also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

TechSpot News Products Downloads Forums

Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] System Check virus Win Vista x64

Discussion in 'Virus and Malware Removal' started by Deshra, Jan 5, 2012.

Page 1 of 3

Deshra Newcomer, in training

So far I cannot even get it into safe mode, when I get it into windows the virus keeps me from accessing any files, I can access the partitions via gparted but cannot delete the "unallocated" sector. I cant even access my files when I plug it into an external hard drive case and open it with my other pc. (which is how Im on here typing) I can access my main partition to a degree when opening it via external option however. but not enough to actually do any good. I usually can take care of viruses pretty well but this one is a bad mother. I cant lose my data on my data partition as it has some important work on it, so if I can atleast get my data OFF of it I have no problem reformatting it. If I could even get it to do that, I also noticed I could choose to roll back the hard drive via external would that work?

Deshra, Jan 5, 2012

#1
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Put the drive in its original location.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Jan 5, 2012

#2
Deshra Newcomer, in training

otl

OTL logfile created on: 1/5/2012 8:08:34 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 146.18 Gb Free Space | 52.31% Space Free | Partition Type: NTFS
Drive D: | 465.83 Gb Total Space | 211.20 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive E: | 963.48 Mb Total Space | 717.67 Mb Free Space | 74.49% Space Free | Partition Type: FAT32
Drive F: | 409.17 Gb Total Space | 194.21 Gb Free Space | 47.46% Space Free | Partition Type: NTFS
Drive G: | 465.68 Gb Total Space | 44.39 Gb Free Space | 9.53% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/17 02:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/19 22:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/30 06:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 06:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/12/01 14:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/11/11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/17 07:18:00 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/02/17 07:17:00 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/01/19 17:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2006/10/31 18:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/10/18 21:09:19 | 001,930,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (ialm)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2010/12/01 14:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Deshra_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.asus.com [binary data]
IE - HKU\Deshra_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Deshra_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Deshra_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157|http://www.asus.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 22:10:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 10:30:49 | 000,000,000 | ---D | M]

[2011/02/23 10:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deshra\AppData\Roaming\Mozilla\Extensions
[2012/01/04 19:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deshra\AppData\Roaming\Mozilla\Firefox\Profiles\u8syq1tr.default\extensions
[2012/01/04 19:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deshra\AppData\Roaming\Mozilla\Firefox\Profiles\u8syq1tr.default\extensions\staged
[2011/12/06 04:27:03 | 000,001,210 | ---- | M] () -- C:\Users\Deshra\AppData\Roaming\Mozilla\Firefox\Profiles\u8syq1tr.default\searchplugins\search.xml
[2011/11/11 10:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 10:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\DESHRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U8SYQ1TR.DEFAULT\EXTENSIONS\{BAEBEF65-9289-47C5-8524-C345CC5D860D}.XPI
[2011/12/13 21:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/10 22:10:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/11 10:30:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 22:09:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 22:09:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/10 01:42:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\Deshra_ON_C\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKU\Deshra_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Deshra_ON_C..\Run: [WMPNSCFG] File not found
O4 - HKU\Deshra_ON_C..\Run: [yBlqxAdBNPjQ.exe] C:\ProgramData\yBlqxAdBNPjQ.exe ()
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Deshra_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Deshra_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\UpdatusUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\Deshra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/22 02:17:52 | 000,000,000 | ---D | C] -- C:\Users\Deshra\AppData\Roaming\redsn0w
[2011/12/16 23:33:57 | 000,000,000 | ---D | C] -- C:\Users\Deshra\AppData\Local\TempDIR
[2011/12/13 21:53:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/12/13 21:53:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/12/13 21:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/12/13 21:43:50 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2011/12/13 21:43:50 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/12/13 21:43:50 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/12/13 21:43:50 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/12/13 21:43:50 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/12/13 21:43:50 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/12/13 21:43:50 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/12/13 21:43:50 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/12/13 21:42:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2011/12/13 21:42:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/12/13 21:42:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/12/13 21:42:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/12/13 21:42:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2011/12/13 21:42:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2011/12/13 21:42:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/12/13 21:42:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/12/13 21:42:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2011/12/13 21:42:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/12/13 21:42:48 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/12/13 21:42:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2011/12/13 21:42:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/12/13 21:42:46 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/12/13 21:42:46 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/12/13 21:42:46 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/12/13 21:42:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2011/12/13 21:42:46 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2011/12/13 21:42:46 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2011/12/13 21:42:46 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2011/12/13 21:42:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2011/12/13 21:42:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2011/12/13 21:42:43 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/12/13 21:42:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/12/13 21:42:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2011/12/13 21:42:42 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/12/13 21:42:42 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/12/13 21:42:42 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/12/13 21:42:42 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2011/12/13 21:42:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2011/12/13 21:42:42 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2011/12/13 21:42:42 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2011/12/13 21:26:15 | 000,847,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2011/12/13 21:26:04 | 001,398,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/12/13 21:26:04 | 001,360,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/12/13 21:26:04 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/12/13 21:26:04 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/12/13 21:26:03 | 001,075,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.efi
[2011/12/13 21:26:03 | 001,062,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/12/13 21:26:03 | 000,990,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.efi
[2011/12/13 21:26:03 | 000,979,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/12/13 21:26:02 | 000,020,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/12/13 21:26:02 | 000,018,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/12/13 21:26:02 | 000,018,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/12/13 21:26:01 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/12/13 21:26:01 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/12/13 21:26:01 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/12/13 21:26:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/12/13 21:25:58 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/13 21:25:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 21:25:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/12/13 21:25:57 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/12/13 21:25:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/12/13 21:25:57 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/12/13 21:25:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/12/13 21:25:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/12/13 21:25:55 | 002,424,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2011/12/13 21:25:55 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/12/13 21:25:55 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2011/12/13 21:25:55 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/12/13 21:25:51 | 000,753,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/12/13 21:25:51 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/12/13 21:25:51 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/13 21:25:48 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/12/13 21:25:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 21:22:14 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2011/12/13 21:22:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/12/13 21:22:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/12/08 01:20:17 | 000,000,000 | ---D | C] -- C:\Users\Deshra\AppData\Local\cache
[2011/12/08 01:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
[2011/12/08 01:19:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\VTech
[2011/12/08 01:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTech

========== Files - Modified Within 30 Days ==========

[2012/01/05 14:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 14:25:46 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~vcAvNjbO90gt57
[2012/01/05 14:25:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~vcAvNjbO90gt57r
[2012/01/05 14:25:42 | 000,000,637 | ---- | M] () -- C:\Users\Deshra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 14:25:42 | 000,000,613 | ---- | M] () -- C:\Users\Deshra\Desktop\System Check.lnk
[2012/01/05 14:25:37 | 000,000,336 | -H-- | M] () -- C:\ProgramData\vcAvNjbO90gt57
[2012/01/05 14:24:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 14:24:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 14:21:38 | 000,358,178 | -H-- | M] () -- C:\ProgramData\vcAvNjbO90gt57.exe
[2012/01/05 14:20:48 | 000,075,776 | ---- | M] () -- C:\Users\Deshra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 14:15:34 | 000,444,194 | -H-- | M] () -- C:\ProgramData\yBlqxAdBNPjQ.exe
[2011/12/28 10:53:28 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 10:53:28 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/13 21:55:37 | 000,229,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 21:53:46 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/13 21:53:46 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/13 21:50:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/09 09:32:30 | 000,000,680 | ---- | M] () -- C:\Users\Deshra\AppData\Local\d3d9caps.dat
[2011/12/09 02:36:47 | 782,323,034 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/08 01:37:53 | 000,000,581 | ---- | M] () -- C:\Users\Deshra\AppData\Local\cookies.ini
[2011/12/08 01:19:43 | 000,001,044 | ---- | M] () -- C:\Users\Deshra\Desktop\Learning Lodge Navigator.lnk
[2011/12/08 01:19:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech

========== Files Created - No Company Name ==========

[2012/01/05 14:25:46 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~vcAvNjbO90gt57
[2012/01/05 14:25:46 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~vcAvNjbO90gt57r
[2012/01/05 14:25:42 | 000,000,637 | ---- | C] () -- C:\Users\Deshra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 14:25:42 | 000,000,613 | ---- | C] () -- C:\Users\Deshra\Desktop\System Check.lnk
[2012/01/05 14:25:37 | 000,000,336 | -H-- | C] () -- C:\ProgramData\vcAvNjbO90gt57
[2012/01/05 14:21:38 | 000,358,178 | -H-- | C] () -- C:\ProgramData\vcAvNjbO90gt57.exe
[2012/01/05 14:18:41 | 000,444,194 | -H-- | C] () -- C:\ProgramData\yBlqxAdBNPjQ.exe
[2011/12/13 21:42:43 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/12/13 21:42:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/12/13 21:42:43 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/12/13 21:42:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/12/13 21:42:43 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/12/13 21:42:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/12/09 09:32:30 | 000,000,680 | ---- | C] () -- C:\Users\Deshra\AppData\Local\d3d9caps.dat
[2011/12/08 01:20:23 | 000,000,581 | ---- | C] () -- C:\Users\Deshra\AppData\Local\cookies.ini
[2011/12/08 01:19:43 | 000,001,044 | ---- | C] () -- C:\Users\Deshra\Desktop\Learning Lodge Navigator.lnk
[2011/12/06 04:27:02 | 000,421,376 | ---- | C] () -- C:\Users\Deshra\AppData\Roaming\ScanDisc.exe
[2011/12/06 04:27:02 | 000,000,288 | ---- | C] () -- C:\Users\Deshra\AppData\Roaming\376EBE68.reg
[2011/12/06 04:26:19 | 000,003,776 | -HS- | C] () -- C:\Users\Deshra\AppData\Local\x0ym23x1be4ukx
[2011/12/06 04:26:19 | 000,003,776 | -HS- | C] () -- C:\ProgramData\x0ym23x1be4ukx
[2011/12/05 05:44:51 | 000,010,570 | -HS- | C] () -- C:\Users\Deshra\AppData\Local\6a55ol2s67a224
[2011/12/05 05:44:51 | 000,010,570 | -HS- | C] () -- C:\ProgramData\6a55ol2s67a224
[2011/11/10 01:33:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/10 01:33:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/10 01:33:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/10 01:33:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/10 01:33:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/06 08:43:13 | 000,045,151 | ---- | C] () -- C:\Users\Deshra\AppData\Roaming\UserTile.png
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/13 07:27:11 | 000,008,380 | -HS- | C] () -- C:\Users\Deshra\AppData\Local\b6bo46lu10ri1w645385mo7j0w0
[2011/07/13 07:27:11 | 000,008,380 | -HS- | C] () -- C:\ProgramData\b6bo46lu10ri1w645385mo7j0w0
[2011/03/06 21:50:55 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/03/06 21:01:43 | 000,839,680 | ---- | C] () -- C:\Windows\SysWow64\FDRpage.dll
[2011/03/06 21:01:43 | 000,007,548 | ---- | C] () -- C:\Windows\SysWow64\drivers\Samhid.sys
[2011/03/06 20:59:20 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CreateDir.exe
[2011/03/06 12:41:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/02/23 04:36:34 | 000,075,776 | ---- | C] () -- C:\Users\Deshra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 12:24:16 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/02/22 12:24:16 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/02/22 10:53:06 | 000,000,732 | ---- | C] () -- C:\Users\Deshra\AppData\Local\d3d9caps64.dat
[2011/02/22 10:32:24 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/02/22 10:31:37 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/22 10:31:37 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/22 10:31:35 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/22 10:31:35 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/22 10:27:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/22 10:24:51 | 000,014,713 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/02/22 10:08:36 | 000,023,388 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/02/22 10:08:26 | 000,018,322 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 10:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/05/06 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\AnvSoft
[2011/10/12 22:41:36 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\BAC7E
[2011/10/12 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\BD9BA
[2011/02/23 14:12:37 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\Eltima Software
[2011/10/09 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\h99ggTZZqjYw
[2011/10/09 22:08:23 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\j11iibD33o
[2011/02/23 10:38:27 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\Leadertech
[2011/04/01 11:53:56 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\Masque
[2011/12/22 02:31:24 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\redsn0w
[2011/05/19 20:34:15 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\ReelDealVampireAdventure
[2011/05/06 08:18:31 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\Sony
[2011/07/19 09:43:02 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\spotmau
[2011/10/09 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\TEEEK88fRZ9h
[2011/12/28 03:17:45 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\uTorrent
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/08/15 10:37:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/03/27 03:10:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Masque
[2011/03/02 15:38:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\SlySoft
[2011/05/06 08:18:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\Sony
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/09/27 08:47:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\TEMP
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/08 01:19:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\VTech
[2011/02/22 10:36:57 | 000,000,000 | -H-D | M] -- C:\ProgramData\WinZip
[2011/02/22 10:24:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\Wireless LAN Card
[2011/11/04 12:31:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/01/05 14:23:57 | 000,024,940 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:FB1B13D8
< End of report >

