys
+ 2011-07-16 23:46 . 2011-03-31 03:00 40568 c:\windows\system32\drivers\N360x64\0501000.01D\srtspx64.sys
+ 2011-05-25 00:34 . 2011-04-22 22:15 27520 c:\windows\system32\drivers\Diskdump.sys
- 2011-03-01 00:43 . 2010-11-20 13:33 27520 c:\windows\system32\drivers\Diskdump.sys
- 2011-03-01 00:44 . 2010-11-20 13:32 27008 c:\windows\system32\drivers\amdxata.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 27008 c:\windows\system32\drivers\amdxata.sys
+ 2010-09-14 22:08 . 2011-08-11 00:29 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-14 22:08 . 2011-04-30 18:05 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 22:08 . 2011-08-11 00:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-14 22:08 . 2011-04-30 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-30 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-11 00:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-07-23 22:37 92456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-04-13 02:16 . 2011-04-13 02:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2011-02-10 09:15 . 2011-02-10 09:15 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-02-10 08:10 . 2011-02-10 08:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 03:33 . 2011-04-15 03:33 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 17240

 

[sick97]

combofix continue

c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-18 04:26 . 2011-05-18 04:26 32768 c:\windows\Installer\c98294.msi
+ 2011-05-18 04:27 . 2011-05-18 04:27 32256 c:\windows\Installer\c9828f.msi
+ 2011-08-07 01:40 . 2011-08-07 01:40 25088 c:\windows\Installer\a386794.msi
+ 2011-06-02 04:19 . 2011-06-02 04:19 65536 c:\windows\Installer\{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-02 04:19 . 2011-06-02 04:19 65536 c:\windows\Installer\{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}\ARPPRODUCTICON.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-17 01:32 . 2011-06-17 23:07 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-09-17 01:32 . 2011-04-21 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-07-16 22:15 . 2011-07-16 22:15 69632 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
+ 2011-05-06 02:51 . 2011-05-06 02:51 76926 c:\windows\Installer\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}\GameForWindowsLiveDash.exe
+ 2011-05-01 01:35 . 2011-05-01 01:35 10134 c:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe
- 2010-12-01 18:33 . 2011-04-15 00:06 10134 c:\windows\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
+ 2010-12-01 18:33 . 2011-06-04 01:25 10134 c:\windows\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\e7db9562ecd26271bb6ceac7026ea333\System.Windows.Presentation.ni.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\e0fc9c42b2d28edebc1dd2c67c5c94a7\System.Web.ApplicationServices.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\32d3441efb46d802cdc65de502f28e3b\System.AddIn.Contract.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\512c12c2af578c00e8655b0ec2a92102\Microsoft.VisualC.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\4a82ab8680409c1dc5a55e26742e8900\dfsvc.ni.exe
+ 2011-07-03 00:43 . 2011-07-03 00:43 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\b1136d0eb9ce963a7675b0d6cd7c4c4e\Accessibility.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4cd8ba75f60cf8dc66767b833520241e\UIAutomationProvider.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\3261cf5aa8c44f49ea44e995bb1c798c\System.Windows.Presentation.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\8f37e1ebcb6a993092f8701f4f0bff4e\System.Web.ApplicationServices.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f43eab6f117c2733cc296f11e8ebe9ed\System.ServiceModel.Channels.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a1cbada42bb39fc34ee40e9e4afba87e\System.AddIn.Contract.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\2bdbd057211d05a088b7a9004203e58b\Microsoft.VisualC.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\0c39314a7513b436d3aaaeae3b4bd3e7\Accessibility.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\1d158a61ee854692388192faf2b0c754\System.Windows.Presentation.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\0e2dc9cb5595042cf9c1ea618dc84fec\System.Web.DynamicData.Design.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\b33d58d0716cc4abc0183d5167bcdc2e\stdole.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\4f378f5aeb797a971e0bcf8c29c47e20\PresentationFontCache.ni.exe
+ 2011-06-30 00:57 . 2011-06-30 00:57 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\0fed261a4d106e88a0b041676caaa54b\PresentationCFFRasterizer.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9f24220d7affa9e9456f3eb713a15312\Microsoft.WSMan.Runtime.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\f65e0fe5e0ab41837aaef24d813df16d\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\f2ee738d8439bf9025e1234c6afbd7e8\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\bb7dc6dfecbfe057a70e2dbb19915053\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\78d89baca0c720cbe686edfaf9d906bc\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\636902d124bb3ee04ded9773d46f1d5d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\22511a454b6688ecc0154212b3537332\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-06-30 00:53 . 2011-06-30 00:53 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\ae0e01377a99fd22dde3dbea057fadb1\Microsoft.VisualC.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a1c5e8f45b2d953a007a6951907aa098\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\f2ce37a00172cb190851713b969ad8a8\LoadMxf.ni.exe
+ 2011-07-03 00:39 . 2011-07-03 00:39 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\16951451968fea951a2294c0ff4bd49e\ehiUPnP.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\bdc856375b5b886c93a7cd8b18963f12\ehiTVMSMusic.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c6cb1fd7a82938112cbea2c22e433df\dfsvc.ni.exe
+ 2011-06-30 00:56 . 2011-06-30 00:56 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\23ea8465ac746c69a6ed7fdf628d3e9c\Accessibility.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\62e888e2650b08776b81314290366e10\WindowsLiveWriter.ni.exe
+ 2011-07-02 04:14 . 2011-07-02 04:14 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0c94944b5a20827f7c886edf5ab419e\WindowsLive.Writer.Passport.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
+ 2011-07-01 22:53 . 2011-07-01 22:53 26112 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\bfcbd7d2396bfb6b406405256a92cd3f\TVM.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\6a01db5068f7513886fdcac2b7d78de2\TVM.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\0012cdaf55b38d1b306f1557490ba0a5\System.Windows.Presentation.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6b7b1b10687bf18bf588d7c352bc763a\System.Web.DynamicData.Design.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\7cc3f83b09f20782c2ab4a3655af8b20\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e88e6ace53ab318210c1657483321e40\System.AddIn.Contract.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\cd32e850b908317981c109dd20a0d5b2\stdole.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\da3c4db75ec40f99bd8c14e80facdbf4\PresentationFontCache.ni.exe
+ 2011-06-30 01:05 . 2011-06-30 01:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\a0122d9503e1c35a468c236b5ae4d84b\PresentationCFFRasterizer.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\69b036f1479a9aa93430f2d1676032b2\napcrypt.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\88bb54c7674f938db2227ae62311b534\Microsoft.WSMan.Runtime.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f64ba5f131b0eeeb1e409b99431e15d4\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a93677b67f9f208e29f2159471b34737\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a2120a5f3691eb2d67116c359aa02cf1\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\405aa271df15b8ce1b0b970f37687152\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3442a002e4e5d93ca3895a29ba7adb74\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\2a8460cd9fec9019ef61be46315b310f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0c425933816ca1fc57a73b5ead598af0\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\80647c1bde2a8ad63d43064ee575ceda\Microsoft.Vsa.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f7ce61c1a288adc4c39512d9f6767daf\Microsoft.VisualC.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9152d7f0adafac97d853647ca783b8e4\Microsoft.Build.Framework.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c219cc49d452997a91d916309511e68\Microsoft.Build.Framework.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\80f25d4c315508c14a5cac88afa32925\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ac010bace23545b3a5b1825e5c7b046e\ehiUserXp.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\027211443c6da8187fe92e682c048cd5\dfsvc.ni.exe
+ 2011-06-30 01:05 . 2011-06-30 01:05 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
+ 2011-08-03 23:23 . 2011-08-03 23:23 79712 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.SimpleProviders\2.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.SimpleProviders.dll
+ 2011-08-03 23:23 . 2011-08-03 23:23 87904 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.MetadataStorage\2.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.MetadataStorage.dll
+ 2011-08-03 23:23 . 2011-08-03 23:23 63328 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.Files\2.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Files.dll
+ 2011-07-14 01:26 . 2011-06-03 05:56 5120 c:\windows\SysWOW64\wow32.dll
- 2009-07-13 23:15 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wow32.dll
- 2009-07-13 23:15 . 2009-07-13 23:15 2048 c:\windows\SysWOW64\user.exe
+ 2011-07-14 01:26 . 2011-06-03 03:53 2048 c:\windows\SysWOW64\user.exe
+ 2011-07-14 01:26 . 2011-06-03 03:53 7680 c:\windows\SysWOW64\instnm.exe
- 2009-07-13 23:16 . 2009-07-13 23:16 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-07-15 01:49 . 2011-07-15 01:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A2E77671-AE84-11E0-86EF-F04DA244C943}.dat
+ 2011-05-01 02:03 . 2011-05-01 02:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26AFBC16-7397-11E0-A241-AC7771E5F93C}.dat
+ 2011-07-15 01:49 . 2011-07-15 01:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A2E77672-AE84-11E0-86EF-F04DA244C943}.dat
+ 2011-05-01 02:03 . 2011-05-01 02:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26AFBC17-7397-11E0-A241-AC7771E5F93C}.dat
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 03:48 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 03:48 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 03:48 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 03:48 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2010-12-13 07:51 . 2011-07-31 20:35 7156 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-05-07 15:04 . 2011-07-02 23:43 3264 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2445394396-189493613-16335978-501_UserData.bin
+ 2011-05-12 21:39 . 2011-05-12 21:39 9560 c:\windows\system32\NetworkList\Icons\{8B473EFB-FF9A-4CCC-BE18-21CBABFF8013}_48.bin