I believe the the interloper that started it is the second to last entry located in C:\programdata
fortunately as a pc and console modder and repairer I have dealt with stuff like this so I have an idea but sheesh this one is nasty.

Deshra, Jan 5, 2012

#3

Broni Malware Annihilator

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
IE - HKU\Deshra_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O4 - HKU\Deshra_ON_C..\Run: [WMPNSCFG] File not found
O4 - HKU\Deshra_ON_C..\Run: [yBlqxAdBNPjQ.exe] C:\ProgramData\yBlqxAdBNPjQ.exe ()
[2012/01/05 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\Deshra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/05 14:25:46 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~vcAvNjbO90gt57
[2012/01/05 14:25:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~vcAvNjbO90gt57r
[2012/01/05 14:25:42 | 000,000,637 | ---- | M] () -- C:\Users\Deshra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 14:25:42 | 000,000,613 | ---- | M] () -- C:\Users\Deshra\Desktop\System Check.lnk
[2012/01/05 14:25:37 | 000,000,336 | -H-- | M] () -- C:\ProgramData\vcAvNjbO90gt57
[2012/01/05 14:21:38 | 000,358,178 | -H-- | M] () -- C:\ProgramData\vcAvNjbO90gt57.exe
[2012/01/05 14:15:34 | 000,444,194 | -H-- | M] () -- C:\ProgramData\yBlqxAdBNPjQ.exe
[2011/12/06 04:26:19 | 000,003,776 | -HS- | C] () -- C:\Users\Deshra\AppData\Local\x0ym23x1be4ukx
[2011/12/06 04:26:19 | 000,003,776 | -HS- | C] () -- C:\ProgramData\x0ym23x1be4ukx
[2011/12/05 05:44:51 | 000,010,570 | -HS- | C] () -- C:\Users\Deshra\AppData\Local\6a55ol2s67a224
[2011/12/05 05:44:51 | 000,010,570 | -HS- | C] () -- C:\ProgramData\6a55ol2s67a224
[2011/07/13 07:27:11 | 000,008,380 | -HS- | C] () -- C:\Users\Deshra\AppData\Local\b6bo46lu10ri1w645385mo7j0w0
[2011/07/13 07:27:11 | 000,008,380 | -HS- | C] () -- C:\ProgramData\b6bo46lu10ri1w645385mo7j0w0
[2011/10/12 22:41:36 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\BAC7E
[2011/10/12 18:56:49 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\BD9BA
[2011/10/09 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\h99ggTZZqjYw
[2011/10/09 22:08:23 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\j11iibD33o
[2011/10/09 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Deshra\AppData\Roaming\TEEEK88fRZ9h
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:FB1B13D8

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Broni, Jan 5, 2012

#4

Deshra Newcomer, in training

fixlog

Wow broni, thanks for the fast response. I am posting the fixlog now:
========== OTL ==========
HKU\Deshra_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_USERS\Deshra_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Deshra_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\ProgramData\yBlqxAdBNPjQ.exe moved successfully.
C:\Users\Deshra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\~vcAvNjbO90gt57 moved successfully.
C:\ProgramData\~vcAvNjbO90gt57r moved successfully.
C:\Users\Deshra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Deshra\Desktop\System Check.lnk moved successfully.
C:\ProgramData\vcAvNjbO90gt57 moved successfully.
C:\ProgramData\vcAvNjbO90gt57.exe moved successfully.
File C:\ProgramData\yBlqxAdBNPjQ.exe not found.
C:\Users\Deshra\AppData\Local\x0ym23x1be4ukx moved successfully.
C:\ProgramData\x0ym23x1be4ukx moved successfully.
C:\Users\Deshra\AppData\Local\6a55ol2s67a224 moved successfully.
C:\ProgramData\6a55ol2s67a224 moved successfully.
C:\Users\Deshra\AppData\Local\b6bo46lu10ri1w645385mo7j0w0 moved successfully.
C:\ProgramData\b6bo46lu10ri1w645385mo7j0w0 moved successfully.
C:\Users\Deshra\AppData\Roaming\BAC7E folder moved successfully.
C:\Users\Deshra\AppData\Roaming\BD9BA folder moved successfully.
C:\Users\Deshra\AppData\Roaming\h99ggTZZqjYw folder moved successfully.
C:\Users\Deshra\AppData\Roaming\j11iibD33o folder moved successfully.
C:\Users\Deshra\AppData\Roaming\TEEEK88fRZ9h folder moved successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01052012_202913

Obviously I know this isnt over, I am starting the reboot now will post as soon as I know if it will boot into windows and what it does.

Deshra, Jan 5, 2012

#5
Deshra Newcomer, in training

good so far

That was fast seriously I think I could take some tips from you Broni.
The virus appears either dead or dormant, all my system and personal files are "hidden"
I can access my files now although my "my computer" icon is missing which I do know how to fix that, firefox is working so it seems it hasn't affected the .exe files

Deshra, Jan 5, 2012

#6
Broni Malware Annihilator

Well, the most important thing is you're bootable again

Now....

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then....

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Broni, Jan 5, 2012

#7
Deshra Newcomer, in training

mbam logs

Here is the Mbam logs that I ran last night, I also had avast run both from the desktop and from boot. and cleaned what it found as well.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.02

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Deshra :: CYBERNECRO [administrator]

1/6/2012 2:23:55 AM
mbam-log-2012-01-06 (02-23-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 513041
Time elapsed: 1 hour(s), 3 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\Deshra\AppData\Local\hys.exe" -a "%1" %* -> Quarantined and deleted successfully.
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Deshra, Jan 6, 2012

#8
Deshra Newcomer, in training

gmer and DDS

gmer found absolutely nothing nor did it create a log with any data within it, therefore I do not have anything to post for it's sake.
The following is the DDS log and following that is the DDS attach log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_29
Run by Deshra at 14:20:21 on 2012-01-06
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.4341 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [yBlqxAdBNPjQ.exe] C:\ProgramData\yBlqxAdBNPjQ.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [RunAIShell] "C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{F67D8B50-63B4-40B5-AC66-108ECD42E264} : DhcpNameServer = 192.168.10.1
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &Save Flash: {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [RunAIShell] "C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deshra\AppData\Roaming\Mozilla\Firefox\Profiles\u8syq1tr.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157|http://www.asus.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-5 44768]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-2-24 196608]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-11 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-24 93184]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-01-06 08:21:30 -------- d-----w- C:\Users\Deshra\AppData\Roaming\Malwarebytes
2012-01-06 08:21:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-06 08:21:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-06 08:18:27 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD7ACFF1-0031-4D6A-A22E-5698B0834187}\offreg.dll
2012-01-06 04:24:36 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-06 04:24:35 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-06 04:24:20 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-06 04:24:05 -------- d-----w- C:\ProgramData\AVAST Software
2012-01-06 04:24:05 -------- d-----w- C:\Program Files\AVAST Software
2012-01-06 02:45:11 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-06 02:45:11 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 02:45:11 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 02:45:11 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 01:29:13 -------- d-----w- C:\_OTL
2011-12-22 07:17:52 -------- d-----w- C:\Users\Deshra\AppData\Roaming\redsn0w
2011-12-17 04:33:57 -------- d-----w- C:\Users\Deshra\AppData\Local\TempDIR
2011-12-15 05:44:43 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 02:50:13 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD7ACFF1-0031-4D6A-A22E-5698B0834187}\mpengine.dll
2011-12-14 02:45:51 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-12-14 02:43:50 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-14 02:43:50 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-14 02:43:50 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-14 02:43:50 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-14 02:43:50 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-14 02:43:50 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-14 02:43:50 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-14 02:43:50 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-14 02:43:50 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-14 02:43:50 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-14 02:25:58 560128 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 02:22:14 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-14 02:22:14 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-14 02:22:14 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-08 06:20:17 -------- d-----w- C:\Users\Deshra\AppData\Local\cache
2011-12-08 06:19:29 -------- d-----w- C:\ProgramData\VTech
2011-12-08 06:19:29 -------- d-----w- C:\Program Files (x86)\VTech
.
==================== Find3M ====================
.
2012-01-06 02:37:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-06 09:27:02 288 ----a-w- C:\Users\Deshra\AppData\Roaming\376EBE68.reg
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-11 15:30:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-15 06:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 14:20:42.77 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/22/2011 3:05:44 AM
System Uptime: 1/6/2012 2:18:02 AM (12 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CG5270
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2499/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 141.147 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 223.3 GiB free.
E: is FIXED (NTFS) - 409 GiB total, 194.205 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 44.393 GiB free.
G: is CDROM (CDFS)
H: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83851043&REV_01\4&35BBFD3A&0&00E5
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83851043&REV_01\4&35BBFD3A&0&00E5
Service: RTL8169
.
==== System Restore Points ===================
.
RP253: 12/16/2011 11:12:13 PM - Scheduled Checkpoint
RP254: 12/18/2011 9:21:05 PM - Scheduled Checkpoint
RP255: 12/20/2011 10:44:52 AM - Scheduled Checkpoint
RP256: 12/21/2011 12:32:12 AM - Scheduled Checkpoint
RP257: 12/22/2011 2:54:32 AM - Scheduled Checkpoint
RP258: 12/23/2011 2:13:12 AM - Scheduled Checkpoint
RP259: 12/24/2011 12:51:02 AM - Scheduled Checkpoint
RP260: 12/25/2011 1:22:26 AM - Scheduled Checkpoint
RP261: 12/26/2011 2:03:25 AM - Scheduled Checkpoint
RP262: 12/27/2011 - Scheduled Checkpoint
RP263: 12/28/2011 12:11:34 AM - Scheduled Checkpoint
RP264: 1/5/2012 10:23:45 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
AI Manager
Any DVD Converter Professional 4.1.8
AnyDVD
Apple Application Support
Apple Software Update
ASUSUpdate
avast! Free Antivirus
Azurewave Wireless LAN Card
Battle Slots
Bing Bar
Desktop Rain
DVD Flick 1.3.0.7
DVD Shrink 3.2
EPU-4 Engine
eReg
FreeSpace 2
High-Definition Video Playback 10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Transporter - NCP Link
Java Auto Updater
Java(TM) 6 Update 29
King's Quest 7-8
Learning Lodge Navigator
Logitech Gaming Software
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.0.1800
Masque IGT Slots Texas Tea
Masque IGT Slots Wolf Run
McAfee Security Scan Plus
Microsoft Application Compatibility Toolkit 5.6
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCP Internet Transporter
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Philips Retractable PC Controller
QuickTime
Rainy Screensaver 2.2.17
RapeLay (remove only)
RealFlight Add-ons Volume 2
RealFlight G2 Simulator
RealFlight G3 R/C Simulator
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Save Flash 4.3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sierra Utilities
Sony Media Manager for PSP 2.5
Sothink SWF Decompiler
SWF & FLV Player 3.0 (build 3.0.33.5106)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.11
VTech Download Agent Library
WinRAR archiver
WinZip 11.1
.
==== Event Viewer Messages From Past Week ========
.
1/5/2012 8:37:21 PM, Error: EventLog [6008] - The previous system shutdown at 1:31:45 PM on 1/5/2012 was unexpected.
1/5/2012 1:30:55 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2012 1:30:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.
1/5/2012 1:26:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
1/5/2012 1:23:54 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
.
==== End Of File ===========================

Deshra, Jan 6, 2012

#9
Broni Malware Annihilator
What about UnHide?

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jan 6, 2012

#10
Deshra Newcomer, in training

unhide

Srry forgot to mention that, unhide worked great, didnt produce any logs though.

Deshra, Jan 6, 2012

#11
Broni Malware Annihilator

Go on............

Broni, Jan 6, 2012

#12
Deshra Newcomer, in training

MBR

Sorry for short post earlier, was fighting with my 4-yr old :rolleyes:

When I try to open the mbr.dat file it turns to garbage any suggestions?

Deshra, Jan 6, 2012

#13
Deshra Newcomer, in training

ComboFix Log

ComboFix 12-01-06.03 - Deshra 01/06/2012 18:11:51.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.5714 [GMT -6:00]
Running from: c:\users\Deshra\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Deshra\AppData\Local\TempDIR
c:\users\Deshra\AppData\Local\TempDIR\BetterInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 00:18 . 2012-01-07 00:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD7ACFF1-0031-4D6A-A22E-5698B0834187}\offreg.dll
2012-01-07 00:17 . 2012-01-07 00:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-07 00:17 . 2012-01-07 00:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-07 00:17 . 2012-01-07 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 00:17 . 2012-01-07 00:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-06 08:21 . 2012-01-06 08:21 -------- d-----w- c:\users\Deshra\AppData\Roaming\Malwarebytes
2012-01-06 08:21 . 2012-01-06 08:21 -------- d-----w- c:\programdata\Malwarebytes
2012-01-06 08:21 . 2012-01-06 08:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-06 04:24 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-06 04:24 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-06 04:24 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-06 04:24 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-06 04:24 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-06 04:24 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-06 04:24 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-06 04:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-06 04:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-06 04:24 . 2012-01-06 04:24 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 04:24 . 2012-01-06 04:24 -------- d-----w- c:\program files\AVAST Software
2012-01-06 02:45 . 2012-01-06 02:45 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-06 02:45 . 2012-01-06 02:45 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-06 02:45 . 2012-01-06 02:45 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-06 02:45 . 2012-01-06 02:45 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 01:29 . 2012-01-06 01:29 -------- d-----w- C:\_OTL
2011-12-22 07:17 . 2011-12-22 07:31 -------- d-----w- c:\users\Deshra\AppData\Roaming\redsn0w
2011-12-15 05:44 . 2011-12-15 05:44 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 02:50 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD7ACFF1-0031-4D6A-A22E-5698B0834187}\mpengine.dll
2011-12-14 02:45 . 2011-12-14 02:45 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-12-14 02:43 . 2009-11-08 16:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-14 02:43 . 2009-11-08 16:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-14 02:43 . 2009-11-08 16:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-14 02:43 . 2009-11-08 16:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-14 02:43 . 2009-11-08 16:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-14 02:43 . 2009-11-08 16:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-14 02:43 . 2009-11-08 16:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-14 02:43 . 2009-11-08 16:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-14 02:43 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-14 02:43 . 2009-11-08 16:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-14 02:25 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 02:22 . 2011-03-02 15:10 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-14 02:22 . 2009-05-04 10:38 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-14 02:22 . 2009-05-04 10:11 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-12-08 06:20 . 2011-12-08 06:20 -------- d-----w- c:\users\Deshra\AppData\Local\cache
2011-12-08 06:19 . 2011-12-08 06:19 -------- d-----w- c:\programdata\VTech
2011-12-08 06:19 . 2011-12-08 06:19 -------- d-----w- c:\program files (x86)\VTech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 02:37 . 2011-02-23 15:38 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-10 21:24 . 2011-03-13 03:41 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 09:27 . 2011-12-06 09:27 288 ----a-w- c:\users\Deshra\AppData\Roaming\376EBE68.reg
2011-11-15 20:29 . 2011-02-22 16:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 15:30 . 2011-11-11 15:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-15 08:53 . 2011-11-11 16:07 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-11-11 16:06 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-11-11 16:06 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-11 16:06 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-11 16:06 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-11 16:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-11 16:06 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-11 16:06 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-11 16:06 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-11 16:06 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-11 16:06 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-11-11 16:06 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-11 16:06 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-11 16:06 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-11 16:06 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-11 16:06 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-11 16:06 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-11-11 16:06 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-11 16:06 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-02-24 17:08 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2010-07-10 11:38 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2010-07-10 11:38 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2010-07-09 22:27 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2010-03-17 00:57 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-03-17 00:56 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2010-03-17 00:56 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-03-17 00:56 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 06:54 . 2011-10-15 06:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_06.42.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 02:42 . 2009-10-09 21:55 54272 c:\windows\SysWOW64\WsmRes.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 12800 c:\windows\SysWOW64\wsmprovhost.exe
+ 2011-12-14 02:42 . 2009-10-09 21:56 10240 c:\windows\SysWOW64\wsmplpxy.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 10240 c:\windows\SysWOW64\winrssrv.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 20480 c:\windows\SysWOW64\winrshost.exe
+ 2011-12-14 02:42 . 2009-10-09 21:56 40448 c:\windows\SysWOW64\winrs.exe
+ 2011-12-14 02:42 . 2009-10-09 21:56 24064 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 20480 c:\windows\SysWOW64\WindowsPowerShell\v1.0\PSEvents.dll
+ 2011-12-14 02:42 . 2009-10-09 21:55 81408 c:\windows\SysWOW64\wevtfwd.dll
+ 2011-12-14 02:42 . 2009-10-09 21:55 79872 c:\windows\SysWOW64\wecutil.exe
+ 2011-12-14 02:42 . 2009-10-09 21:55 56320 c:\windows\SysWOW64\wecapi.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 56320 c:\windows\SysWOW64\wecapi.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 41472 c:\windows\SysWOW64\pwrshplugin.dll
- 2011-02-22 16:19 . 2009-08-14 16:29 17920 c:\windows\SysWOW64\netevent.dll
+ 2011-02-23 15:34 . 2010-09-06 16:23 17920 c:\windows\SysWOW64\netevent.dll
+ 2011-12-14 02:43 . 2009-11-08 16:55 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
+ 2008-01-21 03:20 . 2012-01-07 00:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-11-07 17:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-11-07 17:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-07 00:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-11-07 17:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-07 00:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-14 02:26 . 2011-02-16 15:29 34304 c:\windows\SysWOW64\atmlib.dll
- 2011-02-22 16:10 . 2011-01-08 07:50 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 54272 c:\windows\system32\WsmRes.dll
+ 2011-12-14 02:42 . 2009-10-09 21:35 13824 c:\windows\system32\wsmprovhost.exe
+ 2011-12-14 02:42 . 2009-10-09 21:35 13312 c:\windows\system32\wsmplpxy.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 13312 c:\windows\system32\winrssrv.dll
+ 2011-12-14 02:42 . 2009-10-09 21:35 24064 c:\windows\system32\winrshost.exe
+ 2011-12-14 02:42 . 2009-10-09 21:35 51200 c:\windows\system32\winrs.exe
+ 2011-12-14 02:42 . 2009-10-09 21:36 28672 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2011-12-14 02:42 . 2009-10-09 21:36 20480 c:\windows\system32\WindowsPowerShell\v1.0\PSEvents.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 84992 c:\windows\system32\wecapi.dll
- 2008-01-21 02:48 . 2008-01-21 02:48 84992 c:\windows\system32\wecapi.dll
+ 2008-01-21 02:23 . 2012-01-07 00:20 39068 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-07 00:20 77898 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 09:27 . 2006-11-02 11:19 12288 c:\windows\system32\sscore.dll
+ 2011-02-23 15:34 . 2010-09-06 15:59 12288 c:\windows\system32\sscore.dll
+ 2011-12-14 02:42 . 2009-10-09 21:36 53760 c:\windows\system32\pwrshplugin.dll
+ 2011-11-11 16:06 . 2011-07-07 23:21 29288 c:\windows\system32\nvhdap64.dll
- 2011-02-22 16:19 . 2009-08-14 17:29 17920 c:\windows\system32\netevent.dll
+ 2011-02-23 15:34 . 2010-09-06 15:57 17920 c:\windows\system32\netevent.dll
+ 2011-12-14 02:43 . 2009-11-08 16:55 11600 c:\windows\system32\MUI\0409\mscorees.dll
+ 2011-12-14 02:26 . 2011-02-27 15:53 20880 c:\windows\system32\kdusb.dll
+ 2011-12-14 02:26 . 2011-02-27 15:53 18320 c:\windows\system32\kdcom.dll
+ 2011-12-14 02:26 . 2011-02-27 15:53 18832 c:\windows\system32\kd1394.dll
+ 2011-11-11 16:06 . 2011-07-07 23:21 29288 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_b52afbc4\nvhdap64.dll
+ 2011-11-11 16:06 . 2011-07-07 23:21 70760 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_b52afbc4\nvapo64v.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\OpenCL64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\OpenCL.dll
+ 2008-01-21 02:46 . 2008-01-21 02:46 24064 c:\windows\system32\drivers\usbprint.sys
- 2006-11-02 10:27 . 2006-11-02 10:27 24064 c:\windows\system32\drivers\usbprint.sys
- 2008-01-21 02:49 . 2008-01-21 02:49 97792 c:\windows\system32\drivers\dfsc.sys