+ 2011-05-12 21:39 . 2011-05-12 21:39 4280 c:\windows\system32\NetworkList\Icons\{8B473EFB-FF9A-4CCC-BE18-21CBABFF8013}_32.bin
+ 2011-05-12 21:39 . 2011-05-12 21:39 2456 c:\windows\system32\NetworkList\Icons\{8B473EFB-FF9A-4CCC-BE18-21CBABFF8013}_24.bin
+ 2011-05-10 21:06 . 2011-03-25 03:28 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
+ 2011-05-10 21:06 . 2011-03-25 03:28 7936 c:\windows\system32\drivers\usbd.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 7936 c:\windows\system32\drivers\usbd.sys
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-14 01:27 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2011-04-30 19:48 . 2011-04-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-11 00:53 . 2011-08-11 00:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-11 00:53 . 2011-08-11 00:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-30 19:48 . 2011-04-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-03 23:24 . 2011-08-03 23:24 9454 c:\windows\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe
+ 2011-07-03 00:00 . 2011-07-03 00:00 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\cec5dc6db7419a80bba3f9d73833fb65\dfsvc.ni.exe
+ 2011-05-01 00:49 . 2011-03-12 11:23 870912 c:\windows\SysWOW64\XpsPrint.dll
- 2011-02-23 01:09 . 2011-01-07 07:46 870912 c:\windows\SysWOW64\XpsPrint.dll
+ 2010-04-27 18:45 . 2010-04-27 18:45 187544 c:\windows\SysWOW64\xliveinstall.dll
+ 2011-04-09 22:55 . 2011-04-09 22:55 140952 c:\windows\SysWOW64\xlive\sqmapi.dll
+ 2010-08-20 19:22 . 2009-10-21 22:20 145920 c:\windows\SysWOW64\tdtclientsdk.dll
- 2009-07-14 00:14 . 2009-07-14 01:14 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-28 23:45 . 2011-05-04 04:28 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-28 23:45 . 2011-05-04 04:28 427520 c:\windows\SysWOW64\SearchIndexer.exe
- 2009-07-13 23:22 . 2009-07-14 01:14 123904 c:\windows\SysWOW64\poqexec.exe
+ 2011-05-12 21:43 . 2011-04-09 05:56 123904 c:\windows\SysWOW64\poqexec.exe
- 2011-03-01 00:43 . 2010-11-20 12:20 571904 c:\windows\SysWOW64\oleaut32.dll
+ 2011-06-17 00:55 . 2011-02-25 05:34 571904 c:\windows\SysWOW64\oleaut32.dll
- 2011-03-01 00:43 . 2010-11-20 12:19 666624 c:\windows\SysWOW64\mssvp.dll
+ 2011-06-28 23:45 . 2011-05-04 04:32 666624 c:\windows\SysWOW64\mssvp.dll
+ 2011-06-28 23:45 . 2011-05-04 04:32 197120 c:\windows\SysWOW64\mssphtb.dll
- 2011-03-01 00:43 . 2010-11-20 12:19 197120 c:\windows\SysWOW64\mssphtb.dll
- 2009-07-14 00:13 . 2009-07-14 01:15 337408 c:\windows\SysWOW64\mssph.dll
+ 2011-06-28 23:45 . 2011-05-04 04:32 337408 c:\windows\SysWOW64\mssph.dll
+ 2011-05-25 17:20 . 2011-05-25 17:20 239776 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-25 16:15 . 2011-05-25 16:15 240288 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-25 16:15 . 2011-05-25 16:15 321184 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.dll
+ 2011-07-14 01:27 . 2011-06-03 05:56 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-03-01 00:44 . 2010-11-20 12:08 837632 c:\windows\SysWOW64\kernel32.dll
+ 2011-07-14 01:26 . 2011-05-14 06:22 837632 c:\windows\SysWOW64\kernel32.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-06-17 23:07 . 2011-04-22 23:26 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-06-17 00:55 . 2011-05-03 04:30 741376 c:\windows\SysWOW64\inetcomm.dll
- 2011-04-15 03:29 . 2011-03-08 05:28 741376 c:\windows\SysWOW64\inetcomm.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-06-17 23:07 . 2011-04-22 23:24 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-07-15 01:50 . 2011-07-15 01:49 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
+ 2011-05-14 16:35 . 2009-11-06 19:14 511328 c:\windows\SysWOW64\capicom.dll
+ 2010-01-03 06:01 . 2010-01-03 06:01 507904 c:\windows\SysWOW64\btwapi.dll
+ 2011-07-14 01:26 . 2011-06-03 06:57 362496 c:\windows\system32\wow64win.dll
- 2011-03-01 00:44 . 2010-11-20 13:27 243200 c:\windows\system32\wow64.dll
+ 2011-07-14 01:26 . 2011-06-03 06:57 243200 c:\windows\system32\wow64.dll
+ 2011-07-14 01:26 . 2011-06-03 06:57 214528 c:\windows\system32\winsrv.dll
+ 2010-09-14 23:40 . 2011-08-10 07:07 300980 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-09-16 16:41 . 2011-08-09 16:36 332864 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-06-28 23:45 . 2011-05-04 05:19 249856 c:\windows\system32\SearchProtocolHost.exe
- 2009-07-14 00:30 . 2009-07-14 01:39 249856 c:\windows\system32\SearchProtocolHost.exe
+ 2011-06-28 23:45 . 2011-05-04 05:19 591872 c:\windows\system32\SearchIndexer.exe
+ 2011-06-28 23:45 . 2011-05-04 05:19 113664 c:\windows\system32\SearchFilterHost.exe
- 2009-07-14 00:29 . 2009-07-14 01:39 113664 c:\windows\system32\SearchFilterHost.exe
- 2010-08-04 08:33 . 2011-01-21 11:36 107552 c:\windows\system32\RTNUninst64.dll
+ 2010-08-04 08:33 . 2011-03-21 17:22 107552 c:\windows\system32\RTNUninst64.dll
+ 2011-05-12 21:43 . 2011-04-09 06:58 142336 c:\windows\system32\poqexec.exe
- 2009-07-13 23:34 . 2009-07-14 01:39 142336 c:\windows\system32\poqexec.exe
+ 2009-07-14 02:36 . 2011-08-07 00:50 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-30 19:54 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-30 19:54 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-07 00:50 106522 c:\windows\system32\perfc009.dat
- 2011-03-01 00:44 . 2010-11-20 13:27 861696 c:\windows\system32\oleaut32.dll
+ 2011-06-17 00:55 . 2011-02-25 06:22 861696 c:\windows\system32\oleaut32.dll
- 2011-03-01 00:44 . 2010-11-20 13:27 778752 c:\windows\system32\mssvp.dll
+ 2011-06-28 23:45 . 2011-05-04 05:22 778752 c:\windows\system32\mssvp.dll
- 2011-03-01 00:43 . 2010-11-20 13:27 288256 c:\windows\system32\mssphtb.dll
+ 2011-06-28 23:45 . 2011-05-04 05:22 288256 c:\windows\system32\mssphtb.dll
- 2009-07-14 00:30 . 2009-07-14 01:41 491520 c:\windows\system32\mssph.dll
+ 2011-06-28 23:45 . 2011-05-04 05:22 491520 c:\windows\system32\mssph.dll
+ 2011-07-14 01:27 . 2011-06-03 06:56 421888 c:\windows\system32\KernelBase.dll
+ 2011-06-17 23:07 . 2011-04-23 01:20 818176 c:\windows\system32\jscript.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 818176 c:\windows\system32\jscript.dll
+ 2011-06-17 00:55 . 2011-05-03 05:29 976896 c:\windows\system32\inetcomm.dll
- 2011-04-15 03:29 . 2011-03-08 06:29 976896 c:\windows\system32\inetcomm.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 248320 c:\windows\system32\ieui.dll
+ 2011-06-17 23:07 . 2011-04-23 01:17 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2011-07-17 01:12 425816 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-04-26 02:37 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-08-07 01:01 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-26 02:37 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-08-07 01:01 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-10 21:06 . 2011-03-25 03:29 325120 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
+ 2011-03-21 17:22 . 2011-03-21 17:22 107552 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_67382e2b864c5c80\RTNUninst64.dll
+ 2011-03-21 17:22 . 2011-03-21 17:22 452200 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_67382e2b864c5c80\Rt64win7.sys
+ 2011-07-15 01:41 . 2011-05-26 15:22 109864 c:\windows\system32\DriverStore\FileRepository\pwipf6.inf_amd64_neutral_8cbd7ef88cada24c\pwipf6.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
+ 2011-03-01 00:43 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\fsquirt.exe
+ 2011-07-14 01:26 . 2011-04-28 03:55 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthport.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_5c3d0d1e97e99e10\amdsata.sys
+ 2009-07-14 05:31 . 2011-07-15 01:43 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-03-01 01:28 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2011-05-10 21:06 . 2011-03-25 03:29 325120 c:\windows\system32\drivers\usbport.sys
- 2011-03-01 00:44 . 2010-11-20 10:44 325120 c:\windows\system32\drivers\usbport.sys
- 2011-03-01 00:43 . 2010-11-20 10:44 343040 c:\windows\system32\drivers\usbhub.sys
+ 2011-05-10 21:06 . 2011-03-25 03:29 343040 c:\windows\system32\drivers\usbhub.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 189824 c:\windows\system32\drivers\storport.sys
- 2011-03-01 00:44 . 2010-11-20 13:33 189824 c:\windows\system32\drivers\storport.sys
+ 2011-06-17 00:55 . 2011-04-29 03:05 168448 c:\windows\system32\drivers\srvnet.sys
+ 2011-06-17 00:55 . 2011-04-29 03:05 410112 c:\windows\system32\drivers\srv2.sys
+ 2011-06-17 00:55 . 2011-04-29 03:06 467456 c:\windows\system32\drivers\srv.sys
- 2011-04-15 03:29 . 2011-02-23 04:56 467456 c:\windows\system32\drivers\srv.sys
+ 2011-03-21 17:22 . 2011-03-21 17:22 452200 c:\windows\system32\drivers\Rt64win7.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 166272 c:\windows\system32\drivers\nvstor.sys
- 2011-03-01 00:44 . 2010-11-20 13:33 166272 c:\windows\system32\drivers\nvstor.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 148352 c:\windows\system32\drivers\nvraid.sys
- 2011-03-01 00:44 . 2010-11-20 13:33 148352 c:\windows\system32\drivers\nvraid.sys
+ 2011-07-16 23:46 . 2011-07-08 21:45 386168 c:\windows\system32\drivers\N360x64\0501000.01D\symnets.sys
+ 2011-07-16 23:46 . 2011-03-15 02:31 912504 c:\windows\system32\drivers\N360x64\0501000.01D\symefa64.sys
+ 2011-07-16 23:46 . 2011-01-27 06:47 450680 c:\windows\system32\drivers\N360x64\0501000.01D\symds64.sys
+ 2011-07-16 23:46 . 2011-03-31 03:00 744568 c:\windows\system32\drivers\N360x64\0501000.01D\srtsp64.sys
+ 2011-07-16 23:46 . 2010-11-16 01:45 171128 c:\windows\system32\drivers\N360x64\0501000.01D\ironx64.sys
+ 2011-06-17 00:55 . 2011-04-27 02:39 128000 c:\windows\system32\drivers\mrxsmb20.sys
- 2011-04-15 03:28 . 2011-02-23 04:55 128000 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-06-17 00:55 . 2011-04-27 02:39 289280 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-06-17 00:55 . 2011-04-27 02:40 158208 c:\windows\system32\drivers\mrxsmb.sys
- 2011-04-15 03:28 . 2011-02-23 04:56 158208 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 410496 c:\windows\system32\drivers\iaStorV.sys
- 2011-03-01 00:43 . 2010-11-20 13:33 410496 c:\windows\system32\drivers\iaStorV.sys
- 2011-03-01 00:44 . 2010-11-20 13:32 107904 c:\windows\system32\drivers\amdsata.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 107904 c:\windows\system32\drivers\amdsata.sys
+ 2011-06-17 00:55 . 2011-04-25 02:34 499200 c:\windows\system32\drivers\afd.sys
+ 2011-07-14 01:26 . 2011-06-03 06:53 338944 c:\windows\system32\conhost.exe
- 2009-07-14 05:38 . 2011-04-30 18:56 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-06-11 07:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:01 . 2011-08-11 00:35 394548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-10 09:15 . 2011-02-10 09:15 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2011-04-15 03:30 . 2011-02-07 23:32 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-02-10 08:10 . 2011-02-10 08:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-02-10 08:10 . 2011-02-10 08:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2011-02-10 08:10 . 2011-02-10 08:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