+ 2011-12-14 02:26 . 2011-04-14 14:45 97792 c:\windows\system32\drivers\dfsc.sys
+ 2011-12-14 02:25 . 2011-02-18 13:50 90624 c:\windows\system32\drivers\bowser.sys
- 2008-01-21 02:50 . 2008-01-21 02:50 90624 c:\windows\system32\drivers\bowser.sys
- 2008-01-21 02:49 . 2008-01-21 02:49 85504 c:\windows\system32\csrsrv.dll
+ 2011-12-14 02:25 . 2011-04-20 15:11 85504 c:\windows\system32\csrsrv.dll
- 2011-02-22 15:46 . 2011-11-04 17:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-22 15:46 . 2012-01-06 12:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-22 15:46 . 2012-01-06 12:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-22 15:46 . 2011-11-04 17:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-22 15:46 . 2011-11-04 17:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-22 15:46 . 2012-01-06 12:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-22 16:10 . 2011-01-08 09:31 48128 c:\windows\system32\atmlib.dll
+ 2011-12-14 02:26 . 2011-02-16 15:36 48128 c:\windows\system32\atmlib.dll
- 2011-03-06 21:16 . 2011-11-03 03:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-06 21:16 . 2012-01-06 03:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-06 21:16 . 2011-11-03 03:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-06 21:16 . 2012-01-06 03:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-06 21:16 . 2012-01-06 03:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-06 21:16 . 2011-11-03 03:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-27 06:00 . 2011-10-24 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-27 06:00 . 2012-01-06 20:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-27 06:00 . 2011-10-24 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-27 06:00 . 2012-01-06 20:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 09:14 . 2008-06-20 01:16 32768 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2011-12-14 02:51 . 2010-04-12 12:21 32768 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 94208 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2011-02-24 09:14 . 2008-06-20 01:16 94208 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 19304 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2011-12-14 02:41 . 2010-09-23 13:33 42320 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2011-12-14 02:51 . 2010-04-12 12:20 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2011-02-24 09:14 . 2008-06-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 17256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2011-12-14 02:41 . 2010-09-23 13:32 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-14 02:46 . 2011-12-14 02:46 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2011-02-27 10:57 . 2011-02-27 10:57 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-02-27 10:57 . 2011-12-14 02:50 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-12-14 02:45 . 2011-12-14 02:45 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2006-11-02 12:40 . 2011-11-04 17:30 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-11-11 16:09 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-11-04 17:30 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-11-11 16:09 51200 c:\windows\inf\infpub.dat
+ 2011-12-15 04:38 . 2011-12-15 04:38 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\cf0f5fb7e9d830d106007ee3a470f6cf\System.Windows.Presentation.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6eb2a2680356f279b74ce8f9e46905b9\System.Web.DynamicData.Design.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\f7b381af2c0d07b59b0233e8734b845b\stdole.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\388f0c6cebb882e802d9af143dcd4606\PresentationFontCache.ni.exe
+ 2011-12-14 03:02 . 2011-12-14 03:02 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\42c2a8c4f649f17436746c11cd22dc3d\PresentationCFFRasterizer.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\34121e47e1f8bc2545b39eecec652f93\Microsoft.WSMan.Runtime.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\859df3169734230b1c0c199bf94473b4\Microsoft.VisualC.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\bc94e2a9750327c738493c2f96bba0ee\ehiExtCOM.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\1123a87b1bd5315898388603acc11359\ehExtCOM.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\8e484e143b3a6b54cbc13e2fba3297ae\dfsvc.ni.exe
+ 2011-12-14 03:00 . 2011-12-14 03:00 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\d50edfd71eecdf5e11fcd547d4c63f9e\Accessibility.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1342e13a5f5613678d438405bed08ddd\UIAutomationProvider.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\115117de760266582cb809500a574144\System.Windows.Presentation.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2ec01bf4a984fcefe96f6f3e589cc63d\System.Web.DynamicData.Design.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\0653c1af7d222aa208edb2973469126f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\a9089c19e419675ccf7f67e304d64493\System.AddIn.Contract.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\48ab7c001b567767cd86604457e1dd0f\stdole.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 29184 c:\windows\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\95608fc34cff85a6948434bf7d1400f3\SFMARKETLib.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cf3899f7e543984d273763a2bb93a3db\PresentationFontCache.ni.exe
+ 2011-12-14 02:58 . 2011-12-14 02:58 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8bafc41aa4780702e8c537756d7d791c\PresentationCFFRasterizer.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\eecf88ebbe8dadf30bbfb3df2610f2af\napcrypt.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\77edaf7d4141056c80ee2186193a0218\Microsoft.WSMan.Runtime.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5d51c2c7fdde5793bf407e7c8a034ba9\Microsoft.Vsa.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f452ae4dea973a301e0a1d07fb57891e\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\f458144adadbba4b642ad16319948d8c\Interop.QTOControlLib.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\79c70af63341d73c2fdd5b3c7b6e22d2\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\e8d467aa712c342b2e6d9515e9f5874d\Interop.CDDBLINKLibSMS.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 20480 c:\windows\assembly\NativeImages_v2.0.50727_32\Interfaces\1dd6f371bbc7623a2be8b6770035a608\Interfaces.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\90faa264cb031254d07d095c9f31c3d0\ehiUserXp.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-12-15 03:18 . 2011-12-15 03:18 59904 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\a6db58bd0514cbb250affea86f11e929\AxInterop.QTOControlLib.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
- 2011-02-24 09:14 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-12-14 02:43 . 2009-10-12 21:55 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 2048 c:\windows\SysWOW64\winrsmgr.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 2048 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2011-12-14 02:42 . 2009-10-12 21:59 4096 c:\windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll
+ 2011-02-23 15:34 . 2010-09-06 16:24 9728 c:\windows\SysWOW64\sscore.dll
- 2006-11-02 12:13 . 2006-11-02 09:46 9728 c:\windows\SysWOW64\sscore.dll
+ 2011-12-14 02:42 . 2009-10-09 21:35 2048 c:\windows\system32\winrsmgr.dll
+ 2011-12-14 02:42 . 2009-10-09 21:36 2048 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 4096 c:\windows\system32\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll
+ 2011-02-22 15:54 . 2012-01-07 00:20 7722 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-670706601-4268592964-42186093-1000_UserData.bin
+ 2012-01-07 00:18 . 2012-01-07 00:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-10 06:41 . 2011-11-10 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-07 00:18 . 2012-01-07 00:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-10 06:41 . 2011-11-10 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-14 02:43 . 2009-10-09 21:39 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2011-02-23 17:49 . 2008-11-25 23:25 299336 c:\windows\SysWOW64\XPSViewer\XPSViewer.exe
+ 2011-12-14 02:42 . 2009-10-09 21:56 214016 c:\windows\SysWOW64\WsmWmiPl.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 145408 c:\windows\SysWOW64\WsmAuto.dll
+ 2011-12-14 02:42 . 2009-10-09 21:55 252416 c:\windows\SysWOW64\WSManMigrationPlugin.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 246272 c:\windows\SysWOW64\WSManHTTPConfig.exe
+ 2011-12-14 02:42 . 2009-10-09 21:56 241152 c:\windows\SysWOW64\winrscmd.dll
+ 2011-12-14 02:42 . 2009-08-01 06:27 201184 c:\windows\SysWOW64\winrm.vbs
+ 2011-12-14 02:42 . 2009-10-09 21:57 154112 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2011-12-14 02:42 . 2009-10-09 21:57 204800 c:\windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2011-12-14 02:42 . 2009-10-09 21:56 448000 c:\windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
+ 2011-12-14 02:42 . 2009-10-09 21:57 112640 c:\windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll
+ 2011-12-14 02:42 . 2009-07-16 17:22 126976 c:\windows\SysWOW64\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2011-12-14 02:25 . 2011-02-16 15:35 430080 c:\windows\SysWOW64\vbscript.dll
- 2011-02-22 16:16 . 2010-03-04 18:54 430080 c:\windows\SysWOW64\vbscript.dll
+ 2011-12-14 02:26 . 2009-07-10 12:21 247808 c:\windows\SysWOW64\shsvcs.dll
+ 2011-12-14 02:26 . 2011-04-29 14:54 276992 c:\windows\SysWOW64\schannel.dll
+ 2011-12-14 02:25 . 2010-12-29 17:41 153088 c:\windows\SysWOW64\sbeio.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 153088 c:\windows\SysWOW64\sbeio.dll
+ 2011-12-14 02:25 . 2010-12-29 17:41 323072 c:\windows\SysWOW64\sbe.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 563200 c:\windows\SysWOW64\oleaut32.dll
+ 2011-12-14 02:26 . 2010-12-20 15:39 563200 c:\windows\SysWOW64\oleaut32.dll
+ 2011-12-14 02:25 . 2010-12-17 15:06 677888 c:\windows\SysWOW64\mstsc.exe
- 2008-01-21 02:48 . 2008-01-21 02:48 677888 c:\windows\SysWOW64\mstsc.exe
+ 2011-12-14 02:25 . 2011-02-16 15:32 512000 c:\windows\SysWOW64\jscript.dll
- 2011-02-22 16:21 . 2009-06-04 12:33 512000 c:\windows\SysWOW64\jscript.dll
+ 2011-11-11 15:30 . 2011-11-11 15:30 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-11-11 15:30 . 2011-11-11 15:30 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-11-11 15:30 . 2011-11-11 15:30 145184 c:\windows\SysWOW64\java.exe
+ 2011-12-14 02:26 . 2011-05-02 15:58 738816 c:\windows\SysWOW64\inetcomm.dll
- 2011-02-23 15:34 . 2010-05-27 19:16 738816 c:\windows\SysWOW64\inetcomm.dll
+ 2011-12-14 02:25 . 2010-12-29 17:41 429056 c:\windows\SysWOW64\EncDec.dll
+ 2011-12-14 02:22 . 2011-03-02 14:49 167936 c:\windows\SysWOW64\dnsapi.dll
+ 2011-12-14 02:26 . 2011-02-16 13:24 292864 c:\windows\SysWOW64\atmfd.dll