 

[sick97]

combofix continue 2

+ 2011-06-28 03:21 . 2011-03-29 22:33 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-04-15 03:30 . 2011-02-07 23:34 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-04-15 03:30 . 2011-02-07 23:34 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-04-15 03:30 . 2011-02-07 23:34 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\52f28.msp
+ 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\52ee8.msi
+ 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\52ee2.msi
+ 2011-05-17 10:09 . 2011-05-17 10:09 926720 c:\windows\Installer\3032cb2.msi
+ 2010-09-15 23:47 . 2011-07-15 01:36 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-07-16 22:15 . 2011-07-16 22:15 413696 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2011-07-16 22:15 . 2011-07-16 22:15 413696 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2011-07-16 22:15 . 2011-07-16 22:15 413696 c:\windows\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\ARPPRODUCTICON.exe
+ 2011-05-15 16:49 . 2011-05-15 16:49 371272 c:\windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe
+ 2011-05-11 07:01 . 2011-05-11 07:01 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
- 2011-04-15 03:40 . 2011-04-15 03:40 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2008-02-25 19:38 . 2008-02-25 19:38 771384 c:\windows\Downloaded Program Files\webdiag.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 322048 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\67701a0afb40872303a50c673387ba22\WindowsFormsIntegration.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\21b0a1645439e2c615a317dc4cca191d\UIAutomationTypes.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\792559a31b651ec7c2d5da9847961736\UIAutomationProvider.ni.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\550c47e15879f39fed79e4eb1c2195db\UIAutomationClient.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 525824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\0a0a776f67e84c2da967ac111c5df164\System.Xml.Linq.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 254976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\cf8c22d4266e070a299c02d2850ef818\System.Windows.Input.Manipulations.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\4b6a7186f6c401b66d1be535e7d6104a\System.Transactions.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 280576 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a829cc80ca5acc2da26bd8ea918e1a4e\System.ServiceProcess.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 107520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5381d639b68e4fcd1233df4aaa8fc9be\System.ServiceModel.Channels.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 507904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\23cddffe6a749acdc1cf2bbf7ea2470c\System.ServiceModel.Routing.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 939520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\82566fadb4cce4b082e9d8be861cb407\System.Security.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 376320 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ee99e5061f73f7e0d64e28e72acdd8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\7706bf7b15e5f41daf680bf00fb3040b\System.Runtime.Remoting.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\97a9eaf09596eebab9ed3e17546ae804\System.Numerics.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 930304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\92ffc2dd1a4c2ea95b472a26e774a835\System.Net.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\b8de5567948f35962ddf7122752ff04d\System.Messaging.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\b131749bfb98ce8ec9b87ce2841afe60\System.Management.Instrumentation.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 531456