+ 2011-12-14 02:42 . 2009-10-09 21:35 310272 c:\windows\system32\WsmWmiPl.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 180736 c:\windows\system32\WsmAuto.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 352768 c:\windows\system32\WSManMigrationPlugin.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 348672 c:\windows\system32\WSManHTTPConfig.exe
- 2008-01-21 02:49 . 2008-01-21 02:49 450048 c:\windows\system32\winsrv.dll
+ 2011-12-14 02:25 . 2011-04-20 15:16 450048 c:\windows\system32\winsrv.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 370688 c:\windows\system32\winrscmd.dll
+ 2011-12-14 02:42 . 2009-08-01 06:27 201184 c:\windows\system32\winrm.vbs
+ 2011-12-14 02:26 . 2011-02-27 15:53 979344 c:\windows\system32\winresume.exe
+ 2011-12-14 02:42 . 2009-10-09 21:39 173056 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 200704 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2011-12-14 02:42 . 2009-10-09 21:36 463872 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2011-12-14 02:42 . 2009-10-09 21:39 115200 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll
+ 2011-12-14 02:42 . 2009-07-16 17:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 113152 c:\windows\system32\wevtfwd.dll
+ 2011-12-14 02:42 . 2009-10-09 21:34 113152 c:\windows\system32\wecutil.exe
+ 2011-12-14 02:42 . 2009-10-09 21:34 232960 c:\windows\system32\wecsvc.dll
+ 2011-02-23 09:00 . 2012-01-04 14:16 267878 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-02-22 16:16 . 2010-03-04 18:45 603648 c:\windows\system32\vbscript.dll
+ 2011-12-14 02:25 . 2011-02-16 15:41 603648 c:\windows\system32\vbscript.dll
+ 2011-02-23 15:34 . 2010-09-06 15:59 179712 c:\windows\system32\srvsvc.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 301568 c:\windows\system32\shsvcs.dll
+ 2011-12-14 02:26 . 2009-07-10 12:37 301568 c:\windows\system32\shsvcs.dll
+ 2011-12-14 02:26 . 2011-04-29 15:25 344576 c:\windows\system32\schannel.dll
+ 2011-12-14 02:25 . 2010-12-29 17:53 210944 c:\windows\system32\sbeio.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 210944 c:\windows\system32\sbeio.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 416768 c:\windows\system32\sbe.dll
+ 2011-12-14 02:25 . 2010-12-29 17:53 416768 c:\windows\system32\sbe.dll
+ 2006-11-02 12:46 . 2012-01-06 23:23 595446 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-05 14:31 595446 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-06 23:23 101144 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-11-05 14:31 101144 c:\windows\system32\perfc009.dat
+ 2011-12-14 02:26 . 2010-12-20 16:06 847872 c:\windows\system32\oleaut32.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 847872 c:\windows\system32\oleaut32.dll
+ 2011-12-14 02:25 . 2010-12-17 15:35 730624 c:\windows\system32\mstsc.exe
- 2008-01-21 02:50 . 2008-01-21 02:50 730624 c:\windows\system32\mstsc.exe
- 2011-02-22 16:21 . 2009-06-04 12:58 753152 c:\windows\system32\jscript.dll
+ 2011-12-14 02:25 . 2011-02-16 15:38 753152 c:\windows\system32\jscript.dll
- 2011-02-23 15:34 . 2010-05-27 20:01 975360 c:\windows\system32\inetcomm.dll
+ 2011-12-14 02:26 . 2011-05-02 16:35 975360 c:\windows\system32\inetcomm.dll
+ 2006-11-02 15:21 . 2011-12-14 02:55 229160 c:\windows\system32\FNTCACHE.DAT
- 2006-11-02 15:21 . 2011-02-22 18:21 229160 c:\windows\system32\FNTCACHE.DAT
+ 2011-11-11 16:06 . 2011-10-15 10:48 291648 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_15958d34\nvstusb64.sys
+ 2011-11-11 16:06 . 2011-07-07 23:21 174184 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_b52afbc4\nvhda64v.sys
+ 2011-11-11 16:06 . 2011-07-07 23:21 150120 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_b52afbc4\nvhda64.sys
+ 2011-11-11 16:06 . 2011-10-15 08:53 283456 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvml.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 200512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvidia-smi.exe
+ 2011-11-11 16:06 . 2011-10-15 08:53 316496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvdrsdb.bin
+ 2011-11-11 16:06 . 2011-10-15 08:53 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\dbInstaller.exe
+ 2011-12-14 02:25 . 2011-04-29 13:12 144896 c:\windows\system32\drivers\srvnet.sys
+ 2011-12-14 02:25 . 2011-04-29 13:12 176128 c:\windows\system32\drivers\srv2.sys
+ 2011-12-14 02:26 . 2011-02-18 13:51 461312 c:\windows\system32\drivers\srv.sys
+ 2011-11-11 16:06 . 2011-07-07 23:21 174184 c:\windows\system32\drivers\nvhda64v.sys
+ 2011-12-14 02:25 . 2011-04-29 13:11 105984 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-12-14 02:25 . 2011-07-06 15:18 274432 c:\windows\system32\drivers\mrxsmb10.sys
- 2011-02-22 16:18 . 2010-02-23 11:46 135168 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-12-14 02:25 . 2011-04-29 13:11 135168 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-12-14 02:25 . 2011-04-21 13:42 407552 c:\windows\system32\drivers\afd.sys
+ 2011-12-14 02:22 . 2011-03-02 15:10 221184 c:\windows\system32\dnsapi.dll
+ 2011-12-14 02:26 . 2011-02-27 15:53 979344 c:\windows\system32\Boot\winresume.exe
+ 2011-12-14 02:26 . 2011-02-16 13:44 367616 c:\windows\system32\atmfd.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 847872 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2011-12-14 02:41 . 2010-09-23 13:34 743760 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-14 02:49 . 2010-03-04 12:55 258048 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll
- 2011-02-24 09:06 . 2008-07-27 18:01 258048 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll
+ 2011-12-14 02:46 . 2011-03-29 10:55 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2011-02-24 09:14 . 2008-06-20 01:14 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2011-12-14 02:41 . 2010-09-23 13:32 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-14 02:49 . 2010-03-04 13:36 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2011-02-24 09:06 . 2008-07-27 18:03 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2011-12-14 02:46 . 2011-03-29 10:55 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-08 06:19 . 2011-12-08 06:19 199680 c:\windows\Installer\79fd400.msi
+ 2011-11-11 15:31 . 2011-11-11 15:31 203776 c:\windows\Installer\25348da.msi
+ 2011-11-11 15:30 . 2011-11-11 15:30 901120 c:\windows\Installer\25348d2.msi
+ 2011-12-14 02:48 . 2011-12-14 02:48 223744 c:\windows\Installer\175d02.msi
+ 2011-12-14 02:47 . 2011-12-14 02:47 231936 c:\windows\Installer\175cf9.msi
+ 2011-12-14 02:46 . 2011-12-14 02:46 429568 c:\windows\Installer\175cf0.msi
+ 2011-12-14 02:45 . 2011-12-14 02:45 432640 c:\windows\Installer\175ce7.msi
+ 2008-12-13 16:02 . 2008-12-13 16:02 802816 c:\windows\Installer\175cd2.msp
+ 2009-03-20 17:53 . 2009-03-20 17:53 183808 c:\windows\Installer\175cc1.msp
+ 2011-12-14 02:41 . 2011-12-14 02:41 467456 c:\windows\Installer\175cb5.msi
+ 2011-12-14 02:40 . 2011-12-14 02:40 488448 c:\windows\Installer\175c99.msi
+ 2006-11-02 12:40 . 2011-11-11 16:09 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-11-04 17:30 143360 c:\windows\inf\infstrng.dat
+ 2009-12-21 22:41 . 2009-12-21 22:41 139776 c:\windows\Downloaded Program Files\asusTek_sys_ctrl.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\316227d5228b6c867dde4180da2583e1\WsatConfig.ni.exe
+ 2011-12-15 04:38 . 2011-12-15 04:38 328704 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\c492298ee00c4645bbd19a3344807ec6\WindowsFormsIntegration.ni.dll
+ 2011-12-14 03:02 . 2011-12-14 03:02 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\b8210b9f8464583888f924aa5e6e7f8c\UIAutomationTypes.ni.dll
+ 2011-12-14 03:02 . 2011-12-14 03:02 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\e7d9045c60e4b598795af07cebef6ee7\UIAutomationProvider.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\45700dd5f67685c35f6c2d50efa3cc38\UIAutomationClient.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 553984 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8F2F.tmp\BDATunePIA.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\adb15d4609e77e668b9ed2672f1a2218\TaskScheduler.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\18d2567f2fab28dad1b0036b37183b0f\System.Xml.Linq.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\cc6e00cf45f5cea701309d73ff002273\System.Web.Routing.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\2d94edb6992e88087b6de8dbe338462e\System.Web.RegularExpressions.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\160c293370d0a5754482df16ca08ef5c\System.Web.Entity.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\ce06bb9b8beb972cd4423ea1461986f8\System.Web.Entity.Design.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\791a4bb9b25685abb6cd13d5db1c6019\System.Web.DynamicData.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\02fc1b4385fdf5b48f54fdc873a5e58b\System.Web.Abstractions.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\eead95a32782d15fda7c303d4b838009\System.Transactions.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\94646ef384d1d16311e3fe651f513f2c\System.ServiceProcess.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\c0d048ec4210dd0db466b794a47d8a1d\System.Security.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2cfaed62cee7144599086ec70dc3368c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\9ad974db2ac27e6a65a7c78c226b29a0\System.Net.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\a3cd1580b27ab056557390708e99acb9\System.Messaging.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\3daeb65f17b1aad23b0c81179175bf98\System.Management.Instrumentation.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\63dc934c049c80994db9bf61ed6ad682\System.IO.Log.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\c2678d4136ef6a613a9e2eb38d355b11\System.IdentityModel.Selectors.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\09bb7b03f4bec9cc517b932e81f65e04\System.EnterpriseServices.Wrapper.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\295a707e3937e093ada98d0487c105b9\System.Drawing.Design.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\04ea347638a4acfd642a5a431beb2c8c\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\c9503c442da839d0b7f8d55ef0771c0f\System.Data.Services.Design.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\41f2870aece3dabd29db0831374cd372\System.Data.DataSetExtensions.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\1ede61091e7730d7243b00cdd0ab6e7b\System.Configuration.Install.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\d7ea8b1bb51c5ab2c655a74662d0ca58\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\ac11be296b8f3415dc585a44e3708221\System.AddIn.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\0ba0596313daa37999ba155fa5604b3a\System.AddIn.Contract.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\1688badff2d11e1fd155d81b250374c7\sysglobl.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\e8fbe25c06b58ab634214bdb88e4e7f4\SMSvcHost.ni.exe
+ 2011-12-14 21:02 . 2011-12-14 21:02 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\e0f287954337c7fd7e5541fd9d7f04d1\SMDiagnostics.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\90e002ad51264b4ac2fc7af294cb0314\ServiceModelReg.ni.exe

Deshra, Jan 6, 2012

#14
Deshra Newcomer, in training

CF Log Cont.

+ 2011-12-14 03:03 . 2011-12-14 03:03 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a9cc8a8b8454ee54f20736c3a2221b01\PresentationFramework.Luna.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9f9c7ffcc4b7931724efc216bf69e416\PresentationFramework.Classic.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4d10292ef241691b264bf0e9f035d1f7\PresentationFramework.Aero.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2a390c6b9e4690cecdcf06c790709ae7\PresentationFramework.Royale.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\a0928d7b152a9e13afcd2cd9a673f0d5\napsnap.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\85eae1f51b800c29743375b931d9740b\napinit.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\0d671837cde9271b603fc561755cb8eb\naphlpr.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\059b5e954dc69f0ebbea570550309584\napcrypt.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\919bc9b7b621ea551a05f7dd0f631c33\MSBuild.ni.exe
+ 2011-12-15 03:31 . 2011-12-15 03:31 412160 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\8021549cdcb3669e51902fba414e1471\MMCFxCommon.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\e88bd8e379dafa2500f87856024edc7d\Microsoft.WSMan.Management.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\77763f1f86fcfca02c6b70e56e7b94f8\Microsoft.Vsa.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\882b8cdaa161d79c4354a8c7e9818df0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d65b1b3a66053ba80780b97266ec32fe\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\c1cd449908070c3cbd30c100fbc23476\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a27edc6d5be180867e1f9ac36000ff38\Microsoft.PowerShell.Security.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\96ecf04fe0f0fd1f73635f90913446b2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e26d322d02e53a9eb7ca9aaa4b9f069e\Microsoft.MediaCenter.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d07e8dbdc1da201d4aec3b6be799eaca\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3dc30d17b0fbe973bfc9793ccd9c4456\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\64787e74a26ca101e6c18c153debc92e\Microsoft.ManagementConsole.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\b5fd798df1e7d2da2a8c1cfd923f56d3\Microsoft.Build.Utilities.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\0e89800227415355a2f8ff4aa816d97c\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\b74a30149ecc68482b5d685dc58de13f\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\6ca9260f8a7d39a86a0bce55a011b8aa\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\c665c21b12e81bfb12aad24c279e3627\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\b8c94857793130e1b54cc677cc8020dc\Mcx2Dvcs.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 369152 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\9545a554ce5b131a599ffcf456cab66a\mcupdate.ni.exe
+ 2011-12-15 03:31 . 2011-12-15 03:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\c95779d6615b9912ed52b7c8f324fd01\mcstoredb.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 891392 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\53577e8877b0d60c19cff7a5178a29b8\mcstore.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\c18f2b48ffc97f805c9008dbb6a48c3a\loadmxf.ni.exe
+ 2011-12-15 03:31 . 2011-12-15 03:31 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\7bc8c0448cd5ba59e78997a7de5c7c25\EventViewer.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\a5d71af63d1c9c6819f400852dd0182f\ehiWUapi.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\eca1e04af7b0223c8f03d10e632c220a\ehiwmp.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\754fcfd3cdc0ffed943213cee1189d34\ehiUserXp.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\f663486a5c88e1d14e795ad1159f8f94\ehiReplay.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\8b0d607f97fe26eac66406c7ee8cff60\ehiExtens.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 369152 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\d885a3f0410729df589b681778ab47e0\ehExtHost.ni.exe
+ 2011-12-15 03:30 . 2011-12-15 03:30 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\4c77e45a71a9504b2d15b5701e56e990\ehepgdat.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\ce1fb50c73bae58f434f659e38b7b7d9\ehCIR.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1f2c2cb6bafd38014e728cd404818cf8\CustomMarshalers.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\3d057cec32b3a925b5039e20fe62a995\ComSvcConfig.ni.exe
+ 2011-12-15 03:30 . 2011-12-15 03:30 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\1c3db8a54ec93d11e1b930ca4289d7f3\BDATunePIA.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7fd759757e2c82e88d4af75abc9f28cc\WsatConfig.ni.exe
+ 2011-12-15 03:30 . 2011-12-15 03:30 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9e40949744b36534fe62cd64ddccb6a1\WindowsFormsIntegration.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8837c17e16a1ebba04a1f625977bc907\UIAutomationTypes.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\8aefd0f595910a92650b0ceb58dd1ba3\UIAutomationClient.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\3a7bbceb8c50051f15d10d97b37675a8\TaskScheduler.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f12d36c31f0739ea461ab2a4c532c9e5\System.Xml.Linq.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\765e183d82f07083dcfac3f4c55f856f\System.Web.Routing.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d1261a1a22df4e8f1cb8f6d4247340bd\System.Web.RegularExpressions.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9cd315af8f34044cb6f8ca822611541b\System.Web.Extensions.Design.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\c466d4e3f56b3a24aff27217d451594d\System.Web.Entity.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\93a9ee5d413b0a6384cbb12dcb93d88b\System.Web.Entity.Design.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\04e168145bacbe79f81a6013f2ad7f64\System.Web.DynamicData.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\65108b5ea6920387ab79ca08734a1a3f\System.Web.Abstractions.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1a579c752242a5cb70ca9e83f9eb2e1f\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\18162058c47608048e933ef7c77d19c0\System.Net.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\54088d36d01e44e6abf5776693ca1d3e\System.Messaging.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\ec3981d91927af7ca45075376773dc2f\System.Management.Instrumentation.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0a01d02239772cfefe08fc733164b784\System.IO.Log.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b6dac099a521752138d76a80922c4e03\System.Drawing.Design.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0a3c42f44b5204dff52d3f16230ffa30\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0a08a9feaeddb7c9483121553af68343\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\6c3834a2f6d5c4ecc8a5bed19ce01b45\System.Data.Services.Design.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0a70c348976eb8c38338fa48b2c7ac8a\System.Data.Services.Client.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c4af88027cad914751b69cbca75446e3\System.Data.Entity.Design.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\40fa0ab3d39f28ef102625069d22e144\System.Data.DataSetExtensions.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\e30a6170eca3eeff46c5ed8e4da233f8\System.Configuration.Install.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\e58ca49e9883534ae91f9ac95b37031c\System.AddIn.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\ccabfa9c6b6f634d08c683edf1c4bca3\sysglobl.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\383ef2bf04fd33f3210bc1b3b35ef4bd\SMSvcHost.ni.exe
+ 2011-12-15 03:17 . 2011-12-15 03:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\ced4e6610857a77b476eab69e60e1365\ServiceModelReg.ni.exe
+ 2011-12-14 02:58 . 2011-12-14 02:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\51221f3665d97e9f5dc87c0e10ef84df\PresentationFramework.Royale.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\25d1e2976799bc0dd632fa506678e726\PresentationFramework.Luna.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0799da41c4928a0e6c029ef2deb5994f\PresentationFramework.Classic.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 601088 c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\b8a900c9334d8d74ff80fc5d26c50a80\PerstNET.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\3cee19f6790c10d8983fec6dd259f6f8\napsnap.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\04f1a26ec1bce26f4083d5c7b2963a7e\napinit.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\c0a9c60bfa336a2afe81ca188f9d3236\naphlpr.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\05f0d8d0003b914fc2d03a9e810562da\MSBuild.ni.exe
+ 2011-12-15 03:18 . 2011-12-15 03:18 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\309fa83d0d3879911e14c92978d21176\MMCFxCommon.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\82a35842af13110c582e25127f3428dc\Microsoft.WSMan.Management.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6d9c6ec8241c1fbb8318eead49498f55\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e485777d08312a214b1154f0c7e17edd\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a907047b2e361f5b9dfbad7f6739051b\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6235ab30ac92762a9afc636b794cc680\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\480316b0889d26cfdaec16f614e87777\Microsoft.PowerShell.Security.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2fb846e42c6c869e4f493878220f5ef5\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\26b33e7602087bb6e634d6f9dac81d7b\Microsoft.MediaCenter.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 550912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\709d81ab469147e37c3b3ef847be25e7\Microsoft.ManagementConsole.ni.dll
+ 2011-12-15 03:28 . 2011-12-15 03:28 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3a1b57fffcb7083d0548802838a0161a\Microsoft.Build.Utilities.ni.dll
+ 2011-12-15 03:28 . 2011-12-15 03:28 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1bbdceb27875c0537d7f09aa38c9a24e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d7931d93e3ea5318ca1597413d571936\Microsoft.Build.Engine.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\5c6a72e053c1137f1e3edadd932b0ddd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\733f4e866a633986cddfccc7367cd128\MediaManager.Utils.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 372224 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\caa0d4a2f9331d56b9a5970ff83499f0\MediaManager.SplashScreen.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\43bf948714762726578003dee93b9f9a\MediaManager.GUI.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 881664 c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\4e1139080dbc29028899a1bb64e3df72\Lucene.Net.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 657920 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\d125dcc266f9e8fb5dcd1a23703f3883\log4net.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 812032 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\248713b9f44935d8e5fa1ae124b6e3fa\Interop.WMPLib.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 311808 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\8cb1d8dba20c8e8bf54ba21a15281327\Interop.SHDocVw.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 204288 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\e2ce6802662d4178b52a97911ce01d74\Interop.QTOLibrary.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 100864 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\79fda0f13a50f6cfe4977064659e86ce\Interop.IWshRuntimeLibrary.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 374784 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\3fcf7d1adf5b89df8686c966e2a887c3\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 210432 c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\c8e4e4a594999040c2034e02a91caeec\GCPlayer.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\7bd5215cebeed641c163540f931d7d0d\EventViewer.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\869a87748c7f2b9bd8ac64f4e2583bfc\ehiExtens.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 242688 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\286ca73d6ca264fd9c561b8919eaf510\ehExtHost32.ni.exe