 

[sick97]

combofix continue 3

c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\0fe92ebf0087c98840e99d37480711c0\System.IO.Log.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\4b0079c9d88b51955f53d52f6b7f3e5a\System.IdentityModel.Selectors.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\c22b41c9c0a31a087d16689ac0889607\System.EnterpriseServices.Wrapper.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 511488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\77f9d335a1781905c342869dbf6220c6\System.Dynamic.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 628736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\82362eb90e580c5b2afc3150c69d784f\System.DirectoryServices.Protocols.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\342afec9aa4ee8a572a0cd8da6833a5c\System.Device.ni.dll
+ 2011-07-03 02:49 . 2011-07-03 02:49 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\bf4f62e5c39821ee6225ed92dae486ed\System.Data.DataSetExtensions.ni.dll
+ 2011-07-03 02:49 . 2011-07-03 02:49 181248 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\ad9d61d394a46e9f9590b0a9f0fa0ad5\System.Configuration.Install.ni.dll
+ 2011-07-03 02:49 . 2011-07-03 02:49 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\693ee2ff660f89258326be91758da220\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\5f08af7480608daceecfec057280efac\System.AddIn.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 553472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\4afbca9170450994db0228341d24c42d\System.Activities.DurableInstancing.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 430080 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\a6cc942cdc5c454b6d707f346946ff02\SMSvcHost.ni.exe
+ 2011-07-03 00:51 . 2011-07-03 00:51 184832 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\991bb9aedef58467529703e0c83af2de\SMDiagnostics.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 745984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\fdac975a3fac325ee1cb3961bbc11acf\PresentationFramework.Luna.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e5e71b03b631939f951c85fb1cddab68\PresentationFramework.Classic.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 555520 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\7028852deef01a6e4e4636db5e12e09b\PresentationFramework.Aero.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 387584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1354d301871cb639ab1b885c626f1ffe\PresentationFramework.Royale.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4754eb5629d571dac6586602b1f1fbd6\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\54d05db00d011c7d8e34613a76156a27\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4f99fd1b2d217c9950b0e7c053b9e906\CustomMarshalers.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\97a1f8a5a83114e0cea11549602e8e72\WindowsFormsIntegration.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7297158168dfc68b1b96bf6b0f56b093\UIAutomationTypes.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\acc81364b5b1d54918a55f0ae0fbc043\UIAutomationClient.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\40e165d670da20b9911cf7f15db916d2\System.Windows.Input.Manipulations.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e99e3e3b47a1b63e678271947a72e22\System.ServiceModel.Routing.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a31a4045963913a3228777af311f4428\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
+ 2011-06-28 23:53 . 2011-06-28 23:53 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ce945fe046c7c152d4785fe24c22eee9\System.Net.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f07d8a06ff89e9c2db9f2ad73e88d421\System.Messaging.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\ec65b7f29e6d9c27cad0bb4f6199701f\System.Management.Instrumentation.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5e1621afee65228e6dc7fbc9fb35f091\System.IO.Log.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\1f10456671d393187b6e2511155b8cd6\System.IdentityModel.Selectors.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-06-28 23:55 . 2011-06-28 23:55 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\f75ffd1a51b56e5171335277ca7d2ead\System.DirectoryServices.Protocols.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\448b1912c09fe3be836533e1c04332ce\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a8f34f6b7fc87869ea63c0a5a45e4106\System.Device.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8e8d0552f18365e5f57fe20cf3aebcbb\System.Data.DataSetExtensions.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4ce4ff836715d7e822200dd340ce8c32\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-28 23:55 . 2011-06-28 23:55 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\285ebbd21d182235113a348c951afd12\System.AddIn.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\4a37977779bc648b11b8c333bfc1c2b8\System.Activities.DurableInstancing.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7190f7e40c8095e13f45e40b1709671f\SMSvcHost.ni.exe
+ 2011-07-03 00:01 . 2011-07-03 00:01 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
+ 2011-06-28 23:55 . 2011-06-28 23:55 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7e182b360a875b8723e9f988bef9f2ca\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\23c48b3a578d71fd90e8d8db8e7d6b37\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dcc2883f0bbf0909874059fe9768016b\CustomMarshalers.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\5ca5ea4b85b0257859f39e61a0d1a0a7\WsatConfig.ni.exe
+ 2011-07-03 00:43 . 2011-07-03 00:43 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\a8ea898f16afa399721231f7b20ce56c\WindowsFormsIntegration.ni.dll
+ 2011-07-01 07:51 . 2011-07-01 07:51 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\e69354a4f1186a1dcf7e125be04bc930\VistaBridgeLibrary.ni.dll
+ 2011-07-01 07:51 . 2011-07-01 07:51 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\3dd4e1e3bc9ce88891cd50fd300c3bda\VDialog.ni.dll
+ 2011-06-30 00:56 . 2011-06-30 00:56 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\d4f8fb1bc01621e0b7a19ee0954917d5\UIAutomationTypes.ni.dll
+ 2011-06-30 00:56 . 2011-06-30 00:56 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\427b7ac4bbe49410e494979928d9b560\UIAutomationProvider.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\606f6997f430786acca5d17ee92893f7\UIAutomationClient.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\053fad2bf4350c5d849af159554ed80a\TaskScheduler.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\197c923b83406fba8014cb40cfbb0b2f\System.Xml.Linq.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\1e4fedeadcb6c93f59fdf3b2bcea9438\System.Web.Routing.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\289664d2c79eafdb478cae5402b328e1\System.Web.RegularExpressions.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\307294522547e006d4143b50563b601e\System.Web.Entity.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\69ff7708f54b69f814bc2e265f502e60\System.Web.Entity.Design.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\f92ae5b1af8c9322b3bb0b4c7feeb6f4\System.Web.DynamicData.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\4df71b8e8cccf25e12d3e6a9724422f0\System.Web.Abstractions.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\d14e8dab341099c3c904c48f5381c3ab\System.Transactions.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c359672c47e06dd96a3f2c03bc949b32\System.ServiceProcess.ni.dll
+ 2011-06-30 00:54 . 2011-06-30 00:54 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\6c5460f4c5edfe556c3d9194f76bc63f\System.Security.ni.dll
+ 2011-06-30 00:57 . 2011-06-30 00:57 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\e769eb6c7d25c790a5216b29d3390882\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\0054faeaf5b64f308598bba7ee65b88a\System.Net.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c4dfe8924aae06de9613e0c3d244cb4f\System.Messaging.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\415f0f87fa84dd9095beffdd5819371f\System.Management.Instrumentation.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\a8f0bdd1aab585938a3373ba0f35570f\System.IO.Log.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\bd4b34662002bffb6205d2e8ed31b9c2\System.IdentityModel.Selectors.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\67bc36180459e9d2c477531ab9148cd5\System.EnterpriseServices.Wrapper.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\ddaa31949a3d2ac6c1cd53c3fe2d5d3a\System.Drawing.Design.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\b963f3c0edcb9791885c77f150f3677a\System.DirectoryServices.Protocols.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\ae68b89a92899f1da1a0c71da4cc1308\System.Data.Services.Design.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\b6eab999f522ef3dbea7e56b05798b04\System.Data.DataSetExtensions.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\2fb58be231d04e2a67f052c276a370df\System.Configuration.Install.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\80fd7ff50b29008d9f4af138a63978cd\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\0265e1d48b426515afdd2d357afb6ad2\System.AddIn.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fc738e6c257a4851a220b9660688c25f\System.AddIn.Contract.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\7706a4ac4bf3f09a2d0b655e363fa401\sysglobl.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8c65c5a9ca8ad5a88409d9ca5d814584\SMSvcHost.ni.exe
+ 2011-07-03 00:04 . 2011-07-03 00:04 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\44097e9e53b2f5faee2d0911a195c82e\SMDiagnostics.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\deb643520e174015fd09c0dab9279ca3\PresentationFramework.Aero.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c3eeb1aa3a1e8e582da5195e7983e104\PresentationFramework.Classic.ni.dll
+ 2011-06-30 01:12 . 2011-06-30 01:12 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\be4edb1c3ac6609448097435b933d0b5\PresentationFramework.Luna.ni.dll
+ 2011-06-30 01:12 . 2011-06-30 01:12 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\69dcbaf67a76b0c4d1aa6e33649e181d\PresentationFramework.Royale.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\be9e7e007e58c151a31c669d9f878fbf\napsnap.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\5d836ee15fa6e9f7ca6c5bca1c35d322\napinit.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\644fd981e996dd2ba072cc6265a0b74b\naphlpr.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fe39885123be43ee8b6f4c1ca669d49b\napcrypt.ni.dll
+ 2011-07-01 07:50 . 2011-07-01 07:50 408064 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\43f13933ab0caa1ef7c4ffa105ace4fa\MyDock.Util.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\6298c1e446df0351c7eb8919ec361a1e\MSBuild.ni.exe
+ 2011-07-03 00:40 . 2011-07-03 00:40 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\d15abd3194e121fc6c33893485a5d3cb\MMCFxCommon.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\3f6ab7798b9dce2c54c929229334d142\Microsoft.WSMan.Management.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\224b5d0080345620aac5174aecde5030\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-07-01 07:51 . 2011-07-01 07:51 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\410ac36492ac709e2a150ee6595ef524\Microsoft.Vsa.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\01a69650d1730e64dd85a45722416882\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a2274f74b80c78d7c924f14fdfd033bc\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6014f7b8fde3123efef0a32530c7f8c3\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\54f4ea69afc1aff88d7a8493b8dc7403\Microsoft.PowerShell.Security.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\380066ddc26d93f79cd67c33fd6a2407\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f601126af95a950a148bebf3020aa60d\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f2c1900ae1fd1b68544cc4f50fff54df\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f1828233834551be3ef0959c38091ca8\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\eeaddc0d1829969f4849e2599f0b106e\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\23e507b7fb87a278b054f50409996dfb\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1cbb6b9711bed2da17ae866cf2f58c31\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\04b81e74cc96402e59800be2c13358f9\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\4b8e1c0cefc0fb7408b0cd53ad59f64c\Microsoft.ManagementConsole.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\57c4c775ec30bdc1a4bc7b1fde5bffaa\Microsoft.Build.Utilities.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\5721367c50a4f69e2424b0fb8ddb07df\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\748b8b1f294666450436cc174c0b0684\Microsoft.Build.Framework.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\4196ba1264bd52f324e01016716cbbe9\Microsoft.Build.Framework.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\129f69c94fbe7de330d465792327961f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\736323a581cc019ae2027f71dc496668\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\fd10e6e5cbc933db7091e359adbb5a8d\Mcx2Dvcs.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\c983ffc16d2a4c133374e320ae99e036\mcupdate.ni.exe
+ 2011-07-03 00:39 . 2011-07-03 00:39 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\dc1c9b9b8e58850cfad19410e9a76a8c\mcstoredb.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\a60a397f3ea1b9a37791908f17de50dd\mcplayerinterop.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\0b495203a00e614efac813678c1eb142\mcGlidHostObj.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\f9a390dc3802f704a0d36d5d83de0b4b\MCESidebarCtrl.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\d28d6c2e611892d34f7e28022777bde3\EventViewer.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\8c178b72fd144eea9200fc944e213938\ehRecObj.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\fb85aad5c54840d8c5a17ac30a2fdfd7\ehiWUapi.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\af6c550e9382dba858ca65bb220799ea\ehiwmp.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\244edb2f64f825975b8c70f34162e6a6\ehiUserXp.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\b37be197d70d359e864bfffcca28fdb9\ehiiTv.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\b538d9ee6bfc71d120550427ccbe9e9e\ehiExtens.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\ce8305e1973d5a65569d9757f5b59c29\ehiBmlDataCarousel.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\440bebddd70e03b2548635373ad2b666\ehiActivScp.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\6951a5a52a8f994991358e19f67bd308\ehExtHost.ni.exe
+ 2011-07-03 00:04 . 2011-07-03 00:04 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\54b8431ad8266cf79dcf30d12b436399\ehCIR.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\436b0b38f271b905950f054c548a5722\CustomMarshalers.ni.dll
+ 2011-07-01 09:52 . 2011-07-01 09:52 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\0ed0640f960a2b4404ae35871eb988e1\ComSvcConfig.ni.exe
+ 2011-07-01 07:50 . 2011-07-01 07:50 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\e64d49640c6ffe36a31fb82520d89d50\BDATunePIA.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\31ad20a342dffca6fae93d9d43951ee1\WsatConfig.ni.exe
+ 2011-07-02 04:15 . 2011-07-02 04:15 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\998b8981455eaf42b69f97bc7166ce93\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f459c2b4b1263729c23a5e01cc8f969e\WindowsLive.Writer.Api.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e8b31ee38e155cd35413fa2bf9bfd8d3\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e10a3cbe309711ce6af3a790ff4df06e\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d796d184a98ba34d27c293bf4fb3fb69\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a02b6f5f992055bc06e40bdf7bb5393b\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d2b74dfcfbbace3ebe1a0cd5108812b\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\99072d78c288d6863cb97230ca1e7e97\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9461d16c415bef24d73aa628181765ea\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83aa80c7da6d4383599fff2d37ade3f0\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71c74ec16f7b2b9e6f69aa384d4fe3b9\WindowsLive.Writer.Controls.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\13d2159051fd4b6e2bfc48cbb01eb206\WindowsLive.Writer.Interop.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f78adf808d0eb582befdbe0c54ce438\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d424135e304b233e4e2d8e69452592f\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0426b05aa6a173958743f2f820aee4f7\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\beb053135d37b25836908e3ac8a49fa3\WindowsLive.Client.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1bcaa4debc2e01c189b365947980990f\WindowsFormsIntegration.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6ce21406bbd011fe4116d704f351b42d\UIAutomationClient.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\c61cca52e5c9467d5ba9c7df0442fa6d\TaskScheduler.ni.dll
+ 2011-07-01 22:53 . 2011-07-01 22:53 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0f3ab06b15535837033db7010227daf4\System.Xml.Linq.ni.dll
+ 2011-07-01 22:53 . 2011-07-01 22:53 116736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Inte#\9068ae68455964f99a0ab863d3f9c354\System.Windows.Interactivity.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\81b792b325fb9f83a07e17d902fe8540\System.Web.Routing.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\e5645806a4474c0db94228fd3a0c7497\System.Web.RegularExpressions.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\32ea8accfe7c168027782b082f4717b9\System.Web.Extensions.Design.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4f60c6af2d644520b05ff84191b11af5\System.Web.Entity.ni.dll

 

[sick97]

continue 4

+ 2011-07-03 00:00 . 2011-07-03 00:00 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\02e3ea1e3b3a3b7d31ef89d89c174aca\System.Web.Entity.Design.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e49ec688e66b420898aff3266bbd0876\System.Web.DynamicData.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\19fac4943f3d22efa5c762c438c2dc68\System.Web.Abstractions.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\6a5e1084d24d779e937e405672fdfbfe\System.Transactions.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\551c00f9d0b0797e407a2ac38e466571\System.ServiceProcess.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\40774fb8d4f566dc977cc86ea651d477\System.Security.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\528b7057bfc6989352579e93c19f06d1\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0af36b5de27960f649fcd6fe6e95c03d\System.Runtime.Remoting.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\51dd363a441db0ee2df678e30386db4e\System.Net.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8f67c62599f3ffac34f44d2e19e8394d\System.Messaging.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\552fc73953452031df81da053ec801ff\System.Management.Instrumentation.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4fcb7a903f689da23a1f9a65961f9701\System.IO.Log.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\d3b09c2252ecdc93a9e06b5a5c562f89\System.IdentityModel.Selectors.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3675db4c02d762278716f4a32db61e15\System.EnterpriseServices.Wrapper.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3675db4c02d762278716f4a32db61e15\System.EnterpriseServices.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e98b55db5760408d891c5b9156a1cbf5\System.Drawing.Design.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cba11f24af8a59b67973f5b478d7a499\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\96dec91630a8c6a41db4b59a025bd360\System.DirectoryServices.Protocols.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1e516423097a88e13f1d1bcbd6bb85bf\System.Data.Services.Design.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c8dff7ab6e2f542b37a75612ef1bf1e5\System.Data.Entity.Design.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\210461545c0136309820c2476d70a62a\System.Data.DataSetExtensions.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\338f3c91a0bea33a07a4611d324bf73a\System.Configuration.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\477e5759f38ff8045a525e4f65282c3c\System.Configuration.Install.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\f61bb4421b3d4545303d47191358e3e5\System.AddIn.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\88f0efe11487b846342fdee227f3da52\sysglobl.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\ff925a8127595ab053e54e2481cb3526\SMSvcHost.ni.exe
+ 2011-07-02 04:15 . 2011-07-02 04:15 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\534757a2695ab900ff1921032b0863c5\SMDiagnostics.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f18b8b0d2846778efec2a42741f623b7\PresentationFramework.Classic.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c07b2a2317af8b0ead5b1045e74e3320\PresentationFramework.Royale.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a0afd596da13c708d04b0a2dd1490036\PresentationFramework.Aero.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8f5a580c0372ab196f2b404c59882be0\PresentationFramework.Luna.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\7b5d2c4f49b2415281d738e896778734\napsnap.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c5ede4bb8ede087e0e4ce401358b42c3\napinit.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\8fcb3f856afb930c5add8498cadb4d13\naphlpr.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\783e11907472877070ceb7820a125512\MSBuild.ni.exe
+ 2011-07-02 23:58 . 2011-07-02 23:58 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\2b42b04f8dde5fd8e008c3084ff80c2f\MMCFxCommon.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a64ab3d7e403bbbd26de3202106b5d3a\Microsoft.WSMan.Management.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 467456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\05dfc5cf4835f693504ca10d490976ba\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\51fe11fc2fd81d4f3df009b098b645c4\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e83d1808a39e0129749abeab9f89687c\Microsoft.PowerShell.Security.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83f35c3b66cbd36cc63ad95561ac610b\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f2845a44b9abb9568ccec9338fe23a3\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\37b9c3137948a043b9ed4d9d3d62aee6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0612100a15c4cfcaf35fe00eca2ea6a7\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\3b336e36c177aa59749f6378c578e140\Microsoft.ManagementConsole.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4066934bbe283927ab0502e8723ae14e\Microsoft.Build.Utilities.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\03aded755dc822b9f8d5d883f1e0e18b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ca546bfd181c70770764a0e6eae5a005\Microsoft.Build.Engine.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c0542400dc1f8acfbe29a05604e6e5a1\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\7e474ec610c2ab682b82a46f5aafdc33\mcstoredb.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\7b27a717cd4bd5ed95545155fea0a408\log4net.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\e3a7c0c1f35faf9e1ea168bf54647c9d\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2011-07-01 22:53 . 2011-07-01 22:53 955392 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\41f7ac7251bc7cc066a9691edbe91784\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 801792 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\669b874b7a04377892975a20c4608a15\Infragistics2.Shared.v8.2.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\f637586cfb242e2af9ac9cb0d90dda13\EventViewer.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\1d704d97bea4784ee64f4535271c9fd2\ehRecObj.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\85464949c28a523e3b6cf24679a9776c\ehiVidCtl.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\2ddabd185f08f72237aaa70edaffa6cc\ehiProxy.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\536082f3ff1f0f6fcd7bd58878098071\ehiExtens.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\01f4c29f8bcf39a1a012ab500948651b\ehExtHost32.ni.exe
+ 2011-07-02 04:16 . 2011-07-02 04:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\64fe874556b259fcae00979f071a72e8\ComSvcConfig.ni.exe
+ 2011-07-01 00:36 . 2011-07-01 00:36 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\a6b566bd17c0d4f4e3eb5ab82b5ff9b1\BDATunePIA.ni.dll
+ 2011-08-03 23:23 . 2011-08-03 23:23 288608 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization\2.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.dll
- 2009-07-13 23:40 . 2009-07-14 01:40 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll
+ 2011-05-01 00:50 . 2011-03-04 06:19 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll
- 2011-03-01 00:44 . 2010-11-20 13:25 350208 c:\windows\AppPatch\AppPatch64\AcLayers.dll
+ 2011-05-01 00:50 . 2011-03-04 06:19 350208 c:\windows\AppPatch\AppPatch64\AcLayers.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 1102336 c:\windows\SysWOW64\urlmon.dll
+ 2011-06-17 23:07 . 2011-04-22 23:30 1102336 c:\windows\SysWOW64\urlmon.dll
+ 2011-06-28 23:45 . 2011-05-04 04:34 1549312 c:\windows\SysWOW64\tquery.dll
+ 2011-05-10 21:06 . 2011-04-09 06:02 3912576 c:\windows\SysWOW64\ntoskrnl.exe
+ 2011-05-10 21:06 . 2011-04-09 06:02 3967872 c:\windows\SysWOW64\ntkrnlpa.exe
- 2011-03-01 00:44 . 2010-11-20 12:19 1401344 c:\windows\SysWOW64\mssrch.dll
+ 2011-06-28 23:45 . 2011-05-04 04:32 1401344 c:\windows\SysWOW64\mssrch.dll
+ 2011-05-25 17:20 . 2011-05-25 17:20 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 1797632 c:\windows\SysWOW64\jscript9.dll
+ 2011-06-17 23:07 . 2011-04-22 23:35 1797632 c:\windows\SysWOW64\jscript9.dll
+ 2011-06-17 23:07 . 2011-04-22 23:26 1785344 c:\windows\SysWOW64\iertutil.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 1785344 c:\windows\SysWOW64\iertutil.dll
+ 2011-06-17 23:07 . 2011-04-22 23:32 9703936 c:\windows\SysWOW64\ieframe.dll
- 2011-03-01 00:44 . 2010-11-20 12:17 2616320 c:\windows\SysWOW64\explorer.exe
+ 2011-05-01 00:50 . 2011-02-25 05:30 2616320 c:\windows\SysWOW64\explorer.exe
+ 2011-05-01 00:50 . 2011-03-11 05:33 1699328 c:\windows\SysWOW64\esent.dll
+ 2011-07-15 01:49 . 2011-07-15 01:49 1000000 c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\Search Enhancement Pack\Search Box Extension\searchhs.dat
+ 2011-05-01 00:49 . 2011-03-12 12:08 1465344 c:\windows\system32\XpsPrint.dll
- 2011-02-23 01:09 . 2011-01-07 12:17 1465344 c:\windows\system32\XpsPrint.dll
+ 2011-06-17 23:07 . 2011-04-23 01:23 1344000 c:\windows\system32\urlmon.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 1344000 c:\windows\system32\urlmon.dll
+ 2011-06-28 23:45 . 2011-05-04 05:25 2315776 c:\windows\system32\tquery.dll
+ 2011-05-10 21:06 . 2011-04-09 07:02 5562240 c:\windows\system32\ntoskrnl.exe
- 2011-03-01 00:45 . 2010-11-20 13:27 2223616 c:\windows\system32\mssrch.dll
+ 2011-06-28 23:45 . 2011-05-04 05:22 2223616 c:\windows\system32\mssrch.dll
+ 2011-07-14 01:26 . 2011-05-14 07:20 1162752 c:\windows\system32\kernel32.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 2303488 c:\windows\system32\jscript9.dll
+ 2011-06-17 23:07 . 2011-04-23 01:29 2303488 c:\windows\system32\jscript9.dll
+ 2011-06-17 23:07 . 2011-04-23 01:19 2136064 c:\windows\system32\iertutil.dll
- 2011-04-06 03:01 . 2011-04-06 03:01 2136064 c:\windows\system32\iertutil.dll
+ 2011-05-01 00:50 . 2011-03-11 06:33 2565632 c:\windows\system32\esent.dll
- 2011-03-01 00:45 . 2010-11-20 13:26 2565632 c:\windows\system32\esent.dll
+ 2011-02-16 22:23 . 2011-02-16 22:23 1721576 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_ed29477b60e43669\WdfCoInstaller01009.dll
+ 2011-06-17 00:55 . 2011-04-25 05:33 1923968 c:\windows\system32\drivers\tcpip.sys
- 2011-03-01 00:45 . 2010-11-20 13:33 1659776 c:\windows\system32\drivers\ntfs.sys
+ 2011-05-01 00:50 . 2011-03-11 06:41 1659776 c:\windows\system32\drivers\ntfs.sys
+ 2009-07-14 04:45 . 2011-07-16 23:30 7038456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-30 18:01 7038456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-15 05:17 . 2011-08-03 23:32 9730328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-01 01:36 . 2011-07-03 21:55 6191984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2445394396-189493613-16335978-501-8192.dat
+ 2010-12-07 06:13 . 2011-07-18 04:36 9481042 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2445394396-189493613-16335978-1001-4096.dat
+ 2010-12-13 07:51 . 2011-08-04 04:25 4447856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2445394396-189493613-16335978-1001-12288.dat
+ 2010-12-27 03:39 . 2011-08-02 23:53 2179044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
- 2011-02-10 09:15 . 2011-02-10 09:15 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1513816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
- 2011-02-10 09:15 . 2011-02-10 09:15 1513816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1525064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2011-03-01 00:44 . 2010-11-05 01:57 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-03-01 00:46 . 2010-11-05 01:57 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-06-28 03:21 . 2011-01-27 23:33 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 9992528 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- 2011-04-15 03:30 . 2011-02-07 23:32 9992528 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-04-15 03:30 . 2011-02-07 23:32 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-04-15 03:30 . 2011-02-07 23:32 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2011-04-15 03:30 . 2011-02-07 23:32 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
- 2011-02-10 08:10 . 2011-02-10 08:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-02-10 08:10 . 2011-02-10 08:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-03-01 00:44 . 2010-11-05 01:58 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-01 00:46 . 2010-11-05 01:58 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-06-28 03:21 . 2011-01-27 23:35 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-04-15 03:30 . 2011-02-07 23:34 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-04-15 03:30 . 2011-02-07 23:34 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-04-15 03:33 . 2011-04-15 03:33 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-28 23:51 . 2011-06-28 23:51 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-04-15 03:32 . 2011-04-15 03:32 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-06-28 23:50 . 2011-06-28 23:50 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2009-11-06 19:14 . 2009-11-06 19:14 3127296 c:\windows\Installer\fe623.msi
+ 2011-05-01 00:56 . 2011-05-01 00:56 1402880 c:\windows\Installer\e6682.msi
+ 2011-06-04 01:24 . 2011-06-04 01:24 8737280 c:\windows\Installer\b6fafb.msi
+ 2011-03-09 19:31 . 2011-03-09 19:31 1090048 c:\windows\Installer\af12b56.msi
+ 2011-05-16 22:16 . 2011-05-16 22:16 2836992 c:\windows\Installer\9d8c43.msi
+ 2011-05-06 02:51 . 2011-05-06 02:51 3371008 c:\windows\Installer\8dab04.msi
+ 2011-01-15 13:46 . 2011-01-15 13:46 2049536 c:\windows\Installer\5eb6b.msi
+ 2011-06-21 16:01 . 2011-06-21 16:01 4991488 c:\windows\Installer\5381dfb.msp
+ 2011-04-29 16:31 . 2011-04-29 16:31 9006080 c:\windows\Installer\52f13.msp
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\52efd.msp
+ 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\52ed1.msp
+ 2011-04-16 12:44 . 2011-04-16 12:44 2770944 c:\windows\Installer\52ebc.msi
+ 2011-04-16 04:14 . 2011-04-16 04:14 3186176 c:\windows\Installer\52eb1.msi
+ 2009-10-19 16:35 . 2009-10-19 16:35 1583104 c:\windows\Installer\509743e.msi
+ 2009-10-07 08:50 . 2009-10-07 08:50 2475520 c:\windows\Installer\509743a.msi
+ 2009-10-07 08:50 . 2009-10-07 08:50 1101824 c:\windows\Installer\5097434.msi
+ 2011-03-25 13:16 . 2011-03-25 13:16 5135872 c:\windows\Installer\50016.msp
+ 2011-05-15 16:49 . 2011-05-15 16:49 2840576 c:\windows\Installer\4801648.msi
+ 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\3768024.msp
+ 2011-04-28 09:42 . 2011-04-28 09:42 4990976 c:\windows\Installer\376800e.msp
- 2010-09-15 23:47 . 2011-04-15 03:41 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-09-15 23:47 . 2011-04-15 03:41 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-15 23:47 . 2011-07-15 01:36 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-05-01 00:50 . 2011-02-25 06:19 2871808 c:\windows\explorer.exe
+ 2011-07-03 00:44 . 2011-07-03 00:44 5176320 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\b85182fc8cb6b68aa8d5895b2dcf50fb\WindowsBase.ni.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\fc0f6caeac4b62e4453a981e8dd9e992\UIAutomationClientsideProviders.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 7038976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\40018241d849ad878f76dcbb22d5fc12\System.Xml.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 2447360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3cb1b81e1d90af2a7cc6bd2d4e41fd9e\System.Xaml.ni.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 5627392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\9d393c8287d436c1ea11ef2ca2a755ac\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 2222592 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\ed8b807859c169bbb7543c43baa3c46f\System.Web.Services.ni.dll
+ 2011-07-03 02:52 . 2011-07-03 02:52 2733568 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\a129d574137f4829ef3a6eacee64094d\System.Speech.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 1904640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8db9c29aee38fc9934549ad6bf59f0d3\System.ServiceModel.Activities.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 1561600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\0e6ba2c11ddf0405b6c7066a345f7f15\System.ServiceModel.Discovery.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 3404288 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\11a7b044d8ed163b690a74486484e08f\System.Runtime.Serialization.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 1346560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\abf0cf0b488e39c97d961cd40978e514\System.Runtime.DurableInstancing.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 1422336 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\cbff165d2eee7f23b284f6830fd267c2\System.Printing.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2b81b61ad1b36207e49962f22658d6ef\System.Management.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\f192d95372b472643187607ef7a55117\System.IdentityModel.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 1096704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\c22b41c9c0a31a087d16689ac0889607\System.EnterpriseServices.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0d248e7219f87d2a3853f8a1d425965a\System.Drawing.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 1622016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\49467224883b56bb7f006c307dbfeb65\System.DirectoryServices.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\2637c192d310b158dd6d00dbfe8a49f0\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 2400256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\991208daf29872f43e6684f5c6f100e3\System.Deployment.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 8580608 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\e4bc4fb58d9830daa0b8e7e031d3e2ae\System.Data.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 3386880

 

[sick97]

continue 5

c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\80c2fb68f224322ea14229a75dd4975c\System.Data.SqlXml.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 1791488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\8539eeead63ef32bd938a66589c0816b\System.Data.Services.Client.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 3380736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\36b03e7d976b707f3c8eef3fbe0e469a\System.Data.Linq.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 1255424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\e06823dc3b60e2b55981f6d74ee9d9e1\System.Configuration.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 1002496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a2ed1733acb5793b7f6e00d706e7ae1f\System.ComponentModel.Composition.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 5680640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\803b90bb06cdd2834f5be8aa194c8bb5\System.Activities.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 4887040 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\e2d47e53e4ca392fa98d5e23e69827a8\System.Activities.Presentation.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 2005504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\2273e9b1f9f04cf906d31ab17f24c279\System.Activities.Core.Presentation.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 4127232 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\65847157601a8f77b6e9415eb38d2192\ReachFramework.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 2032128 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\3275a80a6a180597640f877b30a44395\PresentationUI.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\d719ea7ff4729771fd367b5da217e474\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b42ecbfe8bc489110fa0aaa1ef379dc2\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 2314752 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\744d38da96091b44ff26a966425f247d\Microsoft.VisualBasic.ni.dll
+ 2011-07-03 00:44 . 2011-07-03 00:44 1510400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\bcace9b4169e7ec28c0c73ed55df0639\Microsoft.Transactions.Bridge.ni.dll
+ 2011-07-03 02:51 . 2011-07-03 02:51 3312128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4351bfa190b7948085e361e0447a9eb8\Microsoft.JScript.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 2009088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\882e595affe5d439ca4bb68d671f8fb9\Microsoft.CSharp.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2b22ef03091f893f5b381514149a472b\UIAutomationClientsideProviders.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\de9ec945d6cdd90010c824320e8bc332\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\11a89b103320d603c0bfa48179c3fe1d\System.Speech.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e492bb75168cc53d57c2dd5e32e9911c\System.ServiceModel.Activities.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b66a8b2c0b8c12540831b41c92bede12\System.ServiceModel.Discovery.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\39c3d706f0fbc21443c7747f203b0b34\System.Printing.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\02c1363d5beb2ae5c5722bc8f6c5b77a\System.IdentityModel.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\66c88143bc4b9f4a744b6d65e2c3629a\System.DirectoryServices.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\03ca38b342903b50623336b29aa507c9\System.Deployment.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-06-28 23:55 . 2011-06-28 23:55 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0e629bbc4ccd76e072189ccbc9d7903f\System.Data.Services.Client.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\4d3a20f0598b5da0ebf9e505b51886b9\System.Activities.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\e4566f552e3bda84571e04a7e5d1c41f\System.Activities.Presentation.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\236373716dcb48f5687dd6997559a425\System.Activities.Core.Presentation.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\48530a5ad6ec27254cde667e02d3f198\ReachFramework.ni.dll
+ 2011-07-03 00:01 . 2011-07-03 00:01 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5dcab8576a5e02d7264bfeed28ce69b9\PresentationUI.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\dcc02014610a0955ea2696b29f00abea\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b4879bc20d7a718dcb51f0419721e5e5\Microsoft.VisualBasic.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\aff7d215dd130cd94c54784c2df60e95\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\156733cb276aff562e0c39d8b4fde1c6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
+ 2011-06-28 23:54 . 2011-06-28 23:54 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
+ 2011-06-30 00:54 . 2011-06-30 00:54 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\702e190b551f102fabe21f1e846b34fc\WindowsBase.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\ace52baf96b4b4b5a9de2aeb4a681913\UIAutomationClientsideProviders.ni.dll
+ 2011-07-03 00:32 . 2011-07-03 00:32 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7732.tmp\ehiProxy.dll
+ 2011-06-30 00:54 . 2011-06-30 00:54 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\d4603249dcfcbf67be6ce7ce58aa6b0a\System.Xml.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\64e4b2441328d658767fd1519c31040a\System.WorkflowServices.ni.dll
+ 2011-06-30 01:12 . 2011-06-30 01:12 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\cc21a665fe6bbf823f0ba744ff0438f4\System.Workflow.Runtime.ni.dll
+ 2011-06-30 01:12 . 2011-06-30 01:12 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\57d605c6f3936faef42b06545508b0a2\System.Workflow.ComponentModel.ni.dll
+ 2011-06-30 01:12 . 2011-06-30 01:12 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\2c3a9575245d0d5f8073c548948ea584\System.Workflow.Activities.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\9569179c00c93cb4b2b63f9f87267b23\System.Web.Services.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\6141bbc335c0fd8aafbd032419da8f36\System.Web.Mobile.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\80107399f60f0a8a64fc42f03a50310d\System.Web.Extensions.Design.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 3042304 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\51ea8c32b10bb295a37ee762099aa88c\System.Web.Extensions.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\aeb98f64516ab24d5d2b17bf00df55c9\System.Speech.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\7a7288b3b6d327794f9c3a269ac09479\System.ServiceModel.Web.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\003b0b8c508af77aa80b94450c25eb55\System.Runtime.Serialization.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\b1346a375e5314546ec6fa497aff686f\System.Runtime.Remoting.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\a9da2e3a197f22cb6535e6af1aa5a51a\System.Printing.ni.dll
+ 2011-07-01 07:50 . 2011-07-01 07:50 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\b56f77e663f818d38e0fe698db8b0a6f\System.Management.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\f71c7c86bd358cdb95f8148286a8c32c\System.IdentityModel.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\67bc36180459e9d2c477531ab9148cd5\System.EnterpriseServices.ni.dll
+ 2011-06-30 00:56 . 2011-06-30 00:56 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\2060ac01c39917d8d05af502f0a849ab\System.Drawing.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\4bdad37839c6cbaf01b5678087da774e\System.DirectoryServices.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\301c8b61b460473c200914260bd50a73\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-30 00:56 . 2011-06-30 00:56 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\16ea48e472f630d9834f03bd962fbc00\System.Deployment.ni.dll
+ 2011-06-30 01:10 . 2011-06-30 01:10 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\89740d10373549ed2bfa86144a4486a9\System.Data.ni.dll
+ 2011-06-30 00:54 . 2011-06-30 00:54 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\28d930471866ec24600b316f305481b7\System.Data.SqlXml.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\5669638336db58f50408cfc593a62735\System.Data.Services.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\859efdf319a346615964d6b9568e6ac3\System.Data.Services.Client.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\4e3e6f19e5492d5f5af6dd9ab2bfa439\System.Data.OracleClient.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\454e5dd28c7956ec9ab80fa379255152\System.Data.Linq.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\003435e7deffa2fd3ed7eedae58f019b\System.Data.Entity.Design.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\2ceffd40923b6fdf15172d76d0ad6c8a\System.Core.ni.dll
+ 2011-06-30 00:54 . 2011-06-30 00:54 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\9d5244b5f143731480f9ff2aecc47f22\System.Configuration.ni.dll
+ 2011-06-30 01:09 . 2011-06-30 01:09 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\6ddca7bcaab54699a65e14884ff71fa4\ReachFramework.ni.dll
+ 2011-06-30 01:09 . 2011-06-30 01:09 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\dc1ea97961361928310da3a30085a9f8\PresentationUI.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\73c270396e5fe5b7803cd602fc1153ee\PresentationBuildTasks.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\454d532b46834201be89fca38695ac3d\Narrator.ni.exe
+ 2011-07-03 00:41 . 2011-07-03 00:41 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\3ea556538b5cfa047f7b2b6c19ae8d2a\MMCEx.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2ab4a172dbbfe51bf84ea83669cbd211\MIGUIControls.ni.dll
+ 2011-07-01 07:51 . 2011-07-01 07:51 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\90213754f260fc598787aa94ea25d8f7\Microsoft.VisualBasic.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\e126853ca387cb6cf3898b8c36f139f9\Microsoft.Transactions.Bridge.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ebf2b2ef85d50ad6929708ae7b276336\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a9862c7bd03baafafdd896d20cf5d6c2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6564d09cb281657fa56c41b0a77c2198\Microsoft.PowerShell.Editor.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\625607a5a38ab6be2cd695cfe8a963fc\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7fc76792a11cbdcc58158ddfb6dd7d94\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7230de02f20cb24d336d9bd136d04764\Microsoft.MediaCenter.UI.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\2afb118bb9bcf44e6d17dfa9a586997b\Microsoft.MediaCenter.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\26661284b52f60751ea7c39604c603a4\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1e25d6c7e38d6db85dfe27c0b9fa6ce4\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2011-07-01 07:51 . 2011-07-01 07:51 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\f1c7f469ae929fff23d65ae8c69274cf\Microsoft.JScript.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\8729750c719539cbc872c534dfce4355\Microsoft.Ink.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\43e482dcdea91bf527d483303dfc7ed8\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\16ac496397cbcdff214dc890dadb0ce3\Microsoft.Build.Tasks.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\da8ea85e8256b4a2eff9de7beb772a70\Microsoft.Build.Engine.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8177b5671919bb111c5684aba5075638\Microsoft.Build.Engine.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\91413473d1457c94baa1b744826071d6\mcstore.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\6a24e47d6a6f9d8748e9686ad28147fc\mcepg.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\864ef3de707640f5a889efc4425e5c40\ehiVidCtl.ni.dll
+ 2011-07-03 00:39 . 2011-07-03 00:39 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\60b7bccb6de4c8d42f2eaf1d0e7a9216\ehiProxy.ni.dll
+ 2011-07-01 07:50 . 2011-07-01 07:50 3434496 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\2d3a3ac41238e2678e39a12e081282c5\DellDock.ni.exe
+ 2011-07-02 04:14 . 2011-07-02 04:14 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d05248601a2662aa42c725e0caca92dc\WindowsLive.Writer.Localization.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac9227bf87581c18ace13ef048007588\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fd7a75349f350591667c47ad99c2f1e\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-07-02 04:14 . 2011-07-02 04:14 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\278b21c96dac020498d5ebe3990d8a2e\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\40404dbd013b0ca1e41ab7e57274308b\WindowsBase.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c18d2819dbc5295ff001579a34afe51a\UIAutomationClientsideProviders.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 4170752 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\ddf6ac45d282199bbde4dbdbca61da5a\ttax.ni.dll
+ 2011-07-01 22:53 . 2011-07-01 22:53 3446272 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\636a778efd9ca2ce565db5a3eb66442c\ttax.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\acbc57d41499fbc2b99194148786c677\System.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c68401de935c813374253d4fc2a18f6a\System.Xml.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\19b53cc4df37ad4696360d8f6497717c\System.WorkflowServices.ni.dll
+ 2011-06-30 01:08 . 2011-06-30 01:08 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\8211e255eaa369f4af8e13adee04c281\System.Workflow.Runtime.ni.dll
+ 2011-06-30 01:08 . 2011-06-30 01:08 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2b946554fba3b9fa4f018823eb0464ac\System.Workflow.ComponentModel.ni.dll
+ 2011-06-30 01:08 . 2011-06-30 01:08 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\72de5ec3287504ba7cbd9e67d2c7c888\System.Workflow.Activities.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\daa5b145b1426864b14dc86bf396b29c\System.Web.Services.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3368235620da4ec6c9c4c11ac8435cd5\System.Web.Mobile.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d5019e956e116fe6bd909cc290afa0d8\System.Web.Extensions.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\c20aa67bec34151a25fdd85fc65d7281\System.Speech.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0b658143d738fe50f20093c5ad57ac85\System.ServiceModel.Web.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9826d7d4f1c3cfe54283641e4f00abb2\System.Runtime.Serialization.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0ba31d658a159f964fc8405decfb92e3\System.Printing.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19dd71517d9abd4dc5c8b628a7d31f60\System.Management.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\2e93d80c358c78c657fe663cbba981ed\System.Management.Automation.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\31f6060e854d0eb527db175f9b8a2718\System.IdentityModel.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c8aa11ee6789d0f3f5542747aad7a2e4\System.Drawing.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a790535d807c157e05439729a2bfcfb1\System.DirectoryServices.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\8b75494dcd3f9c339e26896465d34a04\System.Deployment.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\cd66dfe3ae1549d8b6c5e4fa2f413dee\System.Data.ni.dll
+ 2011-06-30 01:04 . 2011-06-30 01:04 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e26566dfac63de40d91636fb5a6c9135\System.Data.SqlXml.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\01aefbc93c753c194211d7593de24392\System.Data.Services.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\fba36ad8bc16c4552ad9690574921641\System.Data.Services.Client.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\34b967d668d44be6ec7a05cbf91eb9a6\System.Data.OracleClient.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\5917898bb1ba46692766a0ab25a28a16\System.Data.Linq.ni.dll
+ 2011-07-03 00:00 . 2011-07-03 00:00 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\7b21afcbf2b3118d7402238962dec0ad\System.Data.Entity.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\243bd5a8b17896967384745d0c441ab7\System.Core.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\546a9df407f0515e1d7b9178e27d3ff9\ReachFramework.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\1fff252decab674a91d0d642ae74c1fc\PresentationUI.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\041aa19c99a322abd2ecfca9f50ea1fb\PresentationBuildTasks.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\411ca9755725f67338b5690aca6c5be6\Narrator.ni.exe
+ 2011-07-02 23:59 . 2011-07-02 23:59 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e960c00cf3851e4f2e478935322361cc\MMCEx.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\6f709211832043d07818a9d60e26521d\MIGUIControls.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\09915f4b2c72f7177d037c90be074ea4\Microsoft.VisualBasic.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\158870318e0633412d91ef0df392acbe\Microsoft.Transactions.Bridge.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9dc0a5aa738cf46963b2799dd09994a0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\471ba78014348be3b45790ee33e51660\Microsoft.PowerShell.Editor.ni.dll
+ 2011-07-02 23:59 . 2011-07-02 23:59 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0023aa9c9e2095de93d5e30d5c887e11\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\30f6eccbe8b1e9c2a7e45c2a6dc973a1\Microsoft.MediaCenter.ni.dll
+ 2011-07-02 04:16 . 2011-07-02 04:16 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\00cad5188545c2d2d6d60136d3ab3514\Microsoft.MediaCenter.UI.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1b78873b52a9db6847c3a63f9eda9d84\Microsoft.JScript.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\6eaed6bd3f727c37ede6d639d9705382\Microsoft.Ink.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\faa1b94d80284daea8c1999a48cde048\Microsoft.Build.Tasks.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5b982588218f0a7d3909aab90d17e5ec\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\29d58c69e463b27108a973f40b334d6d\Microsoft.Build.Engine.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\bff3f8c2f644f0585c34e10b38b67780\mcstore.ni.dll
+ 2011-07-02 23:58 . 2011-07-02 23:58 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\9073f473fd897fa4e91b4cdd8a8a8a15\mcepg.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\e07a02e972eaccafdbab7d62341e009f\Intuit.Ctg.Map.ni.dll
+ 2011-07-01 22:53 . 2011-07-01 22:53 1555456 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\549552ff829435eec4ac5b0b0dbf3bf4\Intuit.Ctg.Map.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 2598400 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\8b3b2582ed8c3ba68a74524256e8479f\Infragistics2.Win.Misc.v8.2.ni.dll
+ 2011-06-28 03:21 . 2011-01-27 23:35 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-03-01 00:46 . 2010-11-05 01:58 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-03-01 00:44 . 2010-11-05 01:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-28 03:21 . 2011-03-29 22:32 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-04-15 03:30 . 2011-02-07 23:32 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-04-15 03:30 . 2011-02-07 23:34 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-28 03:21 . 2011-03-29 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-09 22:55 . 2011-04-09 22:55 13642904 c:\windows\SysWOW64\xlivefnt.dll
+ 2011-04-09 22:55 . 2011-04-09 22:55 15453336 c:\windows\SysWOW64\xlive.dll
+ 2011-06-17 23:07 . 2011-04-22 23:36 12269056 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-07-15 01:43 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-04-28 00:29 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-06-17 23:07 . 2011-04-23 01:37 17773568 c:\windows\system32\mshtml.dll
+ 2010-09-15 00:07 . 2011-07-15 01:36 50867144 c:\windows\system32\MRT.exe
+ 2011-06-17 23:07 . 2011-04-23 01:27 10885632 c:\windows\system32\ieframe.dll
+ 2010-10-04 05:05 . 2011-08-11 00:35 25785517 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2445394396-189493613-16335978-1001-8192.dat
+ 2011-05-06 02:51 . 2011-05-06 02:51 21598208 c:\windows\Installer\8dab09.msi
+ 2011-07-16 22:18 . 2011-07-16 22:18 25818112 c:\windows\Installer\7cbdc5.msi
+ 2011-06-07 20:02 . 2011-06-07 20:02 21992960 c:\windows\Installer\7cbd89.msi
+ 2011-04-22 23:41 . 2011-04-22 23:41 11507712 c:\windows\Installer\5ad36bf.msp
+ 2011-06-17 23:05 . 2011-06-17 23:05 20333056 c:\windows\Installer\52edc.msp
+ 2011-04-13 15:48 . 2011-04-13 15:48 35326464 c:\windows\Installer\5002c.msp
+ 2011-05-15 16:49 . 2011-05-15 16:49 18428416 c:\windows\Installer\4801639.msi
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\36d22.msp
+ 2011-06-28 23:53 . 2011-06-28 23:53 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a99116941c69e4c693518d57b8c2a861\System.ni.dll
+ 2011-07-03 00:52 . 2011-07-03 00:52 17288192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\ddee14aa45752907499bd27e0d8915b4\System.Windows.Forms.ni.dll

 

[sick97]

continue 6

+ 2011-07-03 02:51 . 2011-07-03 02:51 24483840 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\2dbeb0d8155771a760efb0a97f139666\System.ServiceModel.ni.dll
+ 2011-07-03 02:50 . 2011-07-03 02:50 18434048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\5a3b90fdffe37b03bb5046c34c7ee8e3\System.Data.Entity.ni.dll
+ 2011-07-03 00:43 . 2011-07-03 00:43 10422272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\4b36fd10cf0f43bf947b63e4cc7f0ba5\System.Core.ni.dll
+ 2011-07-03 00:51 . 2011-07-03 00:51 23242240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\7c15f0bf45ad9ac59ffb5e225ca82f82\PresentationFramework.ni.dll
+ 2011-07-03 00:50 . 2011-07-03 00:50 15102976 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\5977bc366d13d0891536acdbdea28c67\PresentationCore.ni.dll
+ 2011-06-28 23:52 . 2011-06-28 23:52 19352064 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\086515902736035517c63126be04a3f4\mscorlib.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
+ 2011-07-03 00:03 . 2011-07-03 00:03 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-07-03 00:02 . 2011-07-03 00:02 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\978e8514751373383f79c3fdd667aa2b\System.Data.Entity.ni.dll
+ 2011-06-28 23:57 . 2011-06-28 23:57 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
+ 2011-06-28 23:56 . 2011-06-28 23:56 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
+ 2011-06-28 23:53 . 2011-06-28 23:53 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
+ 2011-06-30 00:54 . 2011-06-30 00:54 10618368 c:\windows\assembly\NativeImages_v2.0.50727_64\System\9acc9e2726b783f5c96a5913d7ed52be\System.ni.dll
+ 2011-06-30 00:57 . 2011-06-30 00:57 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\7e26f8cdc96e89e412ebaa2763573a6d\System.Windows.Forms.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 15249408 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\41e4619a86f9e97ddc47bdbd2c9308cb\System.Web.ni.dll
+ 2011-07-03 00:04 . 2011-07-03 00:04 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\d598273f8f5af6012c88f68e1ce26f8d\System.ServiceModel.ni.dll
+ 2011-07-03 00:41 . 2011-07-03 00:41 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\8ad121d0849dd28234984ad45fcb1e1e\System.Management.Automation.ni.dll
+ 2011-06-30 01:11 . 2011-06-30 01:11 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\e485464f1d6d3e437d32a497414d519e\System.Design.ni.dll
+ 2011-07-03 00:42 . 2011-07-03 00:42 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\de6f9766cf59a0ebe3291067eda33ad1\System.Data.Entity.ni.dll
+ 2011-06-30 01:09 . 2011-06-30 01:09 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\acb60bf3d6672f3f3abbfda305d02e5e\PresentationFramework.ni.dll
+ 2011-06-30 00:55 . 2011-06-30 00:55 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1607124764f1e5b9863eafc7015f6514\PresentationCore.ni.dll
+ 2011-06-30 00:53 . 2011-06-30 00:53 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\8f7abb6f7384aad8fc43659820726eab\mscorlib.ni.dll
+ 2011-07-01 07:51 . 2011-07-01 07:51 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\d5f9dbfdae00bcd27a1aede3388f52c7\MenuSkinning.ni.dll
+ 2011-07-03 00:40 . 2011-07-03 00:40 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\971942a7ccf833eee3dff7fc9bd5e73d\ehshell.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a9f6cfa4eb1436ff770995822f10e227\System.Windows.Forms.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1d96b1ef408e2b5a2aa8de007b822aa3\System.Web.ni.dll
+ 2011-07-02 04:15 . 2011-07-02 04:15 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d00e249127ec103ce0e18ad5712ad873\System.ServiceModel.ni.dll
+ 2011-06-30 01:07 . 2011-06-30 01:07 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\74c3ed820c4190c536c86c1664c8dfed\System.Design.ni.dll
+ 2011-06-30 01:06 . 2011-06-30 01:06 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0018b6bfd1d96454aa8fb698d0ea51a1\PresentationFramework.ni.dll
+ 2011-06-30 01:05 . 2011-06-30 01:05 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\173e012cca07a9b7151c574585a4ca9e\PresentationCore.ni.dll
+ 2011-06-30 01:03 . 2011-06-30 01:03 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
+ 2011-07-01 22:52 . 2011-07-01 22:52 10336256 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\29546d8417358d79d61521ff3bcd9bd9\Infragistics2.Win.v8.2.ni.dll
+ 2011-07-16 21:50 . 2011-07-16 21:50 127664128 c:\windows\Installer\67150c.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
.
c:\users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-10 79360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys [x]
R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys [x]
R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-09-10 79360]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110809.030\IDSvia64.sys [2011-08-02 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-09-17 1251840]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 23:10]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 23:10]
.
2011-07-31 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-08-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
FF - ProfilePath - c:\users\SN\AppData\Roaming\Mozilla\Firefox\Profiles\eaw4v9my.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59,
dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,
dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b,
e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2f,02,76,6c,91,42,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-08-10 20:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-11 00:59
ComboFix2.txt 2011-04-30 20:04
.
Pre-Run: 223,879,831,552 bytes free
Post-Run: 223,563,218,944 bytes free
.
- - End Of File - - E08484D975B0B64BCD9139B4B32551F8

 

[sick97]

rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/10/2011 at 21:11:52.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 08/10/2011 at 21:12:49.


-------

2nd scan of combofix after rkill is also pretty large. can i just attach the text file?

Thanks

 

[Broni]

No need.

How is redirection?

 

[sick97]

update

No redirection yet. only few files were deleted during the scan. i am assuming everything is gone.

Thanks for your help.

 

[Broni]

Good

We need to run couple more checks...

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[sick97]

OTL Part1

OTL logfile created on: 8/16/2011 10:47:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\SN\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.86 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.76% Memory free
11.73 Gb Paging File | 9.20 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 207.17 Gb Free Space | 46.23% Space Free | Partition Type: NTFS

Computer Name: SHANAJNIZAM-PC | User Name: SN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 22:41:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\SN\Downloads\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 21:52:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/26 13:10:48 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/11/23 15:50:16 | 008,118,928 | ---- | M] (Ventis Media Inc.) -- C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
PRC - [2010/10/08 11:01:14 | 000,086,184 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
PRC - [2010/10/08 11:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/09/30 12:52:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/17 18:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/13 13:41:04 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/10 21:50:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
MOD - [2011/08/10 21:50:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/10 21:49:59 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/10 21:49:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/10 21:49:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/10 21:49:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/10 21:49:33 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/10 21:49:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/07/08 03:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/23 15:51:12 | 000,217,744 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll
MOD - [2010/11/23 15:51:10 | 000,074,384 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll
MOD - [2010/11/23 15:51:08 | 000,164,496 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll
MOD - [2010/11/23 15:51:06 | 000,242,320 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll
MOD - [2010/11/23 15:51:06 | 000,130,192 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll
MOD - [2010/11/23 15:51:04 | 000,127,632 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll
MOD - [2010/11/23 15:51:00 | 000,184,976 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll
MOD - [2010/11/23 15:50:58 | 000,084,624 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll
MOD - [2010/11/23 15:50:56 | 000,127,120 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll
MOD - [2010/11/23 15:50:54 | 000,154,256 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_USBMass1.dll
MOD - [2010/11/23 15:50:52 | 000,188,560 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll
MOD - [2010/11/23 15:50:46 | 000,160,912 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll
MOD - [2010/11/23 15:50:46 | 000,098,960 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll
MOD - [2010/11/23 15:50:44 | 000,861,840 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll
MOD - [2010/11/23 15:50:44 | 000,770,192 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll
MOD - [2010/11/23 15:50:44 | 000,455,312 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll
MOD - [2010/11/23 15:50:44 | 000,233,616 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll
MOD - [2010/11/23 15:50:42 | 000,053,904 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\MMHelper.dll
MOD - [2010/11/23 15:50:40 | 000,131,728 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\WMAuth.dll
MOD - [2010/11/23 15:50:28 | 000,103,056 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Equalize.dll
MOD - [2010/11/23 15:50:16 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll
MOD - [2010/11/23 15:49:48 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\SQLite3MM.dll
MOD - [2010/01/25 19:18:22 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll
MOD - [2010/01/25 19:18:22 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/01 22:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/16 09:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 21:52:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/04/03 14:43:03 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/03/17 16:30:11 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/08 11:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/09/30 12:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/17 18:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/09/10 17:47:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/09/10 17:46:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/09/10 17:45:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/23 17:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/03 23:26:19 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/07/16 19:46:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/12 14:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/03/30 23:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/29 19:16:47 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/15 10:23:41 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/08/21 00:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/08/12 00:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/01 22:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/06/01 22:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/01 21:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 13:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/16 09:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 09:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/15 02:30:46 | 000,177,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTQHVSP.sys -- (PTQHVSP) PANTECH HSUSB Diagnostic Serial Port(MSM6290)
DRV:64bit: - [2009/12/15 02:30:46 | 000,177,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTQHMDM.sys -- (PTQHMDM) PANTECH HSUSB Modem(MSM6290)
DRV:64bit: - [2009/12/15 02:30:46 | 000,069,264 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTQHBUS.sys -- (PTQHBUS) PANTECH Handset HSUSB Composite Device(MSM6290)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/23 23:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/24 02:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 13:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/04 07:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 20:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 06:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 05:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 04:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 04:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/08/04 21:41:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110816.002\EX64.SYS -- (NAVEX15)
DRV - [2011/08/04 21:41:58 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110816.002\ENG64.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110815.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/27 20:14:54 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/27 20:14:53 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/22 20:27:21 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2445394396-189493613-16335978-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?complete=0&hl=en
IE - HKU\S-1-5-21-2445394396-189493613-16335978-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?complete=0"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\SN\AppData\Roaming\Mozilla\Firefox\Profiles\eaw4v9my.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\SN\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/13 14:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/13 14:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SN\AppData\Roaming\Mozilla\Extensions
[2011/01/10 22:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SN\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/13 14:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SN\AppData\Roaming\Mozilla\Firefox\Profiles\scbn6w49.default\extensions
[2011/08/13 14:19:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\SN\AppData\Roaming\Mozilla\Firefox\Profiles\scbn6w49.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/13 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\SN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCBN6W49.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCBN6W49.DEFAULT\EXTENSIONS\TABBUTTON@FIREFOX.XPI
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/10 21:23:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab (Pure Networks Security Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\C - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 14:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/12 14:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steel Storm - Burning Retribution
[2011/08/12 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelStorm
[2011/08/12 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\SN\Documents\VVVVVV
[2011/08/12 14:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VVVVVV
[2011/08/12 14:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VVVVVV
[2011/08/12 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\Lazy 8 Studios
[2011/08/12 13:37:33 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Local\Lazy 8 Studios
[2011/08/12 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cogs
[2011/08/12 13:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cogs
[2011/08/12 13:21:11 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Local\CrashDumps
[2011/08/12 12:05:12 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\AtomZombieData
[2011/08/12 11:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atom Zombie Smasher
[2011/08/12 11:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atom Zombie Smasher
[2011/08/10 23:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samorost2
[2011/08/10 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aquaria
[2011/08/10 22:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aquaria
[2011/08/10 22:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aquaria
[2011/08/10 21:23:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/10 21:21:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/08 21:38:13 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Machinarium
[2011/08/08 21:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Machinarium
[2011/08/08 21:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Machinarium
[2011/08/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\.minecraft
[2011/08/07 00:28:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/07 00:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/07 00:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/06 21:01:03 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2011/08/03 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\TrueCrypt
[2011/08/03 23:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011/08/03 23:26:19 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011/08/03 23:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011/08/03 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Local\Western Digital
[2011/08/03 19:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2011/08/03 19:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/08/03 18:46:27 | 000,000,000 | ---D | C] -- C:\Users\SN\Desktop\WD Smartware
[2011/08/02 20:05:53 | 000,000,000 | ---D | C] -- C:\Users\SN\AppData\Roaming\VSRevoGroup
[2011/08/02 19:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/08/02 19:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\WDCSAM
[2011/08/02 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010/12/24 16:55:03 | 005,943,312 | ---- | C] (Absolute Software Corp. ) -- C:\Users\SN\AppData\Roaming\LoJackSetup.exe

 

[sick97]

OTL Part 2

========== Files - Modified Within 30 Days ==========

[2011/08/16 22:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 21:45:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 20:56:15 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/16 19:44:33 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/16 19:44:33 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/16 19:44:33 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/16 19:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 19:31:07 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/08/13 14:07:39 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 13:47:13 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/13 13:47:13 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/13 13:39:43 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/08/13 13:39:22 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 14:33:39 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Steel Storm - Burning Retribution.lnk
[2011/08/11 00:07:10 | 000,002,506 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2011/08/10 23:17:17 | 000,001,875 | ---- | M] () -- C:\Users\SN\Desktop\Samorost2.lnk
[2011/08/10 21:23:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/03 23:26:19 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011/08/03 19:43:02 | 000,000,016 | -H-- | M] () -- C:\Users\SN\Documents\SyncToy_b30e341f-2ef0-48aa-8652-120c48303ff4.dat
[2011/07/31 16:44:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011/08/13 14:07:37 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 14:07:33 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/12 14:33:38 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Steel Storm - Burning Retribution.lnk
[2011/08/11 00:07:08 | 000,002,506 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2011/08/10 23:16:57 | 000,001,875 | ---- | C] () -- C:\Users\SN\Desktop\Samorost2.lnk
[2011/08/03 19:43:02 | 000,000,016 | -H-- | C] () -- C:\Users\SN\Documents\SyncToy_b30e341f-2ef0-48aa-8652-120c48303ff4.dat
[2011/08/03 19:24:55 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk
[2011/07/14 21:42:13 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/06/05 00:14:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/05 00:14:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/30 15:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/30 15:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/30 15:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/30 15:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/30 15:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/25 22:35:09 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/15 20:25:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/04/15 20:25:07 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/08 07:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/01/30 23:05:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/01/24 21:00:23 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/12/24 17:13:23 | 000,000,017 | ---- | C] () -- C:\Users\SN\AppData\Local\resmon.resmoncfg
[2010/12/24 16:54:29 | 000,000,046 | ---- | C] () -- C:\Users\SN\AppData\Roaming\FactoryInstaller.xml
[2010/11/26 03:40:55 | 000,015,360 | ---- | C] () -- C:\Users\SN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 23:39:41 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/09/19 23:39:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/09/19 23:39:41 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/09/19 23:39:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/09/19 23:39:41 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/09/19 23:39:41 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/09/19 23:39:41 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/09/19 23:39:41 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/09/19 23:39:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/09/19 23:39:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/09/19 23:39:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/09/19 23:39:41 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/09/19 23:39:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/09/19 23:39:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/09/19 23:39:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/09/19 23:39:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/09/17 22:07:18 | 003,566,434 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll
[2010/09/17 22:07:18 | 000,042,108 | ---- | C] () -- C:\Windows\SysWow64\fun_avutil.dll
[2010/09/17 22:07:17 | 000,827,392 | ---- | C] () -- C:\Windows\SysWow64\Mpeg4System.dll
[2010/09/17 22:07:17 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\AMR.dll
[2010/09/17 22:07:17 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\Mpeg4Tools.dll
[2010/09/17 22:07:17 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Mpeg4DSF.dll
[2010/09/17 22:07:17 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EvrcDecDll.dll
[2010/09/17 22:07:17 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\AMRDSF.dll
[2010/09/14 20:35:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/10 19:13:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/10 17:47:53 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/09/10 17:47:53 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/09/10 17:47:53 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/09/10 17:47:37 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/10 17:47:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/10 17:44:16 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/08 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\.minecraft
[2010/12/24 17:00:10 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Absolute
[2010/12/24 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Absolute Software
[2010/11/25 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Amazon
[2011/06/25 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Artogon
[2011/08/12 13:21:52 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\AtomZombieData
[2011/06/12 00:39:03 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\CDisplayEx
[2011/05/18 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\com.amazon.music.uploader
[2011/01/29 19:17:56 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\DAEMON Tools Lite
[2011/05/12 21:40:04 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Epson
[2010/09/18 21:35:49 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Geneforge 3 Saved Games
[2011/07/05 23:42:05 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\GonVisor
[2011/05/13 23:44:15 | 000,000,000 | RHSD | M] -- C:\Users\SN\AppData\Roaming\install
[2010/12/24 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\IrfanView
[2011/08/12 13:39:37 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Lazy 8 Studios
[2011/02/05 01:25:12 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Lonely Troops
[2010/12/24 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\MotionDSP
[2011/03/03 22:12:09 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Opera
[2010/09/17 22:11:12 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Pantech
[2011/05/24 21:35:17 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\PCDr
[2011/03/05 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\PeaceCraft2
[2010/12/30 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\PlayFirst
[2011/07/16 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Research In Motion
[2011/03/02 02:02:44 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Samsung
[2011/04/30 14:56:22 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\SmartDraw
[2010/12/01 14:48:25 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Sony
[2011/07/16 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\TeamViewer
[2011/01/10 22:34:41 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Thunderbird
[2011/07/17 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Tific
[2011/08/03 23:30:45 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\TrueCrypt
[2011/08/16 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\uTorrent
[2010/10/12 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\Valusoft
[2011/08/02 20:05:53 | 000,000,000 | ---D | M] -- C:\Users\SN\AppData\Roaming\VSRevoGroup
[2011/08/12 13:43:34 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Absolute Software
[2011/07/31 16:44:28 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/14 15:50:49 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/16 20:56:15 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/22 19:47:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/13 15:19:29 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2011/05/14 12:30:36 | 000,224,820 | ---- | M] () -- C:\coreuninstall.log
[2010/09/10 20:02:38 | 000,004,212 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/08/13 13:39:22 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/08/13 13:39:21 | 2001,231,871 | -HS- | M] () -- C:\pagefile.sys
[2011/04/30 21:51:34 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG1
[2011/04/30 21:51:34 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG2
[2011/08/10 21:12:49 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2011/01/30 20:01:37 | 000,026,352 | ---- | M] () -- C:\RPSetup.exe.log
[2011/04/24 02:12:57 | 000,056,096 | ---- | M] () -- C:\screen.jpg
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/05 23:10:09 | 000,000,308 | -HS- | M] () -- C:\Users\SN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/02/28 21:35:56 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/02/28 21:35:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/02/28 21:35:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/02/28 21:35:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/02/28 21:35:56 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/02/28 21:35:56 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/28 21:59:05 | 000,000,402 | -HS- | M] () -- C:\Users\SN\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/08 11:01:06 | 000,000,003 | ---- | M] () -- C:\ProgramData\AbsoluteNotifier.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:5B09C4D9
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >

 

[sick97]

OTL Extra log file

OTL Extras logfile created on: 8/16/2011 10:47:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\SN\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.86 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.76% Memory free
11.73 Gb Paging File | 9.20 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 207.17 Gb Free Space | 46.23% Space Free | Partition Type: NTFS

Computer Name: SN-PC | User Name: SN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2445394396-189493613-16335978-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B5FE75F-A999-45e7-AE6B-5B85E1DD0577}" = PANTECH Handset USB Driver V2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89B56CFC-0270-4ACF-8BF1-048251FD9E08}" = QuickSFV
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21431444-6A81-430E-99B9-EC40EB750D13}" = Pantech PCSuite
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26BEEF24-B264-41E3-9D5E-0529D79FADB6}" = Free CraigsList Reader Pro from CraigsPal 4.5.1
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54FED139-0110-42E8-B835-650B401E863A}" = Pantech PCSuite
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}" = Media Go Video Playback Engine 1.64.105.02280
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9021848E-F315-44C7-8D45-3B16162AA73A}" = TurboTax 2010 wneiper
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{A9AFDD7C-F4A0-4E23-B73D-2BB23EE359D0}" = TurboTax 2010 wnhiper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C39601A7-9FF4-4148-A41B-93181E35D122}_is1" = VVVVVV version 2.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA19AEA3-B949-41DA-AFBA-692356230F6E}" = TurboTax 2010 wnjiper
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D3ABE1-0CFF-49C2-84D7-E2E9B5876E7D}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9000 smartphone
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Aquaria" = Aquaria
"Atom Zombie Smasher_is1" = Atom Zombie Smasher
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.8
"Cogs" = Cogs
"com.amazon.music.uploader" = Amazon MP3 Uploader
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"GoToAssist" = GoToAssist Corporate
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"N360" = Norton 360
"OpenAL" = OpenAL
"Revo Uninstaller" = Revo Uninstaller 1.92
"Steel Storm" = Steel Storm - Burning Retribution (remove only)
"TrueCrypt" = TrueCrypt
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.10
"voxware_is1" = Voxware Audio decoder 1.6
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2445394396-189493613-16335978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 5.0.0.799
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
  IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
  O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: internet ([]about in Trusted sites)
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-2445394396-189493613-16335978-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
  O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  @Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:5B09C4D9
  @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:3E06C78F
  @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:8CE646EE
  @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.