+ 2011-12-15 03:18 . 2011-12-15 03:18 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\316c986d73d27faa8856c4de1681e2ca\ComSvcConfig.ni.exe
+ 2011-12-15 03:18 . 2011-12-15 03:18 151552 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\6b2e3fbd51ebc66d51dda998fa6b89b4\AxInterop.WMPLib.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\682802ada3bba1164ba3f408af294b6a\AxInterop.SHDocVw.ni.dll
- 2011-02-27 18:17 . 2011-02-27 18:17 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-12-14 02:44 . 2011-12-14 02:44 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-12-14 02:44 . 2011-12-14 02:44 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-02-24 09:06 . 2008-07-27 18:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-14 02:49 . 2010-03-04 13:36 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-14 02:51 . 2010-04-12 12:19 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-12-14 02:42 . 2009-10-12 21:55 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
+ 2011-12-14 02:51 . 2010-04-12 12:19 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-12-14 02:44 . 2011-12-14 02:44 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-02-27 18:17 . 2011-02-27 18:17 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-02-27 18:17 . 2011-02-27 18:17 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-12-14 02:44 . 2011-12-14 02:44 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2011-02-24 09:14 . 2008-06-20 01:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2011-12-14 02:42 . 2009-10-09 21:56 1181696 c:\windows\SysWOW64\WsmSvc.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\SysWOW64\msxml4.dll
+ 2011-12-14 02:25 . 2010-12-17 16:43 2067456 c:\windows\SysWOW64\mstscax.dll
+ 2011-12-14 02:26 . 2011-03-10 16:12 1161728 c:\windows\SysWOW64\mfc42u.dll
+ 2011-12-14 02:26 . 2011-03-10 16:12 1136640 c:\windows\SysWOW64\mfc42.dll
+ 2011-12-14 02:42 . 2009-10-09 21:36 2050048 c:\windows\system32\WsmSvc.dll
+ 2011-12-14 02:26 . 2011-02-27 15:53 1062800 c:\windows\system32\winload.exe
+ 2011-12-14 02:25 . 2011-06-02 13:22 2762240 c:\windows\system32\win32k.sys
+ 2011-11-11 16:06 . 2011-07-07 23:21 1452648 c:\windows\system32\nvhdagenco6420102.dll
+ 2011-12-14 02:25 . 2010-12-17 17:12 2424320 c:\windows\system32\mstscax.dll
+ 2011-12-14 02:26 . 2011-03-10 16:30 1360384 c:\windows\system32\mfc42u.dll
+ 2011-12-14 02:26 . 2011-03-10 16:30 1398784 c:\windows\system32\mfc42.dll
+ 2011-11-11 16:06 . 2011-10-15 10:48 1454400 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_15958d34\nvgenco64.dll
+ 2011-11-11 16:06 . 2011-07-07 23:21 1452648 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_b52afbc4\nvgenco64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 8791360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvwgf2umx.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 7041856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvwgf2um.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 1454400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvgenco64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 1533248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvdispco64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 2401088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcuvid32.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 2542912 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcuvid.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 2232128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcuvenc64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 2099520 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcuvenc.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 5578560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcuda32.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 7581504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcuda.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 2808128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvapi64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 2458432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvapi.dll
+ 2011-12-14 02:26 . 2011-02-27 15:53 1062800 c:\windows\system32\Boot\winload.exe
- 2006-11-02 15:22 . 2011-02-22 18:22 2866387 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 15:22 . 2011-12-14 02:56 2866387 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2011-12-14 02:51 . 2010-04-12 12:20 5304320 c:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2011-02-24 09:06 . 2008-07-27 18:01 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-14 02:46 . 2011-03-29 10:55 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-14 02:41 . 2010-09-23 13:33 5251072 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2011-12-14 02:39 . 2011-01-19 10:50 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 1576784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 1764696 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-12-14 02:51 . 2010-04-12 12:20 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2011-12-14 02:46 . 2011-03-29 10:55 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-02-24 09:06 . 2008-07-27 18:03 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-14 02:41 . 2010-09-23 13:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2011-02-23 17:50 . 2008-10-13 22:26 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-14 02:39 . 2011-01-19 10:48 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-11-11 16:09 . 2011-11-11 16:09 1550848 c:\windows\Installer\2771f18.msi
+ 2010-09-24 03:13 . 2010-09-24 03:13 1484800 c:\windows\Installer\175cdd.msp
+ 2011-12-14 03:01 . 2011-12-14 03:01 4891136 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\5bc21868a0865c5b2cfa518e4fd866ce\WindowsBase.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\ae7daf4b5f05c2af822fcf1f9bcf50e8\UIAutomationClientsideProviders.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\640d3de96f3b47cbe735812a9f336703\System.Xml.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\2ce39208b7b05ea8f93f2f15c0706858\System.WorkflowServices.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 2701312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\fc5ee5adc02b7860461c26c774fca1ae\System.Workflow.Runtime.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\c2a9a5f50e108d5fbdcfa84092ace3e4\System.Workflow.ComponentModel.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\d8ef0a9da19beca390b9702c2ee266d9\System.Workflow.Activities.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ba82a9d54503d9bea8e07bc5b3ca5b6f\System.Web.Services.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\cc0dcee05bacbae649e53dcee9c550aa\System.Web.Mobile.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\dc4c53979d00377c97b2f1002e7f0d48\System.Web.Extensions.ni.dll
+ 2011-12-15 04:38 . 2011-12-15 04:38 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\8fac049407facb265be4a204c534fee1\System.Web.Extensions.Design.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\f13bb632f0fac0faaa5d8eed497711b4\System.Speech.ni.dll
+ 2011-12-15 03:33 . 2011-12-15 03:33 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\0e10e3232a96aceab12d0742476bb8ab\System.ServiceModel.Web.ni.dll
+ 2011-12-14 21:03 . 2011-12-14 21:03 3071488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\30b7f4db45d9f58a5fba74731edd14f2\System.Runtime.Serialization.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\15175cd85277a32c9d2717e06bfc16ec\System.Runtime.Remoting.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\cc31b25a29d6cb69e6c34a56a6d395c3\System.Printing.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\26e77f571e9e6d7be1337f7aa0c5ea12\System.Management.ni.dll
+ 2011-12-14 21:03 . 2011-12-14 21:03 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\fd6a34c238381a8e39407b00d1daa696\System.IdentityModel.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\09bb7b03f4bec9cc517b932e81f65e04\System.EnterpriseServices.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\fb9c85f956f4f920ec3d0eff109c2d1c\System.Drawing.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cc22eed909c54c39c018b486762d2126\System.DirectoryServices.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\779617e73ed2c3362e97b0031bf3baba\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\ea05682e49a00bf4c9bbf2838891d54a\System.Deployment.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 8608768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\dc4b619ca1bbe9f90376e320318630fe\System.Data.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\86fba07510d1a237244e07a7474afa9c\System.Data.SqlXml.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\e6a7d2c382c761cdeab2bd918899fbe3\System.Data.Services.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\8389a697251d9ad4d7f249ba7879c660\System.Data.Services.Client.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 1505280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\8ea59cbd12ddf9af13ad325ef3b022a1\System.Data.OracleClient.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\c301b5005a38803f64d124b5835dabe5\System.Data.Linq.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\e08bec6278c2bfdd68922d003942e8bf\System.Data.Entity.Design.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\25b53b6e76801db1789ee1fd1e743f0f\System.Core.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\8f41056e6bbdf24a94ff29309e258d69\System.Configuration.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 3081216 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\5c58b82698d0feb1e887a50d4a558f0b\ReachFramework.ni.dll
+ 2011-12-14 03:02 . 2011-12-14 03:02 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\58e9bc9ada483189a6b67dd05d9c098f\PresentationUI.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\75cbfe2bdd7efb138c9a5342ce3848fb\PresentationBuildTasks.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\8d008a4d19bf536238604c249353e73f\Narrator.ni.exe
+ 2011-12-15 03:32 . 2011-12-15 03:32 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\f97d0716c8937703fb35c65eb47319a5\MMCEx.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 7833088 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2a334a4c552b825aa6e24f464c3e49cc\MIGUIControls.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\45ba90fdde14b4d95e74328831ce4fc5\Microsoft.VisualBasic.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\359c9cd99a067402da59da0b20f0602a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\c80b0551d546e136fdbadf0b868b95c2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a6ca14bc8f57fc9334e502133d99b10c\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5ccddd32fd879e42d1c33d3730c1ce92\Microsoft.PowerShell.Editor.ni.dll
+ 2011-12-14 03:03 . 2011-12-14 03:03 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\07aaf436b188a311f768b581d05dff93\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\018f89fe98520b0626eb25bd689367ff\Microsoft.MediaCenter.UI.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\e12186c6304f08672facb9e3bb331fd9\Microsoft.JScript.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a1a9ff55121eb285b74fb5f0f1aae4fa\Microsoft.Ink.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\c85a35e24cd4c68f10eb15f52a5bfb9e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4e71a8d7285b866d9e3b0f58985b5650\Microsoft.Build.Tasks.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\789cf2b160eca56e02baaf79c5ee0478\Microsoft.Build.Engine.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\2e4ed251c4b90a92affa3feb255d35f1\Microsoft.Build.Engine.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\a870c76a8c6a5e04b3dcde5057593044\ehRecObj.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\1e28fa120fd1eac3a8e19cad0032effd\ehiVidCtl.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0243b95786e2990f8e5f8786178d039f\ehiProxy.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\fe18ea324e7278df2d5e4b073a6f9271\ehiPlay.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\3a5763a2643e1da7e4cafeb6953943da\ehepg.ni.dll

Deshra, Jan 6, 2012

#15
Deshra Newcomer, in training

CF Log Cont. 3

+ 2011-12-14 02:57 . 2011-12-14 02:57 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e232b44218398fdbd683b6b2ce5574ce\UIAutomationClientsideProviders.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 1565184 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP684E.tmp\Microsoft.Build.Tasks.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\764606ab0170b005d518c9a1632f2ec5\System.WorkflowServices.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\e6fc55e62f098c2b38998e9b6a9636ea\System.Workflow.Runtime.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\78b9c7e989f9f30ac7203f5ffe753951\System.Workflow.ComponentModel.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\c394894d9e55601a141bb6f77da66c32\System.Workflow.Activities.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f36afc479d26566f973ab0b6c6b155ac\System.Web.Mobile.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\202e7a75b3e74183b91f583e372224ca\System.Web.Extensions.ni.dll
+ 2011-12-15 03:30 . 2011-12-15 03:30 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\3d384373936e4b09c0eda5c451e27940\System.Speech.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97e45107abc210ed1da69409ba9b074e\System.ServiceModel.Web.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\2dd03c666a538de5b4e9bdb528bfe4ae\System.Printing.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5f76187823a1d2ce0de97a7150750806\System.Management.Automation.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\434ce959e5919b333aa4a77136e8e283\System.DirectoryServices.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f280cfb373553c7b3ca0581a89944b91\System.Deployment.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7ce102f66f1e9a72578c6f2f07a27ef8\System.Data.SqlXml.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\520e5419ba9c201fb7eb0dd64f26100d\System.Data.Services.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7d45ecc130c35d84662bd6461dd2fa46\System.Data.OracleClient.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\e626e36671e1e181b347e7e44199e309\System.Data.Linq.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a5245a347e4f0755c18cbf124644a1f4\System.Data.Entity.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\1f727c640bbd966ca74748a8dd96eb32\System.Core.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 1001472 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\1bef0dd1c29de3f0289c39e3d3c6c9d5\Sony.MediaSoftware.clrshared.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2a7f6c3ac6ea2e266516ec384abb6997\ReachFramework.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0a4a8fe074ec4a0cb3f9540106999e4e\PresentationUI.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\38711fb50c6376724534e95d4e50ba4c\PresentationBuildTasks.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\9255e469aa3a1feff46d16be604a221c\Narrator.ni.exe
+ 2011-12-15 03:29 . 2011-12-15 03:29 1534464 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\6071a398ccb19359566669d4aec4aba4\MMCEx.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 6338560 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\74147a1f63a1d3449391e63789f1dc12\MIGUIControls.ni.dll
+ 2011-12-15 03:29 . 2011-12-15 03:29 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7ad42c8bc507165bce7755c59f3b1093\Microsoft.Transactions.Bridge.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c2f8c1f6c12482b0dd77253bf086998\Microsoft.PowerShell.Editor.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6483426b8cc5004ad0b68c5d92cf57a3\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0f1aec17421a7a9bec021c77fc626881\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\20ffca72a65b29c3a46319d7504e7cc7\Microsoft.MediaCenter.UI.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\4f05cf368d5bb6282fdc3e9287e03f81\Microsoft.JScript.ni.dll
+ 2011-12-15 03:28 . 2011-12-15 03:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\70d20be4b99f8c28e9464f902b29bb33\Microsoft.Ink.ni.dll
+ 2011-12-15 03:28 . 2011-12-15 03:28 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\38563b31ff33d5396d5ac5ef295dcbc2\Microsoft.Build.Tasks.ni.dll
+ 2011-12-15 03:28 . 2011-12-15 03:28 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2044a0d2b87269ca518f1307caff182e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\764ccd950d50bb5cb5ea2604184199ad\Microsoft.Build.Engine.ni.dll
+ 2011-12-15 03:18 . 2011-12-15 03:18 1890304 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\c53a51cfa0e56cf93146908fcc444a56\MediaManager.ni.exe
+ 2011-12-15 03:18 . 2011-12-15 03:18 5597696 c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\cd3f6c89a95155a5eae9369815d7966d\AppCommon.ni.dll
+ 2011-12-14 02:39 . 2011-01-19 10:48 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-12-14 02:46 . 2011-03-29 10:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-02-24 09:06 . 2008-07-27 18:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-12-14 02:45 . 2011-12-14 02:45 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-02-27 18:17 . 2011-02-27 18:17 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-12-14 02:51 . 2010-04-12 12:19 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-12-14 02:42 . 2009-10-09 21:39 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2011-12-14 02:41 . 2010-09-23 13:33 5251072 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-02-23 17:50 . 2008-10-13 22:26 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-14 02:41 . 2010-09-23 13:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-09-27 18:50 . 2006-09-27 18:50 56625390 c:\windows\SysWOW64\RealFlight Screen Saver.scr
- 2006-11-02 12:33 . 2011-11-10 06:40 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-01-05 19:21 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:35 . 2011-10-28 05:05 52174280 c:\windows\system32\mrt.exe
+ 2011-11-11 16:06 . 2011-10-15 08:53 24742720 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvoglv64.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 18871616 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvoglv32.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 12971840 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvlddmkm.sys
+ 2011-11-11 16:06 . 2011-10-15 08:53 15693120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvd3dumx.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 13205312 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvd3dum.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 17248576 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcompiler32.dll
+ 2011-11-11 16:06 . 2011-10-15 08:53 24796992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_69114149\nvcompiler.dll
+ 2011-12-14 02:46 . 2011-03-29 10:54 10024272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-12-14 02:50 . 2011-12-14 02:50 20333568 c:\windows\Installer\175d0f.msp
+ 2011-12-14 02:59 . 2011-12-14 02:59 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\646d1e1e057be5f9037f1c9d66db4ba6\System.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\51cc3689fd2630f4f52cab5ee5460155\System.Windows.Forms.ni.dll
+ 2011-12-14 03:00 . 2011-12-14 03:00 15220736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\bb84bc1f34b8b1163273e2e015b0d09f\System.Web.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:17 23811072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\cdec30a22eb9747feca850d69d986779\System.ServiceModel.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\861edc238bb9111c64903658670a4bc4\System.Management.Automation.ni.dll
+ 2011-12-14 03:01 . 2011-12-14 03:01 13716992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\35c99f3b4fb6c87e9671f8a0ca374458\System.Design.ni.dll
+ 2011-12-15 03:32 . 2011-12-15 03:32 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\9f75f543aef89d3d07e9a17e1e10c256\System.Data.Entity.ni.dll
+ 2011-12-14 03:02 . 2011-12-14 03:02 19176448 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\d5f731cf921cd447bc48436cc26fc476\PresentationFramework.ni.dll
+ 2011-12-14 03:02 . 2011-12-14 03:02 16512512 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\22cd7eeeefebe882c5e44b969a60bf0e\PresentationCore.ni.dll
+ 2011-12-14 02:59 . 2011-12-14 02:59 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\0f50472cb7463465ca2c77c05167f5d8\mscorlib.ni.dll
+ 2011-12-15 03:31 . 2011-12-15 03:31 15824896 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\413a69832395190c3bd4ee3beb743422\ehshell.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
+ 2011-12-15 03:17 . 2011-12-15 03:18 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
+ 2011-12-14 02:57 . 2011-12-14 02:57 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\6b040a8ba64ee0fb01800767af15be12\System.Design.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
+ 2011-12-14 02:58 . 2011-12-14 02:58 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
+ 2011-12-14 02:56 . 2011-12-14 02:56 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-06-29 286720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-03 6975520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.10.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Deshra\AppData\Roaming\Mozilla\Firefox\Profiles\u8syq1tr.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157|http://www.asus.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-yBlqxAdBNPjQ.exe - c:\programdata\yBlqxAdBNPjQ.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-670706601-4268592964-42186093-1000\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="pnmUpMulkZ5fD468FPYgi/xKSQkwklJevjYk32FGw74q4HVzOWdSEg=="
"PLCK"="h1dKNlqvRYxyPtYA86lCoejIr2qNnY9W"
"Percents"="0 0.1106 0.2228 0.4518 0.7803 0.8647 0.8672 "
"Increment"=".006369"
"PHSH"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\AsHookDevice.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\ASUS\AI Manager\AIManager.exe
c:\program files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-01-06 18:23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 00:23
ComboFix2.txt 2011-11-10 06:46
.
Pre-Run: 148,406,452,224 bytes free
Post-Run: 148,686,864,384 bytes free
.
- - End Of File - - 96ADD832D21AEBCF453B085F0C27A66C

Deshra, Jan 6, 2012

#16
Broni Malware Annihilator

When I try to open the mbr.dat file it turns to garbage any suggestions?

I don't need that file.
Please re-read aswMBR instructions how to save the log.

Broni, Jan 6, 2012

#17
Deshra Newcomer, in training

Mbr2

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 10:49:12
-----------------------------
10:49:12.411 OS Version: Windows x64 6.0.6001 Service Pack 1
10:49:12.411 Number of processors: 4 586 0x170A
10:49:12.412 ComputerName: CYBERNECRO UserName: Deshra
10:49:14.753 Initialize success
10:49:14.844 AVAST engine defs: 12010700
10:49:24.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:49:24.235 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
10:49:24.237 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
10:49:24.238 Disk 1 Vendor: WDC_WD10EAVS-98M4B0 01.00A01 Size: 953869MB BusType: 3
10:49:24.253 Disk 0 MBR read successfully
10:49:24.255 Disk 0 MBR scan
10:49:24.258 Disk 0 unknown MBR code
10:49:24.260 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10244 MB offset 63
10:49:24.263 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 20980890
10:49:24.279 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 418992 MB offset 607048155
10:49:24.282 Service scanning
10:49:25.848 Modules scanning
10:49:25.851 Disk 0 trace - called modules:
10:49:25.856 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:49:25.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b1e790]
10:49:25.863 3 CLASSPNP.SYS[fffffa6000fd2b3a] -> nt!IofCallDriver -> [0xfffffa8007954520]
10:49:25.867 5 acpi.sys[fffffa60008feff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007950510]
10:49:28.730 AVAST engine scan C:\Windows
10:49:31.310 AVAST engine scan C:\Windows\system32
10:50:23.109 AVAST engine scan C:\Windows\system32\drivers
10:50:32.698 AVAST engine scan C:\Users\Deshra
10:54:29.021 AVAST engine scan C:\ProgramData
10:55:14.948 Scan finished successfully
11:04:51.810 Disk 0 MBR has been saved successfully to "K:\MBR.dat"
11:04:52.260 The log file has been saved successfully to "K:\aswMBR.txt"

Deshra, Jan 7, 2012

#18
Broni Malware Annihilator
Good

How is computer doing?

Uninstall McAfee Security Scan Plus, typical foistware.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Jan 7, 2012

#19
Deshra Newcomer, in training

Otl2

OTL logfile created on: 1/7/2012 5:44:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Deshra\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.96% Memory free
16.20 Gb Paging File | 14.18 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 138.48 Gb Free Space | 49.55% Space Free | Partition Type: NTFS
Drive D: | 465.83 Gb Total Space | 223.30 Gb Free Space | 47.93% Space Free | Partition Type: NTFS
Drive E: | 409.17 Gb Total Space | 194.21 Gb Free Space | 47.46% Space Free | Partition Type: NTFS
Drive F: | 465.68 Gb Total Space | 44.39 Gb Free Space | 9.53% Space Free | Partition Type: NTFS
Drive G: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 60.37 Gb Total Space | 21.74 Gb Free Space | 36.01% Space Free | Partition Type: NTFS
Drive J: | 172.51 Gb Total Space | 6.89 Gb Free Space | 4.00% Space Free | Partition Type: NTFS

Computer Name: CYBERNECRO | User Name: Deshra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 17:40:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Deshra\Desktop\OTL.exe
PRC - [2011/11/30 03:26:26 | 000,393,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/08/19 21:59:18 | 000,858,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe
PRC - [2009/08/19 21:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/12/17 00:35:36 | 000,621,568 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/30 03:26:26 | 000,393,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/11 03:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 07:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 03:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 19:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/01 23:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/01 22:38:06 | 009,837,568 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2010/06/01 20:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 20:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 20:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 20:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
MOD - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/04/07 10:04:40 | 000,512,512 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\sysinfo_disk.dll
MOD - [2009/04/07 10:04:32 | 000,516,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\sysinfo_memory.dll
MOD - [2009/04/07 10:04:26 | 000,501,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\sysinfo_system.dll
MOD - [2009/04/07 10:04:18 | 000,496,128 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\sysinfo_bios.dll
MOD - [2009/04/07 10:04:12 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\sysinfo_cpu.dll
MOD - [2009/04/07 10:04:04 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\sysinfo_mb.dll
MOD - [2009/03/25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/02/23 11:15:32 | 001,147,392 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\iProbe.dll
MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008/12/17 00:35:36 | 000,621,568 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
MOD - [2008/06/12 01:21:40 | 000,188,416 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.82\aasp.dll
MOD - [2008/01/17 02:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.82\cpuutil.dll
MOD - [2007/10/31 17:51:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\iSecurity\AsMultiLang.dll
MOD - [2007/10/31 17:51:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\iDisk\AsMultiLang.dll
MOD - [2007/10/31 17:51:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\AsMultiLang.dll
MOD - [2007/10/31 17:50:58 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\SupportGroup\AsMultiLang.dll
MOD - [2007/10/18 17:18:06 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\SysInfo\LangFiles\AsMultiLang.dll
MOD - [2007/10/18 17:18:06 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\Page\iProbe\LangFiles\AsMultiLang.dll
MOD - [2006/01/10 10:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/06/22 03:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.82\PowerDll.dll
MOD - [2004/07/14 15:17:52 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Manager\AsIO.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/17 01:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/08/19 21:55:40 | 000,196,608 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/07 17:21:28 | 000,174,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/30 05:59:22 | 000,066,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 05:59:22 | 000,060,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 13:06:31 | 000,125,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/11/11 14:11:42 | 000,232,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows

Deshra, Jan 7, 2012

#20

(You must log in or sign up to reply here.)

Page 1 of 3

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved