Jump to content

Recommended Posts

Posted

My computer would not shut down. It will only turn off if I press the power button more than 3 seconds.

Also, Adobe reader would request for an install. I would install it. Then after restart, it would request for an install again.

 

Malwarebytes MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7725

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

 

9/16/2011 10:29:59 AM

mbam-log-2011-09-16 (10-29-59).txt

 

Scan type: Quick scan

Objects scanned: 183150

Time elapsed: 15 minute(s), 44 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

OTL text:

OTL logfile created on: 9/16/2011 10:15:36 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Wayne Wagner\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.30% Memory free

8.04 Gb Paging File | 5.58 Gb Available in Paging File | 69.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.51 Gb Total Space | 110.41 Gb Free Space | 38.67% Space Free | Partition Type: NTFS

Drive D: | 12.58 Gb Total Space | 1.28 Gb Free Space | 10.15% Space Free | Partition Type: NTFS

 

Computer Name: WAYNEWAGNER-PC | User Name: Wayne Wagner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Wayne Wagner\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()

PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()

PRC - C:\Program Files (x86)\SMINST\BLService.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.Wrapper.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()

MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()

MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe (IDT, Inc.)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)

SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()

SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()

SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)

DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)

DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)

DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)

DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: No CLSID value found. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Wayne Wagner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Wayne Wagner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wayne Wagner\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wayne Wagner\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 14:48:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 21:08:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/04 08:49:09 | 000,000,000 | ---D | M]

 

[2011/01/11 13:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/11 20:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/07 21:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/12/02 19:53:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/20 23:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI

[2010/05/15 17:36:38 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\RUNTIME@PANDA3D.ORG

[2011/09/08 21:08:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/23 06:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

 

O1 HOSTS File: ([2011/09/15 22:00:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529F36CD-FA73-44CD-A7AF-1B5A972A52DA}: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2370A83-364F-4105-905A-275EB21DFC24}: DhcpNameServer = 167.206.254.1 167.206.254.2

O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/09/16 10:06:15 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{54F0C0D5-8BB2-4850-8956-0B127916522D}

[2011/09/16 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{991CB3BD-4EE2-44C0-9474-DD88BD5F8C7D}

[2011/09/15 22:01:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/09/15 22:01:03 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN

[2011/09/15 21:25:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/09/15 21:25:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/09/15 21:25:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/09/15 21:25:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/15 21:25:06 | 000,000,000 | ---D | C] -- \Qoobox

[2011/09/15 20:48:55 | 003,553,280 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll

[2011/09/15 20:48:29 | 002,685,432 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS

[2011/09/15 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2B6AE6AD-0FB7-4689-831B-DBA92883F3BF}

[2011/09/15 20:17:24 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{AD30860F-AEC0-4D79-B60F-E0636BF68D1E}

[2011/09/15 08:06:08 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll

[2011/09/15 07:45:14 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{9E1F420B-67E2-464B-9ECA-98785D86E76A}

[2011/09/15 07:45:01 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{28DE3E36-DAEC-403C-8153-D321E577119A}

[2011/09/13 08:20:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{142A6C4B-6501-420C-947F-A3E5C1C03F53}

[2011/09/13 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{F3E738D9-40A9-49A7-98FB-583D8A7D7ED2}

[2011/09/12 20:19:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2C981927-0C38-4490-A4E3-86650EAFBC5E}

[2011/09/12 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{AAA8F85B-E477-431B-A1F2-F4A9D83405FB}

[2011/09/11 09:15:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{CD1A7517-DAF9-48F5-8537-8C13370287B3}

[2011/09/11 09:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{5EE2974A-69FB-43A0-86DF-069FEB1D5323}

[2011/09/10 15:37:25 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{956C72E8-230A-4196-8FA7-69B78A3D6092}

[2011/09/10 15:37:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{B877ABA4-1842-48CC-897F-9AB80F4550AA}

[2011/09/08 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{A8671E86-E5D5-469A-937D-5460EF1F5623}

[2011/09/08 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8BAFDDC9-305E-462C-AE04-4A398DCD3B6E}

[2011/09/08 08:09:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{0F4F544F-9D12-4D38-9BA5-83AE8B01E786}

[2011/09/08 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{0D1F9A44-34DD-4460-811F-32FFD0134EDD}

[2011/09/06 21:08:01 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{D77B1119-8CBE-4920-8A1B-D1F51C92C19B}

[2011/09/06 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8B869901-0C93-400D-AD92-32FE2F8DE134}

[2011/09/06 08:36:28 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2A7D4682-FE9C-40BB-9F6B-4A706068A2DD}

[2011/09/06 08:36:15 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{770FFAA8-E44B-47BF-8658-66661F169EAE}

[2011/09/05 20:35:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{142E2FDA-26FC-4EE1-BAD4-AA81A427C23A}

[2011/09/05 08:35:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8BCCB06A-8449-4708-A519-36271E982ED3}

[2011/09/05 08:34:59 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{AEB649FD-A761-4303-A666-0982AF42C413}

[2011/09/04 20:34:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{98695C13-74E9-4170-A372-F8B2C230C6B6}

[2011/09/04 20:33:25 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{184E568F-8B63-4115-A327-1E2939C3D293}

[2011/09/04 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8B807566-38C2-4BE2-9764-9516DB4557CA}

[2011/09/04 08:23:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{4AAF2909-7970-4603-B35C-0010C186D09E}

[2011/09/03 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{1FD261FB-6E73-419E-A610-D66E9972F1BC}

[2011/09/03 15:27:13 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8FB29E94-13D2-4289-AE8B-007CA53A59B9}

[2011/09/01 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2DDE5E99-1AB3-43F9-8A75-CEEF1C7EA1A0}

[2011/09/01 21:25:21 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{7F73F182-1126-42BF-9311-B4FE780EACE0}

[2011/09/01 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{854D5223-67A6-4375-BC3D-EA83F989E2E8}

[2011/09/01 07:58:19 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{3960B3E3-DD2A-47CC-B1A0-E911825B5504}

[2011/08/31 18:40:03 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{656A631A-1CFC-40D1-874C-D14179ACD56C}

[2011/08/31 18:39:48 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{BA0C3CF1-9D0C-4E06-800C-61984F3BA65D}

[2011/08/30 20:00:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8CCC98B6-6FC4-485A-9CE6-4D35FE078F1C}

[2011/08/30 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{47202C4A-4FD9-4D6B-BD3F-BECD82F93B74}

[2011/08/30 07:59:56 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{339416B4-6C20-42E3-BB90-F41350FD8611}

[2011/08/30 07:59:23 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{3AF33E5D-B8A0-4E6A-B4A6-8D911595232E}

[2011/08/29 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{7BB87FE5-A806-4CA1-9342-B5177282517D}

[2011/08/29 09:47:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{30592DDF-12D3-4BE0-B290-549EB5A2B78D}

[2011/08/28 07:57:16 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{EDA08DB6-BEAB-430C-8813-AF3498A61905}

[2011/08/28 07:57:00 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{304846A3-2493-47D9-AC06-BE44D6543804}

[2011/08/27 13:34:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{3C602512-4630-482D-9A93-BAEB218782C5}

[2011/08/27 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{26D4CBB2-7223-4836-9F8E-1B871CA591D9}

[2011/08/26 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{F3C91668-E0A6-43D8-A6BE-E6592A14D62C}

[2011/08/26 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{DA5022EA-E336-4A28-9E19-58927DA0C672}

[2011/08/25 20:55:58 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{42AD7E05-8A59-4E6B-A756-BD215C7CC861}

[2011/08/25 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{EFA63CB0-3FCA-4A4E-908C-A5A470712C58}

[2011/08/25 08:54:54 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{C2A0DFA3-4A53-4AF4-987A-639769C6804C}

[2011/08/25 08:54:35 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{4F6093E9-7147-4F57-A276-00CAC7AC23A9}

[2011/08/23 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{C1C372B4-B119-4565-9CF3-4F69BD1F3C10}

[2011/08/23 20:23:26 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{16F9E335-2B86-4FAB-865F-5B9B1322A0E7}

[2011/08/23 08:21:56 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{78FE8580-1B90-4706-9EE1-7D9D3A13A4F6}

[2011/08/23 08:21:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{F33C3259-7B6E-4CAD-926A-623DD4BF2AB0}

[2011/08/21 08:36:09 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{6EDB7537-5DA9-40EB-B6C6-32D60CC704FA}

[2011/08/21 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{62919326-C6C4-423E-BD05-51471CC8594A}

[2011/08/20 13:43:36 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{FE275EB6-FC6D-47C5-B433-99D316F213BC}

[2011/08/20 13:43:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{D3ECF886-0074-4F9D-B75E-49DF147C7E13}

[2011/08/18 20:17:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{1631EC47-2594-4B02-85D0-70374C79F5D2}

[2011/08/18 20:16:55 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{EBEAB14E-484A-4BDE-9FBB-2E6E9A35158A}

[2011/08/18 07:57:21 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{FE6DBF06-F325-4E7F-AE0E-042A378FB99B}

[2011/08/18 07:57:05 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{D06C9E63-E397-4C67-9EE6-7172FFCF7277}

 

========== Files - Modified Within 30 Days ==========

 

[2011/09/16 10:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/16 10:04:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/16 10:03:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/16 10:03:30 | 4222,820,352 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/15 22:00:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/09/15 21:15:25 | 000,726,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/09/15 21:15:25 | 000,619,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/09/15 21:15:25 | 000,111,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/09/15 21:08:39 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWayne Wagner.job

[2011/09/15 20:56:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000UA.job

[2011/09/15 20:52:02 | 000,997,978 | ---- | M] () -- C:\Windows\SysNative\oem32.inf

[2011/09/15 20:46:18 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll

[2011/09/15 20:46:11 | 002,685,432 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS

[2011/09/15 20:46:11 | 000,095,472 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll

[2011/09/15 20:46:08 | 003,888,640 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll

[2011/09/15 20:46:08 | 003,553,280 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll

[2011/09/13 12:54:48 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2011/09/06 11:18:50 | 000,124,416 | ---- | M] () -- C:\Users\Wayne Wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/31 19:58:27 | 000,002,637 | ---- | M] () -- C:\Users\Wayne Wagner\Desktop\Microsoft Word 2010.lnk

[2011/08/29 10:38:40 | 000,237,836 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\david celis inital C4.pdf

[2011/08/28 10:29:54 | 024,256,302 | ---- | M] () -- C:\Users\Wayne Wagner\angelica letter.bmp

[2011/08/19 05:56:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000Core.job

 

========== Files Created - No Company Name ==========

 

[2011/09/15 21:25:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/09/15 21:25:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/09/15 21:25:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/09/15 21:25:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/09/15 21:25:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/09/15 20:52:37 | 000,997,978 | ---- | C] () -- C:\Windows\SysNative\oem32.inf

[2011/09/15 20:49:20 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll

[2011/09/15 20:25:56 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForWayne Wagner.job

[2011/08/29 15:13:50 | 024,256,302 | ---- | C] () -- C:\Users\Wayne Wagner\angelica letter.bmp

[2011/08/29 10:26:11 | 000,237,836 | ---- | C] () -- C:\Users\Wayne Wagner\Documents\david celis inital C4.pdf

[2011/05/05 14:40:56 | 4222,820,352 | -HS- | C] () -- \hiberfil.sys

[2010/11/28 17:00:15 | 000,000,552 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d8caps.dat

[2010/09/18 23:56:13 | 000,000,100 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\fusioncache.dat

[2010/09/18 23:54:46 | 000,741,432 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/31 22:07:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/05/09 08:59:21 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\prvlcl.dat

[2010/03/23 16:23:51 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/03/23 16:21:30 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2010/03/23 16:21:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini

[2010/03/23 15:37:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2010/03/23 15:37:11 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

[2010/03/23 15:37:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2010/03/23 15:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2010/03/23 15:37:08 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2010/03/23 15:28:05 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini

[2010/03/18 08:43:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/03/18 08:43:01 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/03/18 08:42:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/03/11 22:06:47 | 000,000,732 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps64.dat

[2009/09/12 21:17:43 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2009/07/24 08:51:31 | 000,000,405 | ---- | C] () -- C:\Windows\Lexstat.ini

[2009/06/28 09:27:01 | 000,006,080 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps.dat

[2009/06/25 22:28:03 | 000,124,416 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/25 21:42:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/01/13 12:35:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008/10/28 04:32:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2008/10/28 04:32:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2008/10/28 04:32:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin

[2008/06/09 02:01:12 | 000,333,257 | RHS- | C] () -- \bootmgr

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/12/02 03:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

 

========== LOP Check ==========

 

[2011/09/15 22:41:13 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:09B199F1

 

< End of report >

 

Extras.txt

OTL Extras logfile created on: 9/16/2011 10:15:36 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Wayne Wagner\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.30% Memory free

8.04 Gb Paging File | 5.58 Gb Available in Paging File | 69.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.51 Gb Total Space | 110.41 Gb Free Space | 38.67% Space Free | Partition Type: NTFS

Drive D: | 12.58 Gb Total Space | 1.28 Gb Free Space | 10.15% Space Free | Partition Type: NTFS

 

Computer Name: WAYNEWAGNER-PC | User Name: Wayne Wagner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 41 10 4C 46 74 C8 CA 01 [binary data]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00AA720B-85F7-483C-AD2B-D640AF4F2D81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{2494CCF5-4F7F-4233-B0F7-28E52F8AEC9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{2903601D-C078-4D15-A642-6E6E38C284FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{56D84CF9-B0AB-4F09-96B2-2A366480B938}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{59520B26-62C5-4CC6-9377-39396C2B4086}" = rport=10243 | protocol=6 | dir=out | app=system |

"{636E4FD3-CDE2-4897-8DA4-882CB0FB52D9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{64E06C58-CD1A-4B51-B3EE-B91B56B0D4B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{710E8A0B-A078-420B-9D4A-417519AECFD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{7E9CE439-199A-4F05-AD4D-06D5128669A4}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7FC8BAD5-369F-418F-9248-DF762953A69B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{881411BB-1D6A-416B-BF03-AFCFF5B63047}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{88520AA0-1FEF-4478-B34C-F60DE37FA7E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{905DA55A-FFE5-4B1A-933A-5F186111357E}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |

"{9512CC1C-80E4-4D78-9AA1-C00810966CA8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{97EFC8F2-EA6F-497D-9E5C-9DDDB1679C92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{A7A56150-D466-4AA7-954A-8787EC0DB288}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B4002D89-858F-4792-868F-A22A9E598D87}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{B92BF8E4-9095-4E36-8899-44E824A239F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CC789F8A-4DCD-414C-939E-9FBD26144F7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D5ED12DC-A2FD-4089-90F7-0F8E439D3398}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{EB7076E5-69AB-4C15-AF33-A219F159321B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01260288-05A2-44BB-8F92-08AD367D6E81}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{03B45BBA-C51D-4B00-9621-3A39F5F1344A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{05C05FEA-B45B-47B4-8E9E-5F385452657D}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{073D953A-29A7-4970-83FD-C2825B35792A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{09FF6B69-5F45-449B-8BE9-C0DE2E2DE945}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |

"{110D266C-28ED-4EDE-B202-B92ADF067079}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{194F79A3-522F-46AD-BB23-462D16D2C30E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{282FD8D9-9529-4ADA-A415-E70CA6CE2265}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{2C26D412-83D5-4F75-9A7F-4E4A0424E160}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |

"{3940A3EF-9C2D-4329-B2CA-112374C08B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{40062E21-DC4F-427E-A9D7-938A5DCB3788}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{4324B573-1A52-48F3-B867-F24FC98417E5}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |

"{45F8B889-F419-48A7-8F2D-B02B7CA927FB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{47B535CA-6DDB-4A62-8B91-5F5B3C30A4C1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{48C7C957-5DF5-46E6-8706-8F2A9F8853D4}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |

"{50E37968-E04D-48AA-8F5A-A1800FC7CE17}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{6AB6C47F-51E0-4437-806B-2B2EF78572B5}" = protocol=6 | dir=out | app=system |

"{707DCE4D-533A-4ECF-9724-CDAF33AE483B}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{859D0B40-1BC5-4BFF-8DB4-8AE5810A2DBA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{8A3C59C0-9BB2-4862-B33D-BE8397BD27B6}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{8B492EAF-609B-48C4-B2C8-42F39A99A2F2}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{929B5132-2317-44C9-93BB-9FEEBBF7B0BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{93553F53-17B3-47FC-9CE5-D0DDE6D6D57A}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08i\faxrx.exe |

"{96FB22F8-8906-4865-82A0-8CB2007005DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{9781B68A-01ED-426F-B074-79A17DACF115}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{ADF93BE0-C65D-4D59-B8C7-4E3C66C49011}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{B5C5FAFF-7C3D-4BFA-91C1-1393FB3F2372}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08i\faxrx.exe |

"{B9D801FE-6C54-45AE-BF87-B64C56112846}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{C44FDEB9-346D-4D75-ADD6-5FA3ECBCECA1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{CE73174F-1406-439C-8A68-8D4B18D403D2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{DE9BD535-A8CC-4322-97C0-1A3B300F62A2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{DF4F1CD0-F06A-4B01-B06B-DFD3A4B7307F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E4A32409-99B1-4A17-9F56-1FC864D93559}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E8B1B58F-2EF7-4944-BCC5-CD143F1B09C1}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |

"{EC8745DD-2D7D-4DFB-BDBB-7BC38867AFD5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{EFEB3174-5661-46C0-BABE-1CD7EBAC9B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{F736A7A0-9514-4842-A1B1-33060B5759F1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{FA663470-C556-4163-8336-59B22B6C0406}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{FA9FEB69-7390-4416-89E0-AD737E8ED57E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"TCP Query User{3784C76A-CCDB-488F-B0AF-8382388AEF6B}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"TCP Query User{5F1FEAA0-295F-4F0D-BCC9-EE4A09450CDB}F:\techwizard.exe" = protocol=6 | dir=in | app=f:\techwizard.exe |

"TCP Query User{99614AAF-EEE3-4309-A3E6-94B251B257D0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{A60ECB96-B6F8-4C9F-8835-DAC4813A7305}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"TCP Query User{E0724F9B-AF95-4788-A2BE-E4E094F4E647}C:\program files\sports medicine\safran\jvm\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\sports medicine\safran\jvm\bin\java.exe |

"UDP Query User{2C0F379C-1136-4851-9444-8C8970562404}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{4625A3EC-BE05-41EB-9E1D-702017FABD41}C:\program files\sports medicine\safran\jvm\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\sports medicine\safran\jvm\bin\java.exe |

"UDP Query User{50DA3A67-85A9-4CD3-A7E6-D9D7E26A45B2}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"UDP Query User{9D1EDBEC-68C5-403E-A498-484C519548DA}F:\techwizard.exe" = protocol=17 | dir=in | app=f:\techwizard.exe |

"UDP Query User{DFDA6E14-6081-4EEC-8723-C3D316C7AEBE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component

"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection

"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F738120D-8C78-4F79-9E1B-CA4527B9837A}" = CrashPlan

"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"C62C7F8B4DBDBBC3DA11788634DAE156425CCA10" = Windows Driver Package - OEM (mr7911) Image (05/27/2008 1.0.0.0)

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Zune" = Zune

 

UNABLE TO POST ALL BECAUSE OF THE CHARACTER RESTRICTIONS. I AM ATTACHING FILE LOGS.

Document.txt

  • Replies 21
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Hi Caroline,

 

I am not a security expert - but your MBAM log looks clear to me.

One of our security experts may be able to comment on the OTL log.

 

Try a System Restore to a date just prior to the start of your problem.

Start ...type in ....system restore ....ENTER

 

DO NOT use the recommended restore point - select "Choose a Different Restore Point".

 

If the problem is more than 5 days then check the box "Show Restore Points Older than 5 days"

 

Select a date that is just prior to the start of your problem.

 

Your data / photos / files etc will be fine.

( it is possible to undo the restore if necessary ).

There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !!

 

MiniToolBox

Network Test

Wireless Test

Posted

There's some orphaned entries we can fix in the OTL log. I don't see any malware there. You can try the System Restore as KenB suggests to start with. Let me know how that goes. THat will obsolete the logs, but we'll get new ones later.

 

A few other things. I see you ran Combofix. Please post the contents of C:\Combofix.txt to your reply. If it is too big, you can split it into multiple posts.

 

ALso, I don't see an anti-virus. I see remnants of AVG, but I don't see it listed in startup programs or in the add/remove program list. Are you using an antivirus? If so, which one? It's critical to have an antivirus on your machine.

Posted

Combo fix 1 of 4

 

I would like try to fix the orphaned entries and errors in the OTL log. I have Microsoft Security Essentials as my antivirus program.

 

Here is the combofix log.

ComboFix 11-09-17.04 - Wayne Wagner 09/18/2011 8:40.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.1975 [GMT -4:00]

Running from: c:\users\Wayne Wagner\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))

.

.

2011-09-18 12:54 . 2011-09-18 12:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-09-18 12:54 . 2011-09-18 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-18 12:05 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{961B5AA8-11CE-4474-962B-E2AC0DE6853F}\mpengine.dll

2011-09-16 00:49 . 2011-09-16 00:46 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-09-16 00:49 . 2011-09-16 00:49 -------- d-----w- c:\users\Wayne Wagner\AppData\Roaming\LaunchPad

2011-09-16 00:48 . 2011-09-16 00:46 3553280 ----a-w- c:\windows\system32\bcmihvui64.dll

2011-09-16 00:48 . 2011-09-16 00:46 2685432 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS

2011-09-16 00:43 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-15 12:06 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-09-15 12:02 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-09-15 12:02 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-08 12:20 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2427B391-6704-462D-A858-F05A02ACD766}\gapaengine.dll

2011-08-25 13:09 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-25 13:09 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-16 00:46 . 2009-05-24 10:36 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-09-16 00:46 . 2009-05-24 10:36 3888640 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2011-08-17 13:32 . 2011-05-13 10:00 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-05 10:02 . 2011-08-05 10:02 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-22 05:42 . 2011-08-17 13:03 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-17 13:03 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-17 13:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-17 13:03 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-17 13:03 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-17 13:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-13 04:53 . 2011-07-28 16:57 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-06 23:52 . 2011-01-25 21:57 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-01-25 21:57 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 15:49 . 2011-08-17 01:54 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-16_02.01.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:23 . 2011-09-18 12:59 75350 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-06-25 22:49 . 2011-09-18 12:59 24156 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1463916579-3978265779-3180963287-1000_UserData.bin

+ 2011-04-06 20:48 . 2011-04-06 20:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll

- 2011-04-13 02:16 . 2011-04-13 02:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll

- 2010-03-18 18:27 . 2010-03-18 18:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

- 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll

- 2010-03-18 17:16 . 2010-03-18 17:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-08-17 03:00 . 2011-08-17 03:00 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-08-17 03:01 . 2011-08-17 03:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-08-17 02:59 . 2011-08-17 02:59 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-08-17 02:59 . 2011-08-17 02:59 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-09-16 02:41 . 2011-09-16 02:41 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

- 2011-06-17 02:14 . 2011-06-17 02:14 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-09-18 12:51 . 2011-09-18 12:51 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\ed59e15a2a29d02c59dc383215cc85fc\System.Xml.Serialization.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\1a9bcef8abe20b3c0d53c535d680350f\System.Windows.Presentation.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\0ee56d53077b281408cbf186e80ab175\System.Web.ApplicationServices.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\d53f3bf7a26f69ae3ad77f6732ebf9cf\System.AddIn.Contract.ni.dll

+ 2011-09-18 12:43 . 2011-09-18 12:43 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\fbc331d848cf65928cc84de68eba079f\Microsoft.VisualC.ni.dll

+ 2011-09-18 12:30 . 2011-09-18 12:30 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\c551f53c6da4e594269e79636aef9f62\dfsvc.ni.exe

+ 2011-09-18 12:30 . 2011-09-18 12:30 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\28f42eb8dddc9fd54d468171a8d2461d\Accessibility.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5e66ba90ab2f24317ca76582f3ea3948\UIAutomationProvider.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c42639bd8c7c7855c4d11be1f0ccdf97\System.Windows.Presentation.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\3be20b4f9e9df41aaea426041f4f410a\System.Web.ApplicationServices.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3bea7a34d24b4dc1e3925b0b9bc9d45b\System.ServiceModel.Channels.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\882adb9ad5e9b434ef926193f595e757\System.AddIn.Contract.ni.dll

+ 2011-09-18 12:10 . 2011-09-18 12:10 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7ee890ba3e1869ab04930948df453d3f\Microsoft.VisualC.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\59815a45740b4a7fe61088e1914380c0\UIXControls.ni.dll

- 2011-08-17 14:40 . 2011-08-17 14:40 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\59815a45740b4a7fe61088e1914380c0\UIXControls.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\00539d6e9bd5e7456bdbc98a47ab995c\System.Windows.Presentation.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\00539d6e9bd5e7456bdbc98a47ab995c\System.Windows.Presentation.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\77e310c7ad8dd72ffc2bb041cb8b2844\System.Web.DynamicData.Design.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\77e310c7ad8dd72ffc2bb041cb8b2844\System.Web.DynamicData.Design.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\5038a4070cfc72e23a191ab4ba38c477\stdole.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\5038a4070cfc72e23a191ab4ba38c477\stdole.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\151ac6b026e8ca585e0dfd1ce33e8ecb\PresentationFontCache.ni.exe

- 2011-08-17 14:38 . 2011-08-17 14:38 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\151ac6b026e8ca585e0dfd1ce33e8ecb\PresentationFontCache.ni.exe

+ 2011-09-18 12:23 . 2011-09-18 12:23 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\b81308b591d239f587cc0e113d43fa35\PresentationCFFRasterizer.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\b81308b591d239f587cc0e113d43fa35\PresentationCFFRasterizer.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\ec097538108aed5ed52aace1e4579f91\Microsoft.WSMan.Runtime.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\ec097538108aed5ed52aace1e4579f91\Microsoft.WSMan.Runtime.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 84480 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\ef36ca8df51d610a00df7d11ba9550ba\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll

- 2011-08-17 03:06 . 2011-08-17 03:06 71680 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\e256d7fb9cb20da65fba32adb7cb786c\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 71680 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\e256d7fb9cb20da65fba32adb7cb786c\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 44544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d3f4d5c1afb36954df9c8036bc0ac5f6\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll

- 2011-08-17 03:06 . 2011-08-17 03:06 44544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d3f4d5c1afb36954df9c8036bc0ac5f6\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll

- 2011-08-17 03:06 . 2011-08-17 03:06 44032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cbd4e66d5b6559ca83c3b5a6c478adb1\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 44032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cbd4e66d5b6559ca83c3b5a6c478adb1\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll

- 2011-08-17 03:06 . 2011-08-17 03:06 87040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9a391705fd6043e4750092d4d4fab3b7\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 87040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9a391705fd6043e4750092d4d4fab3b7\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\4d75d46f23342308197e38ae3ba2ddde\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll

- 2011-08-17 03:06 . 2011-08-17 03:06 59392 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\401fed3571b1e698134e930d9cb972fc\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 59392 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\401fed3571b1e698134e930d9cb972fc\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll

- 2011-08-17 03:06 . 2011-08-17 03:06 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\3911010a1f29d19bb37f818a6de6a7a5\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\3911010a1f29d19bb37f818a6de6a7a5\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 89088 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\0db85b93b7f76097ec4ec1cf06685ad4\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll

- 2011-08-17 03:05 . 2011-08-17 03:05 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\09f46722269da16f1a6d1abbb580d7ed\Microsoft.VisualC.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\09f46722269da16f1a6d1abbb580d7ed\Microsoft.VisualC.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\8856fca280c8ecf7d1f798ed5a66dff1\ehiExtCOM.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\8856fca280c8ecf7d1f798ed5a66dff1\ehiExtCOM.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\071f35122c0c83d4791f7d7a5f2ae4a1\ehExtCOM.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\071f35122c0c83d4791f7d7a5f2ae4a1\ehExtCOM.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\be7de592b7f3c30299328ddff449db59\dfsvc.ni.exe

- 2011-08-17 03:11 . 2011-08-17 03:11 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\be7de592b7f3c30299328ddff449db59\dfsvc.ni.exe

- 2011-08-17 03:05 . 2011-08-17 03:05 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\957ce139305f26be16614e23afa899a7\Accessibility.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\957ce139305f26be16614e23afa899a7\Accessibility.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a6485a160959fbed092dc2ddbed3509e\UIAutomationProvider.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a6485a160959fbed092dc2ddbed3509e\UIAutomationProvider.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3b0d2893e72d3baf1e67bcdb0b8737cf\System.Windows.Presentation.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3b0d2893e72d3baf1e67bcdb0b8737cf\System.Windows.Presentation.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\f02fc02350dad1da369a9c200b8ef277\System.Web.DynamicData.Design.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\f02fc02350dad1da369a9c200b8ef277\System.Web.DynamicData.Design.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\14f3af785d2274e29da578f74081448b\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\14f3af785d2274e29da578f74081448b\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\971463f91825692f7cd123b2a3af721b\System.AddIn.Contract.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\971463f91825692f7cd123b2a3af721b\System.AddIn.Contract.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b350a5cb539f16b07028cfa6483ee886\PresentationFontCache.ni.exe

+ 2011-09-18 12:05 . 2011-09-18 12:05 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b350a5cb539f16b07028cfa6483ee886\PresentationFontCache.ni.exe

- 2011-08-17 14:58 . 2011-08-17 14:58 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\4a2a3e502cc441c97350acf5c3dacc4e\PresentationCFFRasterizer.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\4a2a3e502cc441c97350acf5c3dacc4e\PresentationCFFRasterizer.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\78704655584ce2fd27a6c39573f6f36a\napcrypt.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\78704655584ce2fd27a6c39573f6f36a\napcrypt.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\018450526569962d4bb24564143c50f6\Microsoft.WSMan.Runtime.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\018450526569962d4bb24564143c50f6\Microsoft.WSMan.Runtime.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\748a5063c67235044f516d4c2c5f090a\Microsoft.Vsa.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\748a5063c67235044f516d4c2c5f090a\Microsoft.Vsa.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f5ce086e4a0fecf91f98f3b14ecd1b93\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f5ce086e4a0fecf91f98f3b14ecd1b93\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e6db1e74fcb5f7ac992933052e719551\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e6db1e74fcb5f7ac992933052e719551\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dc8097ad95b542df89764803a305a2e8\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dc8097ad95b542df89764803a305a2e8\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dad7dbd7377b7936a6bf8a9a908de6bb\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dad7dbd7377b7936a6bf8a9a908de6bb\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c6bdaf7df1d32de276408735cd17bc79\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c6bdaf7df1d32de276408735cd17bc79\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 84992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c249e6ea71a862ef20d5523d0ea49fcf\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\90eb4523edc693d8790de574be997ba1\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\90eb4523edc693d8790de574be997ba1\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\587d22d9d259a9301eba38bf3a0a47c9\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\587d22d9d259a9301eba38bf3a0a47c9\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3e7bbfdc6158996014989a3ff7f327d1\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3e7bbfdc6158996014989a3ff7f327d1\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0d7665ef711fa829ecf057aced0fbac0\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0d7665ef711fa829ecf057aced0fbac0\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 84992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\07792cdc34b59d61d5ffd68227252f39\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\81bc126ce60194c5af7e6d4b1b03f6c1\Microsoft.VisualC.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9c6b098a9a7ee64cc4ff276a7babb0da\Microsoft.Build.Framework.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9c6b098a9a7ee64cc4ff276a7babb0da\Microsoft.Build.Framework.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\09f4fc8e36b2012a5f3cb0a9d23b9e20\Microsoft.Build.Framework.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\09f4fc8e36b2012a5f3cb0a9d23b9e20\Microsoft.Build.Framework.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\b7dc08f390f95b199da497bba999b5dc\ehiUserXp.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\b7dc08f390f95b199da497bba999b5dc\ehiUserXp.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\710e9691861b597505a63f2b29e4d7d2\dfsvc.ni.exe

+ 2011-09-18 11:59 . 2011-09-18 11:59 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\710e9691861b597505a63f2b29e4d7d2\dfsvc.ni.exe

Posted

Combofix 2 of 4

 

- 2011-08-17 14:49 . 2011-08-17 14:49 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll

- 2011-09-16 01:59 . 2011-09-16 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-18 12:57 . 2011-09-18 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-18 12:57 . 2011-09-18 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-16 01:59 . 2011-09-16 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-18 12:15 . 2011-09-18 12:15 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1a890e72269abe36365d861bca8fca70\System.Xml.Serialization.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\e335cdfdb3e46fb0f75cb2ce83dabf48\dfsvc.ni.exe

- 2010-03-18 12:43 . 2010-03-19 02:25 327680 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL

+ 2011-09-15 12:02 . 2011-07-26 16:04 327680 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL

+ 2009-06-27 02:03 . 2011-09-17 22:44 360664 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 15:45 . 2011-09-18 12:59 119486 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2006-11-02 12:46 . 2011-09-16 01:15 619512 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2011-09-17 23:11 619512 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-09-16 01:15 111140 c:\windows\system32\perfc009.dat

+ 2006-11-02 12:46 . 2011-09-17 23:11 111140 c:\windows\system32\perfc009.dat

+ 2011-09-15 12:02 . 2011-07-26 16:28 507904 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL

- 2010-03-18 12:43 . 2010-03-19 02:19 507904 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL

- 2011-02-10 16:14 . 2011-09-16 01:54 459416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-10 16:14 . 2011-09-18 12:55 459416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-06 20:48 . 2011-04-06 20:48 236880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll

- 2011-04-13 02:16 . 2011-04-13 02:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll

+ 2011-04-06 21:45 . 2011-04-06 21:45 260448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe

- 2010-03-18 18:27 . 2010-03-18 18:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 916312 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

- 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 191840 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe

+ 2011-05-17 13:27 . 2011-05-17 13:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

- 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-08-17 02:59 . 2011-08-17 02:59 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-08-17 02:59 . 2011-08-17 02:59 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2011-06-20 03:33 . 2011-06-20 03:33 407552 c:\windows\Installer\220314.msp

+ 2011-08-22 03:19 . 2011-08-22 03:19 133120 c:\windows\Installer\22025e.msp

Posted

Combofix 3 of 4

 

- 2010-10-31 14:39 . 2011-08-17 03:06 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-03-18 17:16 . 2010-03-18 17:16 915800 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpftxt_x86.dll

+ 2011-09-18 12:51 . 2011-09-18 12:51 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d3536aadcda3bf1628fd5cb912f0d4df\WindowsFormsIntegration.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\0bbce3d1912c29cdb65f7c7bfdfd8a01\UIAutomationTypes.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\65616f4785226d28371ccf809e213fa6\UIAutomationProvider.ni.dll

+ 2011-09-18 12:51 . 2011-09-18 12:51 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd62d82bb2e0ebe93c68c701a281d204\UIAutomationClient.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\70a6db2664fa1f7e996c58f81f63754d\System.Xml.Linq.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\321d4a33b1363649a45f47f8fbc107c9\System.Windows.Input.Manipulations.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\fbffd4e050d2e397f5b51bcbede33326\System.Transactions.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\41a328f3f1e01dd6d6c45ec27dfb8d12\System.ServiceProcess.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8a3044d7b76d748396c01aec083a1b01\System.ServiceModel.Routing.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4288f4e2ad790e4510344567c092ca68\System.ServiceModel.Channels.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\481e4462ee5dbf73d7f92d14505eabca\System.Security.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ea6aa98aa92eb1c27130599616cd48\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\e01521d8c282ad1e79f9c8334cd4baef\System.Runtime.Remoting.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\0615b26e34fbb01ff661b827e8d80c97\System.Numerics.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\836b59a54e74d2a9350d9dbcbee44e7d\System.Net.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e530f9f49dcc8196f1333f65d9e17a51\System.Messaging.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\ca30070d69a7575b9b3637fde765b533\System.Management.Instrumentation.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\1af1dc859f12d724d15c2f8ac01b7d84\System.IO.Log.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\a236c6b9a7fa2dd99f840ffedb685464\System.IdentityModel.Selectors.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.Wrapper.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\d0cb2f5412272538eead0de22ee232c1\System.Dynamic.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\87240375600b6608957d4877632deacd\System.DirectoryServices.Protocols.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\22c569ca3bf7de3f386881fdaaefcf5c\System.Device.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\848a93911e91183c5833abac3c19b8c7\System.Data.DataSetExtensions.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\9ef51cbff9a0a281683413ff85bdc67e\System.Configuration.Install.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e5886d887164c57e7bbcff9eace93aff\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a618c2c8cd6669a1f562d583de816049\System.AddIn.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c06a32f20b3a8c40bb9ee4caaa7f791f\System.Activities.DurableInstancing.ni.dll

+ 2011-09-18 12:30 . 2011-09-18 12:30 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\898051ff62d86ecbb43c730672a5ce01\SMSvcHost.ni.exe

+ 2011-09-18 12:45 . 2011-09-18 12:45 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\2b6fb4f3fe65c3384cd588c84d5f426a\SMDiagnostics.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e7d3ae8b894e645f195435b0d0cca3d5\PresentationFramework.Luna.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9faf962dcc325fbdecde08f2b4b4de12\PresentationFramework.Classic.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\89a56671c51182608a36ddabf7f11579\PresentationFramework.Aero.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1144c8dd74e20a85a56ea12af48cc763\PresentationFramework.Royale.ni.dll

+ 2011-09-18 12:43 . 2011-09-18 12:43 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\78dbb63ddb830c7b67915373a26a64cb\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2c6b57b8d66eb686e39af125a7b9cd3f\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-09-18 12:30 . 2011-09-18 12:30 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4b8193e798a848470e64c71f71a230a4\CustomMarshalers.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1b8d986036465b9f0db4fbaf8876ad72\WindowsFormsIntegration.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7b9037ad1952bc81a382b2fcddd8320a\UIAutomationTypes.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\08b935a4ef1b64faec4e9739db313298\UIAutomationClient.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0f5813c19bc6dc46e87c6beafb97d525\System.Xml.Linq.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8681ad3f75515a261e7980d01ac5fa2e\System.Windows.Input.Manipulations.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5314989a2066877016eaac44f927092c\System.Transactions.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\b784695a620842be9b660769dd43c898\System.ServiceProcess.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8671670b07fb8597048ef4aae0a5ede4\System.ServiceModel.Routing.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e8452df7471e5ba24ca642b4c4e1ef37\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bbc34aac73481fc04fe9b7aff9927437\System.Runtime.Remoting.ni.dll

+ 2011-09-17 23:08 . 2011-09-17 23:08 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\0db265c571d2baf9c46511b9955fa7c4\System.Net.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\5539ada158b0520c68ab8cbaa6dab8b2\System.Messaging.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\89a46fc2fa698580fd2fa81df5cd020a\System.Management.Instrumentation.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e022b746f10ca855a632ff405f7f1259\System.IO.Log.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\a6518b3baf1d987d831c5fc1b295306d\System.IdentityModel.Selectors.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.Wrapper.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a0ced4a2cbd6aa8f9cf2a28b641e0300\System.Dynamic.ni.dll

+ 2011-09-18 12:13 . 2011-09-18 12:13 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8227f92f9e71e619b541050995617717\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-09-18 12:13 . 2011-09-18 12:13 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6ec8651192262a0732c9c187486e9fb9\System.DirectoryServices.Protocols.ni.dll

+ 2011-09-18 12:13 . 2011-09-18 12:13 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\1652ce31226964496c1d5b5b4f69277e\System.Device.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\5b1934fc32b50e5a42a64999d0b27112\System.Data.DataSetExtensions.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\7a2a83b1625f100331691f44b6e9c3ab\System.Configuration.Install.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\eb22b58fc80ef55a2879bd6f121e9989\System.ComponentModel.Composition.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a3084fbf0204cd93a9d1e8722774f0b7\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\6254a35e295c52224f7bdc9e5ac9c81f\System.AddIn.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b905c99ccccb248a7653fabe4b55b09\System.Activities.DurableInstancing.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\51bdfe23e8b22bbed5fabfed9371b5b0\SMSvcHost.ni.exe

+ 2011-09-18 12:11 . 2011-09-18 12:11 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef32e2d63c908a8e4b21b30b2debcd03\SMDiagnostics.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ac6b30fb021fe513bc7f5eb98874ab98\PresentationFramework.Royale.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ab273e4606367562d98caf792f366523\PresentationFramework.Classic.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\08ffd91342eb8f789914456a3a0d29dd\PresentationFramework.Luna.ni.dll

+ 2011-09-18 12:10 . 2011-09-18 12:10 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\43eb12b6198092efc2b8a030ace2e3f2\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\da0ae911ee95f4e67660e8e584ca8e7b\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8bd0bb7822eb2d50cb4c1a82a7f934e8\CustomMarshalers.ni.dll

- 2011-08-17 14:40 . 2011-08-17 14:40 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\5f6a5d0fd18e43b62272d501e4cecc4b\WsatConfig.ni.exe

+ 2011-09-18 12:30 . 2011-09-18 12:30 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\5f6a5d0fd18e43b62272d501e4cecc4b\WsatConfig.ni.exe

- 2011-08-17 14:40 . 2011-08-17 14:40 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f055886146673a35518ee749c53f0417\WindowsFormsIntegration.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f055886146673a35518ee749c53f0417\WindowsFormsIntegration.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\4587969f21341220dc17747f280477b2\UIAutomationTypes.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\4587969f21341220dc17747f280477b2\UIAutomationTypes.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\ff10a07c2b72a66edbe6f45f91d17769\UIAutomationProvider.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\ff10a07c2b72a66edbe6f45f91d17769\UIAutomationProvider.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\9ec639af32b36d056d5044de48a51fbf\UIAutomationClient.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\9ec639af32b36d056d5044de48a51fbf\UIAutomationClient.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\0ee32f3917dd39d4a7f4e52314b9157e\TaskScheduler.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\0ee32f3917dd39d4a7f4e52314b9157e\TaskScheduler.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 557056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\4424a72b52c456dbb94503bccde184c3\System.Xml.Linq.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 188928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\daa46fe6c185a4331e1453fb5100b51a\System.Web.Routing.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\f2602c5bcb6c2065db8329f1f7f32ae1\System.Web.RegularExpressions.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\f2602c5bcb6c2065db8329f1f7f32ae1\System.Web.RegularExpressions.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 451584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\38f8c24bf93261152defbadb7fbc479d\System.Web.Entity.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\3220e23ce60aa1bfa69ad5e61611d7f6\System.Web.Entity.Design.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 758784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c6f979f5009e65fac79d20924dc3de3a\System.Web.DynamicData.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\22e583697dbb5510101fab4aa5d18254\System.Web.Abstractions.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\22e583697dbb5510101fab4aa5d18254\System.Web.Abstractions.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b433e4de6804ce087c2c5827efc8feff\System.Transactions.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 921088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\b433e4de6804ce087c2c5827efc8feff\System.Transactions.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\fb509de55bc82e23c862dcd0a8823eb8\System.ServiceProcess.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\fb509de55bc82e23c862dcd0a8823eb8\System.ServiceProcess.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\9191aa60b79eda0c7df35784e1986195\System.Security.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\9191aa60b79eda0c7df35784e1986195\System.Security.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0d1187c395060f06d84e4c398e7729e2\System.Runtime.Serialization.Formatters.Soap.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\0d1187c395060f06d84e4c398e7729e2\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\2505633b5679bba3e3da53db79616c62\System.Net.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\2505633b5679bba3e3da53db79616c62\System.Net.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\32d484a0a6db3c92f0e593a958dc265a\System.Messaging.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\32d484a0a6db3c92f0e593a958dc265a\System.Messaging.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 534528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\89517655b80d1dbf34b2a6daf9ab2b41\System.Management.Instrumentation.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\b4d997aeba03b77e5d09f9eabd3e7ffb\System.IO.Log.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\b4d997aeba03b77e5d09f9eabd3e7ffb\System.IO.Log.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\e327689326341f4d7656ff743c939838\System.IdentityModel.Selectors.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\e327689326341f4d7656ff743c939838\System.IdentityModel.Selectors.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.Wrapper.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.Wrapper.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\1049a906d8aeb09b7cf608ed4670b48a\System.Drawing.Design.ni.dll

- 2011-08-17 12:51 . 2011-08-17 12:51 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\1049a906d8aeb09b7cf608ed4670b48a\System.Drawing.Design.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\495ff50306c8f7ca33e6407b4660ade5\System.DirectoryServices.Protocols.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\495ff50306c8f7ca33e6407b4660ade5\System.DirectoryServices.Protocols.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 492032 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\6ef2957527f645a8e416cd0f03445bff\System.Data.Services.Design.ni.dll

+ 2011-09-18 12:26 . 2011-09-18 12:26 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\c77795760e17d1449d6fdc3fa855c952\System.Data.DataSetExtensions.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\41852b2f76b9a3883be55cd39268339b\System.Configuration.Install.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\41852b2f76b9a3883be55cd39268339b\System.Configuration.Install.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\2716594523a59f38ed50b22af855e8ea\System.ComponentModel.DataAnnotations.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\4e4ecc6b61f0e2a39ddfdae3ada992b0\System.AddIn.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\4e4ecc6b61f0e2a39ddfdae3ada992b0\System.AddIn.ni.dll

- 2011-08-17 14:38 . 2011-08-17 14:38 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\eebfb193348c4ee09fde0f55897153ef\System.AddIn.Contract.ni.dll

+ 2011-09-18 12:26 . 2011-09-18 12:26 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\eebfb193348c4ee09fde0f55897153ef\System.AddIn.Contract.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\88aeb9f3b7d6a8124f470a41a904d42a\sysglobl.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\88aeb9f3b7d6a8124f470a41a904d42a\sysglobl.ni.dll

- 2011-08-17 14:38 . 2011-08-17 14:38 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\c2ae3ebf99c837d022aaafafc6cd04fd\SMSvcHost.ni.exe

+ 2011-09-18 12:26 . 2011-09-18 12:26 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\c2ae3ebf99c837d022aaafafc6cd04fd\SMSvcHost.ni.exe

+ 2011-09-18 12:19 . 2011-09-18 12:19 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\37cadb80dab6954ac815ad5530032508\SMDiagnostics.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\37cadb80dab6954ac815ad5530032508\SMDiagnostics.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\383e793a6af09df130b14f96138aaa54\ServiceModelReg.ni.exe

- 2011-08-17 14:38 . 2011-08-17 14:38 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\383e793a6af09df130b14f96138aaa54\ServiceModelReg.ni.exe

+ 2011-09-18 12:25 . 2011-09-18 12:25 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c2b971104c296416bb15eb458ec5f7c9\PresentationFramework.Aero.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c2b971104c296416bb15eb458ec5f7c9\PresentationFramework.Aero.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a9367ed6263e99440976427a650a86bc\PresentationFramework.Classic.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a9367ed6263e99440976427a650a86bc\PresentationFramework.Classic.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a46418abae39bda36af970a351a8cd23\PresentationFramework.Luna.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a46418abae39bda36af970a351a8cd23\PresentationFramework.Luna.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5571660610f416a16f101e9dc615328d\PresentationFramework.Royale.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5571660610f416a16f101e9dc615328d\PresentationFramework.Royale.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\64af7da17fc9439d2c8f23d34feb260b\napsnap.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\64af7da17fc9439d2c8f23d34feb260b\napsnap.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\336c6eca608a2bd0f07760aa73fc1dca\napinit.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\336c6eca608a2bd0f07760aa73fc1dca\napinit.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\e1b9bb0c83dd8cac30d87fdfd7166756\naphlpr.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\e1b9bb0c83dd8cac30d87fdfd7166756\naphlpr.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fa472bf1f8f24c6ed281ed4dcd9d6571\napcrypt.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fa472bf1f8f24c6ed281ed4dcd9d6571\napcrypt.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\3fed3dfbbe1d477a86b5c5685e98bee1\MSBuild.ni.exe

- 2011-08-17 14:32 . 2011-08-17 14:32 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\3fed3dfbbe1d477a86b5c5685e98bee1\MSBuild.ni.exe

+ 2011-09-18 12:20 . 2011-09-18 12:20 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\407d27837b8ecea3b66bdbd280586e5d\MMCFxCommon.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\407d27837b8ecea3b66bdbd280586e5d\MMCFxCommon.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\a340bab4c167d4ed8abeee6ce5685772\Microsoft.WSMan.Management.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\a340bab4c167d4ed8abeee6ce5685772\Microsoft.WSMan.Management.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\8378df092aebbb9e875f3daeb073b345\Microsoft.Vsa.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\8378df092aebbb9e875f3daeb073b345\Microsoft.Vsa.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f1abcac6336fcecdd878046ffa32f75a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 312832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f10b6275b7f602130f6ef7356f7cc6a8\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 779776 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\e84e21cc76da71a06338a0007f39b851\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 970752 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cd2bb0cc06262f92322ce04e046ea0db\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 970752 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cd2bb0cc06262f92322ce04e046ea0db\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 445952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\cbd455ac25f968e267793a516f029d76\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 227328 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b25039551a10376e47ff50c6e2f6a2f3\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 499712 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a8c481f4db5c81fdf4277999b1656950\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 227328 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a8743211588f821a403893915e07c88b\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 231936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9bcbdeeda130ad3bc5a8bea44fadb8c3\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 312832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\90da4b2ee731196e31798f945982d340\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 276992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\8ebb5f9d3e8845bc74418d46c5ce1963\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 393728 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7989e9f92009570c14444a5d567b2de6\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6e1ce704a3683bbc80d90ba093f3809d\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 497664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5eea04dcd84086d50a45698c2b2d0cc1\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 276992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\472171d658168e23614d66d1c07d5e9f\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll

- 2011-08-17 03:07 . 2011-08-17 03:07 209920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\33d0289649f9ef4635cab911dc4a10b1\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 209920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\33d0289649f9ef4635cab911dc4a10b1\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\17a35b72b947f9c4a085e0385fe1a054\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\16d576838360f6840f69a2b498622e8a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 226816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\0b3b1d6a7e10841776591af72565f756\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 226816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\0b3b1d6a7e10841776591af72565f756\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\07958ebd5a818a6fec84e040f9be9328\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\fed874427d329b3843becb214c2cbb24\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\fed874427d329b3843becb214c2cbb24\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 417280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9cfb6b2890eaadb91daabd96c080c7e9\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\39d05a919cdf3a0b8a841cf64d9d5b2d\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\201551dfa891ef2533b4f6961f158b53\Microsoft.PowerShell.ConsoleHost.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\201551dfa891ef2533b4f6961f158b53\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\e756b694e3c6de76a8002725d73b8139\Microsoft.Office.Tools.v9.0.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\7526010a48ec74557bcb14b1da86e683\Microsoft.Office.Tools.Outlook.v9.0.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\848c9da3e69048629734e47234788a7d\Microsoft.MediaCenter.Shell.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\848c9da3e69048629734e47234788a7d\Microsoft.MediaCenter.Shell.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\643b81852e3d9761f609db2d2d149e6f\Microsoft.MediaCenter.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\643b81852e3d9761f609db2d2d149e6f\Microsoft.MediaCenter.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3009e8d27d0662799fcde4a99cfaa62c\Microsoft.MediaCenter.Sports.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3009e8d27d0662799fcde4a99cfaa62c\Microsoft.MediaCenter.Sports.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\7bccb8455ab63acd2fd36dbb6348b77a\Microsoft.ManagementConsole.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\7bccb8455ab63acd2fd36dbb6348b77a\Microsoft.ManagementConsole.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f62d326919623ec6e0ab3f835aedb3f5\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f62d326919623ec6e0ab3f835aedb3f5\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\9f583d5c7de9d6469697e822dbabe645\Microsoft.Build.Utilities.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\9f583d5c7de9d6469697e822dbabe645\Microsoft.Build.Utilities.ni.dll

- 2011-08-17 03:07 . 2011-08-17 03:07 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\5cca853a01d7873f5d763de8677b8482\Microsoft.Build.Framework.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\5cca853a01d7873f5d763de8677b8482\Microsoft.Build.Framework.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\14790d6818b2c3722b3877caf007a418\Microsoft.Build.Framework.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\14790d6818b2c3722b3877caf007a418\Microsoft.Build.Framework.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:21 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\a65a7ff52cef80cd25d5f7a08be30bde\Microsoft.Build.Conversion.v3.5.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\a65a7ff52cef80cd25d5f7a08be30bde\Microsoft.Build.Conversion.v3.5.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\656fee71cea5bce92f762df631ecebeb\Mcx2Dvcs.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\656fee71cea5bce92f762df631ecebeb\Mcx2Dvcs.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\46247732b2fdb4edb0f30f8c25dd14a4\mcupdate.ni.exe

+ 2011-09-18 12:20 . 2011-09-18 12:20 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\46247732b2fdb4edb0f30f8c25dd14a4\mcupdate.ni.exe

- 2011-08-17 14:34 . 2011-08-17 14:34 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\933b32ca7ef1bab5c3c846d1e8498b52\mcstoredb.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\933b32ca7ef1bab5c3c846d1e8498b52\mcstoredb.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\f542b6731c25678aa81fafe1e59292e4\mcstore.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\f542b6731c25678aa81fafe1e59292e4\mcstore.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\a4a6d5566946a8bf38b3b17446cf1f58\loadmxf.ni.exe

- 2011-08-17 14:35 . 2011-08-17 14:35 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\a4a6d5566946a8bf38b3b17446cf1f58\loadmxf.ni.exe

+ 2011-09-18 12:20 . 2011-09-18 12:20 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\a85ee567ab2608b4a0e926600b56b0ab\EventViewer.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\a85ee567ab2608b4a0e926600b56b0ab\EventViewer.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\2fcc1a9e9d1562a68bc676f4a9821f38\ehiWUapi.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\2fcc1a9e9d1562a68bc676f4a9821f38\ehiWUapi.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\14701ef3387cf0a95c98bb1e4ceae0da\ehiwmp.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\14701ef3387cf0a95c98bb1e4ceae0da\ehiwmp.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\00922b3ff2116a38b97469cc4b405573\ehiUserXp.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\00922b3ff2116a38b97469cc4b405573\ehiUserXp.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\ec0aa4c11ed3aefcae02eb38f86231cd\ehiReplay.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\ec0aa4c11ed3aefcae02eb38f86231cd\ehiReplay.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\aecbd2f45aa74ee3f57dc277e9d8343f\ehiExtens.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\aecbd2f45aa74ee3f57dc277e9d8343f\ehiExtens.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\7f3e720ebf0164673c94202b8e51c119\ehExtHost.ni.exe

- 2011-08-17 14:34 . 2011-08-17 14:34 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\7f3e720ebf0164673c94202b8e51c119\ehExtHost.ni.exe

- 2011-08-17 14:34 . 2011-08-17 14:34 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\d9c6f79562e7618065e4e22446500a02\ehepgdat.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\d9c6f79562e7618065e4e22446500a02\ehepgdat.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\3261cad9c1981ebf952370ebb267f46f\ehCIR.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\3261cad9c1981ebf952370ebb267f46f\ehCIR.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\44e83cf4ba00700dec4e6d9364daa7b1\CustomMarshalers.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\44e83cf4ba00700dec4e6d9364daa7b1\CustomMarshalers.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\c392ae5019176660dd3e81503ede7bb4\ComSvcConfig.ni.exe

+ 2011-09-18 12:16 . 2011-09-18 12:16 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\c392ae5019176660dd3e81503ede7bb4\ComSvcConfig.ni.exe

+ 2011-09-18 12:19 . 2011-09-18 12:19 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\b8a793412f4ae385b0e6bc97f2afc1ff\BDATunePIA.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\b8a793412f4ae385b0e6bc97f2afc1ff\BDATunePIA.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4393f39e7dcd910521a93a5a588fa1c5\WsatConfig.ni.exe

+ 2011-09-18 12:09 . 2011-09-18 12:09 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4393f39e7dcd910521a93a5a588fa1c5\WsatConfig.ni.exe

- 2011-08-17 15:02 . 2011-08-17 15:02 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\64e6bc21d6554252e53e87c04a70a04d\WindowsFormsIntegration.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\64e6bc21d6554252e53e87c04a70a04d\WindowsFormsIntegration.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\96031e87be161842765531e37a996df6\UIAutomationTypes.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\96031e87be161842765531e37a996df6\UIAutomationTypes.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ec050b2f1ddc5f3023e9bc7375f90a1d\UIAutomationClient.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ec050b2f1ddc5f3023e9bc7375f90a1d\UIAutomationClient.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8db6e879e71858d2995390526368262e\TaskScheduler.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8db6e879e71858d2995390526368262e\TaskScheduler.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 420864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\dc1245b46eceac4312a47737df04b4b1\System.Xml.Linq.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 420864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\dc1245b46eceac4312a47737df04b4b1\System.Xml.Linq.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 130560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\44ee01fb8d7169ad780af3e2fccbe428\System.Web.Routing.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 130560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\44ee01fb8d7169ad780af3e2fccbe428\System.Web.Routing.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3ea90d05680ed6259ccb21f12cce70fb\System.Web.RegularExpressions.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3ea90d05680ed6259ccb21f12cce70fb\System.Web.RegularExpressions.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1abc99e2fa94ca63c9b44ebcb074b031\System.Web.Extensions.Design.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1abc99e2fa94ca63c9b44ebcb074b031\System.Web.Extensions.Design.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 329216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e2910ea97106bb4ccec61d875d79fd10\System.Web.Entity.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 329216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e2910ea97106bb4ccec61d875d79fd10\System.Web.Entity.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4b9d4fbc374aa3772ead7bf30d29f27b\System.Web.Entity.Design.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4b9d4fbc374aa3772ead7bf30d29f27b\System.Web.Entity.Design.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 551936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\29fc2fc66c4c543018f2270c1c02803a\System.Web.DynamicData.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 551936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\29fc2fc66c4c543018f2270c1c02803a\System.Web.DynamicData.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\12da8d5708a0cf1c5c5ae02d1394880a\System.Web.Abstractions.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\12da8d5708a0cf1c5c5ae02d1394880a\System.Web.Abstractions.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccd064df52eb5479bf745ec2a7b74952\System.Security.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a62d68943088191659432dbe33669f2\System.Runtime.Serialization.Formatters.Soap.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a62d68943088191659432dbe33669f2\System.Runtime.Serialization.Formatters.Soap.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\7754d47296d9201c1856c41637b8a911\System.Net.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\7754d47296d9201c1856c41637b8a911\System.Net.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6db17e040b1104fa9a9760c88c67b862\System.Messaging.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6db17e040b1104fa9a9760c88c67b862\System.Messaging.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 331264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\583f33d141c5cf85af51fbf2f88ea8b8\System.Management.Instrumentation.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 331264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\583f33d141c5cf85af51fbf2f88ea8b8\System.Management.Instrumentation.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\06bcbb2f0b2de5bc7ebc92f7c2028181\System.IO.Log.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\06bcbb2f0b2de5bc7ebc92f7c2028181\System.IO.Log.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2ba816b41a3f13685fd28d2ad50970ec\System.IdentityModel.Selectors.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2ba816b41a3f13685fd28d2ad50970ec\System.IdentityModel.Selectors.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.Wrapper.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.Wrapper.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\29cbe2999c5c4d9b16ce0942323075fc\System.Drawing.Design.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\29cbe2999c5c4d9b16ce0942323075fc\System.Drawing.Design.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ed84c038dbce9cab34496f5dbd10b12\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ed84c038dbce9cab34496f5dbd10b12\System.DirectoryServices.AccountManagement.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\10dea0183eb6ff30200d910dc34b872b\System.DirectoryServices.Protocols.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\10dea0183eb6ff30200d910dc34b872b\System.DirectoryServices.Protocols.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\91bf313faecb6262606fc2dbf5d69973\System.Data.Services.Design.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\91bf313faecb6262606fc2dbf5d69973\System.Data.Services.Design.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 944128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0700bf444cb397425fce262fefab1408\System.Data.Services.Client.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 944128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0700bf444cb397425fce262fefab1408\System.Data.Services.Client.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 759296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\3b11f7e568e1cd032a827b52c0b862e3\System.Data.Entity.Design.ni.dll

+ 2011-09-18 12:06 . 2011-09-18 12:06 759296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\3b11f7e568e1cd032a827b52c0b862e3\System.Data.Entity.Design.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 136704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\3a07be9c7597f6bb9ba7c25cc24f6024\System.Data.DataSetExtensions.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 136704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\3a07be9c7597f6bb9ba7c25cc24f6024\System.Data.DataSetExtensions.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c3cfe8388734152100ff476350fb3ddb\System.Configuration.Install.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c3cfe8388734152100ff476350fb3ddb\System.Configuration.Install.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\24421bf969f562eacc40eaa5c92a8645\System.AddIn.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\0d00826b5faadbfc192c3679e5ab30cf\System.AddIn.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\0d00826b5faadbfc192c3679e5ab30cf\System.AddIn.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\7879c86ded9fabda3e3285420ab3a406\sysglobl.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\7879c86ded9fabda3e3285420ab3a406\sysglobl.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\878ab210235309095edcd2565987503e\SMSvcHost.ni.exe

+ 2011-09-18 12:05 . 2011-09-18 12:05 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\878ab210235309095edcd2565987503e\SMSvcHost.ni.exe

+ 2011-09-18 11:59 . 2011-09-18 11:59 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\c0e48084525f817b13d79d7d2dec52cc\ServiceModelReg.ni.exe

+ 2011-09-18 12:05 . 2011-09-18 12:05 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\c0e48084525f817b13d79d7d2dec52cc\ServiceModelReg.ni.exe

+ 2011-09-18 12:05 . 2011-09-18 12:05 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a51a17cc3195c47d97be3f387f86c462\PresentationFramework.Luna.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a51a17cc3195c47d97be3f387f86c462\PresentationFramework.Luna.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4aa958d331158aa1c46b80468c842a34\PresentationFramework.Classic.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4aa958d331158aa1c46b80468c842a34\PresentationFramework.Classic.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0159274c97a3fa4d942e6b4e321b6a54\PresentationFramework.Royale.ni.dll

Posted

Combofix 4 of 4

 

+ 2011-09-18 12:05 . 2011-09-18 12:05 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0159274c97a3fa4d942e6b4e321b6a54\PresentationFramework.Royale.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\6849e7e884c97c0b8c9601539c0e093f\napsnap.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\6849e7e884c97c0b8c9601539c0e093f\napsnap.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\abace0d3ea5d15d57cac11c1bbcd0952\napinit.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\abace0d3ea5d15d57cac11c1bbcd0952\napinit.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\4dad5608f35eaa140c6eae43f1f2ea6c\naphlpr.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\4dad5608f35eaa140c6eae43f1f2ea6c\naphlpr.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f1f2f55a0427a355d4bfde947a4a1546\MSBuild.ni.exe

- 2011-08-17 14:50 . 2011-08-17 14:50 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f1f2f55a0427a355d4bfde947a4a1546\MSBuild.ni.exe

+ 2011-09-18 12:00 . 2011-09-18 12:00 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\2c18cdf3808acb8ecb484b9f2940f0b3\MMCFxCommon.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\2c18cdf3808acb8ecb484b9f2940f0b3\MMCFxCommon.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\c3b4602f861bbf8a77d16be1a16017b7\Microsoft.WSMan.Management.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\c3b4602f861bbf8a77d16be1a16017b7\Microsoft.WSMan.Management.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fa5ad58d739e82d176afdaa4ef8cabce\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fa5ad58d739e82d176afdaa4ef8cabce\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f5f2951bec5bf2d332d81c4982e6f6ad\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f5f2951bec5bf2d332d81c4982e6f6ad\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f349150d9e462beaf3ed82fa6de4def5\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f349150d9e462beaf3ed82fa6de4def5\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cf804d00790ee4fc87fdaa4752894e2c\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cf804d00790ee4fc87fdaa4752894e2c\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ace2797ec51c4fbc038d04100e43483a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ace2797ec51c4fbc038d04100e43483a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 183808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a1de1c631d15d03db9528d30043f076d\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9f5c78d1ee12f2fc223392f45d690720\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9f5c78d1ee12f2fc223392f45d690720\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8c69180d706ea484a3e65c0835bfb71d\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8c69180d706ea484a3e65c0835bfb71d\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8b78cbab18c8e29a86a41543f90edddc\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8b78cbab18c8e29a86a41543f90edddc\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 183808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7e1cf722cc92b89ff5a9a0b9a3aecbf7\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 664064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6f5fea872cea36f16812965d279ad35a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 664064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6f5fea872cea36f16812965d279ad35a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\65a312356e672874ea2a05e9adc4acd3\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 368640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\587d76d658b4a11eb27a2db330d363d8\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 368640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\587d76d658b4a11eb27a2db330d363d8\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3c7184deb30af2783c0d06449f107475\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll

+ 2011-09-18 12:03 . 2011-09-18 12:03 337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3c7184deb30af2783c0d06449f107475\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\38cb51daa421db7cd00eac6b27ce3601\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 623616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\30378827f5558703c17257b81c2861fa\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 623616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\30378827f5558703c17257b81c2861fa\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 192000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\232ed4d5fc2851f498acfdf61dfcc4c2\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:04 . 2011-09-18 12:04 192000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\02f8fc8e2bf05702aae72f4162f531ab\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cf693d9799ee92ab0dc4ad51719842f9\Microsoft.Transactions.Bridge.Dtc.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cf693d9799ee92ab0dc4ad51719842f9\Microsoft.Transactions.Bridge.Dtc.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\dac6ba163a212ef25e2a95be73d4894e\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\dac6ba163a212ef25e2a95be73d4894e\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7de5db00e81689537057130e3fa9d5b\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7de5db00e81689537057130e3fa9d5b\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83306689d48575a50d4d84b27a63146b\Microsoft.PowerShell.ConsoleHost.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83306689d48575a50d4d84b27a63146b\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\767b4b96bb9ae9630bcb460fab12d2b0\Microsoft.PowerShell.Security.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\767b4b96bb9ae9630bcb460fab12d2b0\Microsoft.PowerShell.Security.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\363885fbbedc42023028658e4153ab56\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\363885fbbedc42023028658e4153ab56\Microsoft.PowerShell.GraphicalHost.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ef332d73053fe2134d37157270c1d217\Microsoft.Office.Tools.v9.0.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ef332d73053fe2134d37157270c1d217\Microsoft.Office.Tools.v9.0.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\edae3890c88c862c405ea11854b54242\Microsoft.Office.Tools.Outlook.v9.0.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\edae3890c88c862c405ea11854b54242\Microsoft.Office.Tools.Outlook.v9.0.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 815616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\347caf13189a39c1635e96f1c4b2067f\Microsoft.Office.Tools.Common.v9.0.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 815616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\347caf13189a39c1635e96f1c4b2067f\Microsoft.Office.Tools.Common.v9.0.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\25144555a387137a65f17e6f0db7246b\Microsoft.Office.Tools.Word.v9.0.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\25144555a387137a65f17e6f0db7246b\Microsoft.Office.Tools.Word.v9.0.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 271360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7763a2b7cbd20e738185b22721ffeb4f\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 271360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7763a2b7cbd20e738185b22721ffeb4f\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb189e9d53d02b3d63c3828c0463cc12\Microsoft.MediaCenter.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb189e9d53d02b3d63c3828c0463cc12\Microsoft.MediaCenter.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6ef5be72dab25ea6491e4a6891aa1457\Microsoft.ManagementConsole.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6ef5be72dab25ea6491e4a6891aa1457\Microsoft.ManagementConsole.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\6e811077099353d6ad45ad44d8cbefb9\Microsoft.BusinessData.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\6e811077099353d6ad45ad44d8cbefb9\Microsoft.BusinessData.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\e9e6ed1e90de7f57500f137fcf429f0b\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\e9e6ed1e90de7f57500f137fcf429f0b\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b316d7ba730f523a2ec12d9c5f4b73b6\Microsoft.Build.Utilities.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b316d7ba730f523a2ec12d9c5f4b73b6\Microsoft.Build.Utilities.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e9af947dc6d2428c521ac653b21b8668\Microsoft.Build.Engine.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e9af947dc6d2428c521ac653b21b8668\Microsoft.Build.Engine.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\ea3acb2fc7a8433efd09d63f6ff5bb5b\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\ea3acb2fc7a8433efd09d63f6ff5bb5b\Microsoft.Build.Conversion.v3.5.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\ce072aeecd1c5d0ae54fd0fce46f52e0\EventViewer.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\ce072aeecd1c5d0ae54fd0fce46f52e0\EventViewer.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\9e98d7dcfeb34bbf6d2ea0e711b3ae4f\ehiExtens.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\9e98d7dcfeb34bbf6d2ea0e711b3ae4f\ehiExtens.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\b54654928cb5eabb468d19a32ae75d32\ehExtHost32.ni.exe

+ 2011-09-18 11:59 . 2011-09-18 11:59 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\b54654928cb5eabb468d19a32ae75d32\ehExtHost32.ni.exe

- 2011-08-17 14:51 . 2011-08-17 14:51 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\798dad8e1b1dae489aa30b4341bcdba7\CustomMarshalers.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\798dad8e1b1dae489aa30b4341bcdba7\CustomMarshalers.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\147a04caf482e4d4082582a7698883e4\ComSvcConfig.ni.exe

- 2011-08-17 14:50 . 2011-08-17 14:50 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\147a04caf482e4d4082582a7698883e4\ComSvcConfig.ni.exe

- 2009-05-24 11:19 . 2011-09-16 01:54 3416760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-05-24 11:19 . 2011-09-18 12:55 3416760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-05-22 04:32 . 2011-09-16 01:54 1492156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1463916579-3978265779-3180963287-1000-8192.dat

+ 2011-05-22 04:32 . 2011-09-18 12:55 1492156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1463916579-3978265779-3180963287-1000-8192.dat

+ 2011-05-23 11:03 . 2011-09-16 16:41 3018316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1463916579-3978265779-3180963287-1000-4096.dat

- 2010-03-18 18:27 . 2010-03-18 18:27 1221464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpftxt_v0400.dll

+ 2011-04-06 21:45 . 2011-04-06 21:45 1221464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpftxt_v0400.dll

+ 2011-04-06 21:45 . 2011-04-06 21:45 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll

- 2010-03-18 18:27 . 2010-03-18 18:27 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 1368920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 6428520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll

+ 2011-04-06 21:45 . 2011-04-06 21:45 3824480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll

+ 2011-04-06 21:45 . 2011-04-06 21:45 3235656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

- 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 6097256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 3116376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 1354584 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll

- 2011-04-13 02:16 . 2011-04-13 02:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 1454416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 1514840 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 1511240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll

+ 2011-05-17 14:08 . 2011-05-17 14:08 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll

- 2011-04-13 02:16 . 2011-04-13 02:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll

- 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 2261832 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

+ 2011-04-06 20:48 . 2011-04-06 20:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll

- 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll

+ 2011-04-06 20:48 . 2011-04-06 20:48 1354584 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll

- 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2011-05-17 13:27 . 2011-05-17 13:27 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

- 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-08-17 03:00 . 2011-08-17 03:01 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2011-08-17 03:01 . 2011-08-17 03:01 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-09-17 23:13 . 2011-09-17 23:13 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-08-17 02:59 . 2011-08-17 02:59 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-09-17 23:12 . 2011-09-17 23:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2011-08-17 03:00 . 2011-08-17 03:00 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\22031d.msp

+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\2202fe.msp

+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\2202dd.msp

+ 2011-07-21 16:51 . 2011-07-21 16:51 9623040 c:\windows\Installer\2202c7.msp

+ 2011-07-21 16:45 . 2011-07-21 16:45 3809792 c:\windows\Installer\2202a9.msp

+ 2011-08-16 03:56 . 2011-08-16 03:56 3460096 c:\windows\Installer\220293.msp

+ 2011-07-21 16:41 . 2011-07-21 16:41 8413696 c:\windows\Installer\22027d.msp

+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\220267.msp

+ 2011-08-22 03:18 . 2011-08-22 03:18 1585152 c:\windows\Installer\220256.msp

- 2010-10-31 14:39 . 2011-08-17 03:06 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 4520288 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 4520288 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-10-31 14:39 . 2011-09-16 02:40 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe

- 2010-10-31 14:39 . 2011-08-17 03:06 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-03-18 18:27 . 2010-03-18 18:27 1221464 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpftxt_amd64.dll

+ 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_x86.dll

+ 2010-03-18 18:27 . 2010-03-18 18:27 2153816 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_amd64.dll

+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_x86.dll

+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_amd64.dll

+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_x86.dll

+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_amd64.dll

+ 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll

+ 2010-03-18 18:27 . 2010-03-18 18:27 3453792 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll

+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OARTCONV.DLL

+ 2006-10-27 00:42 . 2006-10-27 00:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OARTCONV.DLL

+ 2011-09-18 12:43 . 2011-09-18 12:43 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\2b21f937d40320cabc3c85c031db88d8\WindowsBase.ni.dll

+ 2011-09-18 12:51 . 2011-09-18 12:51 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d14a6bf514550fdc219f580348599c58\UIAutomationClientsideProviders.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\8e4323f5bfb90be4621456033d8b404b\System.Xml.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\2a3c95561c3de429c3c0e7a53a920c45\System.Xaml.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\b346685f479e27aadce1793789333bfb\System.Windows.Forms.DataVisualization.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\4ee71342f3eadce770c5b227e0e72015\System.Web.Services.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\7211feffc35222c34e5d6b9e97f1c009\System.Speech.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e449cb587c51f7bec5fcff8964844151\System.ServiceModel.Activities.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5af78d8b92c4a0b7f90dd99a8742c565\System.ServiceModel.Discovery.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\2c3f2f005761a596bf9e7262b76735a3\System.Runtime.Serialization.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\d850328fdb0d5b403f2b4a7752ec43da\System.Runtime.DurableInstancing.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\35bb0262c48890be46a1861b63bed32d\System.Printing.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\73c6deea16d8ee87e65156bb9ef90e0b\System.Management.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\6d8ec822ecf54529d04b1342aef58dd3\System.IdentityModel.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0237eaa2a9c71060227e6d310a887c07\System.Drawing.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\8440779374dcb4d650179a61139684b0\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1b6321bae09adccce41aedcd91fcea9b\System.DirectoryServices.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\f0cadc34a72bbfb06158ee14e3f3b97d\System.Deployment.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\20d5aeb1486af05bd5885e431e8cf531\System.Data.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\84e0e94c07d03148371aad1c9212daba\System.Data.SqlXml.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c66f4672f3f96cac1796475fc53084f7\System.Data.Services.Client.ni.dll

+ 2011-09-18 12:48 . 2011-09-18 12:48 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\f985d985539603a521e6051cbef283d7\System.Data.Linq.ni.dll

+ 2011-09-18 12:41 . 2011-09-18 12:41 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\d17a133036827281e02df99161f83199\System.Configuration.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\87cacc996ae318f4bd1e126f8271b8c1\System.ComponentModel.Composition.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\6f46271408743437680ef855e26ba561\System.Activities.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\b5dc8079f2701e3cf6a139deca5c0982\System.Activities.Presentation.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\bb930355f9bcc3bc388397471ae88492\System.Activities.Core.Presentation.ni.dll

+ 2011-09-18 12:47 . 2011-09-18 12:47 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8df1ec785fb8923566f2ce612f108cee\ReachFramework.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\944136b49e38259ce517a6fe3e71fa4d\PresentationUI.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f35f1a86bb6cdfc3547ff815dddfa629\Microsoft.VisualBasic.ni.dll

+ 2011-09-18 12:43 . 2011-09-18 12:43 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b915c536f129912ec5b50a187d663103\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2011-09-18 12:43 . 2011-09-18 12:43 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\7caaf5543210b5383267ef450c2173f7\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2011-09-18 12:42 . 2011-09-18 12:42 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\41248e69f60429253a19267620bd5dcd\Microsoft.Transactions.Bridge.ni.dll

+ 2011-09-18 12:49 . 2011-09-18 12:49 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\a266703ae4763423c8e41fd9e375bf76\Microsoft.JScript.ni.dll

+ 2011-09-18 12:31 . 2011-09-18 12:31 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\db2aa89dbd68dddefe47c70b35c045cf\Microsoft.CSharp.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e6474cae2445440fccb0e62e689e6c22\UIAutomationClientsideProviders.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a216205660fa7dabec6af4a7c52956ee\System.Windows.Forms.DataVisualization.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\40c543317017c549c3d17d714c3cf1fc\System.Web.Services.ni.dll

+ 2011-09-18 12:15 . 2011-09-18 12:15 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\86d3010efe01e554be5b8cd680fcfe2a\System.Speech.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f37365c0acb4b409a486f3aa4512a03e\System.ServiceModel.Discovery.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a53b7bb4838c656363b29f79f708a0f0\System.ServiceModel.Activities.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\33b886ae33f78b046f90bda3dde2688e\System.Runtime.Serialization.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\5c659e2195f712d6638b8536da384cda\System.Runtime.DurableInstancing.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0751e44f42a603bfe153a4bbd124f62f\System.Printing.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e1acefba94c07ca77d751b68bc3e33d3\System.IdentityModel.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\be3d47a08a8e4118e75e31a402259409\System.DirectoryServices.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\864c2fd53f879fcd5f9b335cf49a66b4\System.Deployment.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\80bdabbd69127228408b96ca23460389\System.Data.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ec8c58572e78fa5fc63bb8b29ed7481a\System.Data.SqlXml.ni.dll

+ 2011-09-18 12:13 . 2011-09-18 12:13 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\04f451f2d493483696f852bdce8c36e0\System.Data.Services.Client.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8a671058b35f625fb958ff2228fbc9cf\System.Data.Linq.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c527fa8c447a9edfeb14eeaf4af0a742\System.Activities.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\5be7a4e9c92dff127c74c0d744b3f523\System.Activities.Presentation.ni.dll

+ 2011-09-18 12:12 . 2011-09-18 12:12 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\1871f74f0a94ec1d26071dcc872d4189\System.Activities.Core.Presentation.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\5d8782e167084ab1fced20b86cfb26e2\ReachFramework.ni.dll

+ 2011-09-18 12:11 . 2011-09-18 12:11 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de59faecd59acbc6caabecbd8efbbb50\PresentationUI.ni.dll

+ 2011-09-18 12:10 . 2011-09-18 12:10 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce05202cabbee87cda0b3df2e56a6b20\Microsoft.VisualBasic.ni.dll

+ 2011-09-18 12:10 . 2011-09-18 12:10 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\899c60052ad7e741dc444017cc907ca8\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2011-09-18 12:10 . 2011-09-18 12:10 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0adf14e7c198b3e2a634e53a23ddad7b\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4376863f8deba766befd5d8e41316a91\Microsoft.Transactions.Bridge.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2ceaa7403e2bdea36367a0a67d972f03\Microsoft.JScript.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll

+ 2011-09-18 12:30 . 2011-09-18 12:30 5527040 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\ec1bf4fd0397d41012d205dbd188b458\ZuneShell.ni.dll

- 2011-08-17 14:40 . 2011-08-17 14:40 5527040 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\ec1bf4fd0397d41012d205dbd188b458\ZuneShell.ni.dll

- 2011-08-17 14:40 . 2011-08-17 14:40 3569664 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\079975cad55ee8d2bdbc3ccf7be08763\ZuneDBApi.ni.dll

+ 2011-09-18 12:30 . 2011-09-18 12:30 3569664 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\079975cad55ee8d2bdbc3ccf7be08763\ZuneDBApi.ni.dll

- 2011-08-17 12:48 . 2011-08-17 12:48 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4481dd92332b45019023338cf615a630\WindowsBase.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 4925440 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4481dd92332b45019023338cf615a630\WindowsBase.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 6202880 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\899122d440010a16ed01ed0bf25b4f96\UIX.ni.dll

- 2011-08-17 14:40 . 2011-08-17 14:40 6202880 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\899122d440010a16ed01ed0bf25b4f96\UIX.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 2628608 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\4f5abb91f71844b304261885d07785bd\UIX.RenderApi.ni.dll

- 2011-08-17 14:40 . 2011-08-17 14:40 2628608 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\4f5abb91f71844b304261885d07785bd\UIX.RenderApi.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\45a7a0e9cfca734aa0aacec24cf58c6a\UIAutomationClientsideProviders.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 1461248 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\45a7a0e9cfca734aa0aacec24cf58c6a\UIAutomationClientsideProviders.ni.dll

- 2011-08-17 12:52 . 2011-08-17 12:52 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\55726d96df2a370794eb1a18253c4647\System.Xml.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\55726d96df2a370794eb1a18253c4647\System.Xml.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\0c53724752b6912479128ea7cc02f6f6\System.WorkflowServices.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\0c53724752b6912479128ea7cc02f6f6\System.WorkflowServices.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\fd1e02085a6aecb0dabeaea2db00b1e4\System.Workflow.Runtime.ni.dll

- 2011-08-17 12:52 . 2011-08-17 12:52 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\fd1e02085a6aecb0dabeaea2db00b1e4\System.Workflow.Runtime.ni.dll

- 2011-08-17 12:52 . 2011-08-17 12:52 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\64e5f32fafa7178f2cb1a16371969ea2\System.Workflow.ComponentModel.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\64e5f32fafa7178f2cb1a16371969ea2\System.Workflow.ComponentModel.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\cac06ca4c93cbf95921be63b8c09ee44\System.Workflow.Activities.ni.dll

- 2011-08-17 12:51 . 2011-08-17 12:51 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\cac06ca4c93cbf95921be63b8c09ee44\System.Workflow.Activities.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ccb9d0e917993cef0ecfebfcbcb08a5f\System.Web.Services.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\ccb9d0e917993cef0ecfebfcbcb08a5f\System.Web.Services.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\5bbe971da5ecbe05c515c6f8c4f4e896\System.Web.Mobile.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\5bbe971da5ecbe05c515c6f8c4f4e896\System.Web.Mobile.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e445fe44a510709916e47395b31937c2\System.Web.Extensions.Design.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e445fe44a510709916e47395b31937c2\System.Web.Extensions.Design.ni.dll

+ 2011-09-18 12:28 . 2011-09-18 12:28 3048448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\6a0cce3a56af5772a27b117300e364d7\System.Web.Extensions.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\4a9449b7e5a9e2cb569b5960f83215bd\System.Speech.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 2726912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\4a9449b7e5a9e2cb569b5960f83215bd\System.Speech.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\ba8d54452dfef1e8c77b7ad958261d16\System.ServiceModel.Web.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\ba8d54452dfef1e8c77b7ad958261d16\System.ServiceModel.Web.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8f2756757122d8e810e54ad9a6a9b934\System.Runtime.Serialization.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8f2756757122d8e810e54ad9a6a9b934\System.Runtime.Serialization.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1417e3a586572bba058fc1b147932ed5\System.Runtime.Remoting.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1417e3a586572bba058fc1b147932ed5\System.Runtime.Remoting.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\5e6c150a1bfdb5ad172d939f41e4b1d5\System.Printing.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\5e6c150a1bfdb5ad172d939f41e4b1d5\System.Printing.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\1ce66c0c7c84321e850250fe7e89a6d7\System.Management.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\1ce66c0c7c84321e850250fe7e89a6d7\System.Management.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\2fc69556c19f1018463627e8691bfac2\System.IdentityModel.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\2fc69556c19f1018463627e8691bfac2\System.IdentityModel.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\60d0a368a83327d788a62b762a670cce\System.EnterpriseServices.ni.dll

- 2011-08-17 12:51 . 2011-08-17 12:51 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ece8747d21e40443e5c2228818711917\System.Drawing.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ece8747d21e40443e5c2228818711917\System.Drawing.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e08075670461b361f7ab19764a2a65f0\System.DirectoryServices.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e08075670461b361f7ab19764a2a65f0\System.DirectoryServices.ni.dll

- 2011-08-17 14:39 . 2011-08-17 14:39 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\465aaeb3843fddc00825724c467ba928\System.DirectoryServices.AccountManagement.ni.dll

Posted

Combofix 5 (I thought I only need 4 replies, but I think this would require 6)

 

c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\465aaeb3843fddc00825724c467ba928\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\532040f56e2606c200cc8ea93d678fdb\System.Deployment.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\532040f56e2606c200cc8ea93d678fdb\System.Deployment.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\44fbadec39cc1727a2eb1952bfa34f8a\System.Data.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\44fbadec39cc1727a2eb1952bfa34f8a\System.Data.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d432627b67fa9a643f11a2ca01beaf32\System.Data.SqlXml.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\d432627b67fa9a643f11a2ca01beaf32\System.Data.SqlXml.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 1845760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\c22afd0eb5da83e3a073e9642fd41028\System.Data.Services.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 1282560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\627f82dd583350870dd8dbb31185df05\System.Data.Services.Client.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\4dbca3549ccd921fe1737fefdeb16e59\System.Data.OracleClient.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\4dbca3549ccd921fe1737fefdeb16e59\System.Data.OracleClient.ni.dll

+ 2011-09-17 23:17 . 2011-09-17 23:17 3489280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\fd1f509565e5defca40b9d1e338981fc\System.Data.Linq.ni.dll

+ 2011-09-18 12:27 . 2011-09-18 12:27 1080832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\cf2b9a27d24b807a9b24c3e4221d8174\System.Data.Entity.Design.ni.dll

+ 2011-09-18 12:29 . 2011-09-18 12:29 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\a1f86b4e7e9b4f3b6ef7775a09b17314\System.Core.ni.dll

+ 2011-09-18 12:16 . 2011-09-18 12:16 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\2d8a18ff1b0b4029fcea093444920fd2\System.Configuration.ni.dll

- 2011-08-17 14:32 . 2011-08-17 14:32 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\2d8a18ff1b0b4029fcea093444920fd2\System.Configuration.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\14ae2040aa87410b5a2f932260423510\ReachFramework.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\14ae2040aa87410b5a2f932260423510\ReachFramework.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\de9f5fb58d639cac800701ca9443d21a\PresentationUI.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\de9f5fb58d639cac800701ca9443d21a\PresentationUI.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\05e1fb5e6b68eba9db5e8831b0eaa4f2\PresentationBuildTasks.ni.dll

- 2011-08-17 14:38 . 2011-08-17 14:38 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\05e1fb5e6b68eba9db5e8831b0eaa4f2\PresentationBuildTasks.ni.dll

+ 2011-09-18 12:25 . 2011-09-18 12:25 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\3e805eee7e658fb9d2f94711ea769bb3\Narrator.ni.exe

- 2011-08-17 14:37 . 2011-08-17 14:37 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\3e805eee7e658fb9d2f94711ea769bb3\Narrator.ni.exe

+ 2011-09-18 12:25 . 2011-09-18 12:25 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\0ef6ee25c2aeab72acbbee9a0207ae76\MMCEx.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\0ef6ee25c2aeab72acbbee9a0207ae76\MMCEx.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\9bf16ef26005c399e46d9ff70c6ba0f2\MIGUIControls.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\9bf16ef26005c399e46d9ff70c6ba0f2\MIGUIControls.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 1878016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\092625a3914f7cf8213f1108e0d90ad0\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll

+ 2011-09-18 12:24 . 2011-09-18 12:24 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\9a4e215c8cb20a6638d114e84840e491\Microsoft.VisualBasic.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\9a4e215c8cb20a6638d114e84840e491\Microsoft.VisualBasic.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\7962020dd38abe36bfa49ba3e081cceb\Microsoft.Transactions.Bridge.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\7962020dd38abe36bfa49ba3e081cceb\Microsoft.Transactions.Bridge.ni.dll

- 2011-08-17 14:37 . 2011-08-17 14:37 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9bb1e0baeddcd1ff6d4225493f99363a\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9bb1e0baeddcd1ff6d4225493f99363a\Microsoft.PowerShell.GPowerShell.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3f6af47aae50d64bf3823fd2d5cb8e7c\Microsoft.PowerShell.Editor.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3f6af47aae50d64bf3823fd2d5cb8e7c\Microsoft.PowerShell.Editor.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0dea2cad63e23249fc20d63a79047947\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0dea2cad63e23249fc20d63a79047947\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 1093120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\742f4c1b7480a8a640e74a50063c221c\Microsoft.Office.Tools.Common.v9.0.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\742f4c1b7480a8a640e74a50063c221c\Microsoft.Office.Tools.Common.v9.0.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\63844573a9e465f298c1d3f6ae8d8225\Microsoft.Office.Tools.Word.v9.0.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\3f66bc06329d8abaaa05c276c12cdd9d\Microsoft.Office.Tools.Excel.v9.0.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6d3ccbb2ad5726656c7cce38d947462\Microsoft.MediaCenter.UI.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6d3ccbb2ad5726656c7cce38d947462\Microsoft.MediaCenter.UI.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\69f3a2caef03aa1802dbf72889d44277\Microsoft.JScript.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\69f3a2caef03aa1802dbf72889d44277\Microsoft.JScript.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\f3e97852244f77a0524e6902b59a7386\Microsoft.Ink.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\f3e97852244f77a0524e6902b59a7386\Microsoft.Ink.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1682b069fc1fd9a6c81257a16a8af255\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1682b069fc1fd9a6c81257a16a8af255\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\077f3aa04081b94d8f8e785947d26b5e\Microsoft.Build.Tasks.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\077f3aa04081b94d8f8e785947d26b5e\Microsoft.Build.Tasks.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8b3186906166d0e1ce1db762ac594598\Microsoft.Build.Engine.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8b3186906166d0e1ce1db762ac594598\Microsoft.Build.Engine.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6864d3b75b5cbe1abc7a63fab84493bd\Microsoft.Build.Engine.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6864d3b75b5cbe1abc7a63fab84493bd\Microsoft.Build.Engine.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\18d26ff1dc354d212e8fe28b2365cab5\ehRecObj.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\18d26ff1dc354d212e8fe28b2365cab5\ehRecObj.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\0a25c2bbadeb72e06aa2802c467882af\ehiVidCtl.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\0a25c2bbadeb72e06aa2802c467882af\ehiVidCtl.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\520d978bf705fe2387d818ee69e2fe43\ehiProxy.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\520d978bf705fe2387d818ee69e2fe43\ehiProxy.ni.dll

- 2011-08-17 03:11 . 2011-08-17 03:11 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\406ac64462bcc8db7d2a5364c355de25\ehiPlay.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\406ac64462bcc8db7d2a5364c355de25\ehiPlay.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\1730bf5a48bb393bc6d8bd60f00ce27b\ehepg.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\1730bf5a48bb393bc6d8bd60f00ce27b\ehepg.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll

+ 2011-09-18 12:09 . 2011-09-18 12:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e0b47647df7bf34058ed16ae08b5d36f\UIAutomationClientsideProviders.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e0b47647df7bf34058ed16ae08b5d36f\UIAutomationClientsideProviders.ni.dll

+ 2011-09-17 23:19 . 2011-09-17 23:19 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll

+ 2011-09-18 11:57 . 2011-09-18 11:57 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll

- 2011-08-17 12:57 . 2011-08-17 12:57 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cb4f77127908a815e9288162fa0153d1\System.WorkflowServices.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cb4f77127908a815e9288162fa0153d1\System.WorkflowServices.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\a167617a58fd061722b5bc033903e089\System.Workflow.Runtime.ni.dll

- 2011-08-17 12:57 . 2011-08-17 12:57 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\a167617a58fd061722b5bc033903e089\System.Workflow.Runtime.ni.dll

- 2011-08-17 12:57 . 2011-08-17 12:57 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5734cc1ce5f85aca912fd92584f3b3a7\System.Workflow.ComponentModel.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5734cc1ce5f85aca912fd92584f3b3a7\System.Workflow.ComponentModel.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32aeeece2a23ac0ef310b99c941b6d39\System.Workflow.Activities.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32aeeece2a23ac0ef310b99c941b6d39\System.Workflow.Activities.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d7f692ee424e8847828383ddbbf278eb\System.Web.Mobile.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d7f692ee424e8847828383ddbbf278eb\System.Web.Mobile.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 2408960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c30f735b1b14140d32178827accdbcd4\System.Web.Extensions.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 2408960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c30f735b1b14140d32178827accdbcd4\System.Web.Extensions.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\4fe82e4b4223298eae15d094a32f9298\System.Speech.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\4fe82e4b4223298eae15d094a32f9298\System.Speech.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\18be706a5ab335aaceb714f528901fe1\System.ServiceModel.Web.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\18be706a5ab335aaceb714f528901fe1\System.ServiceModel.Web.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\92bcdd721183b527543af031f307d31f\System.Printing.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\92bcdd721183b527543af031f307d31f\System.Printing.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8e2ea4d70513035f74a9604fa511754b\System.Management.Automation.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8e2ea4d70513035f74a9604fa511754b\System.Management.Automation.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e7a30fe59a12045d837f4ebaf83fc222\System.DirectoryServices.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e7a30fe59a12045d837f4ebaf83fc222\System.DirectoryServices.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc9e5e32218f8a3d2f21d89511335713\System.Deployment.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc9e5e32218f8a3d2f21d89511335713\System.Deployment.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d6ae6d71281689587705eaed351b01d4\System.Data.SqlXml.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 1330176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\41f32e478b0752c80f4e6bfb3044239a\System.Data.Services.ni.dll

+ 2011-09-18 12:07 . 2011-09-18 12:07 1330176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\41f32e478b0752c80f4e6bfb3044239a\System.Data.Services.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\9ecfa46a2c92f6493f030b02966f0ced\System.Data.OracleClient.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\9ecfa46a2c92f6493f030b02966f0ced\System.Data.OracleClient.ni.dll

+ 2011-09-17 23:19 . 2011-09-17 23:19 2526720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\4c7f6d2264e55a2dd9d5a4cbd8c51277\System.Data.Linq.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 2526720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\4c7f6d2264e55a2dd9d5a4cbd8c51277\System.Data.Linq.ni.dll

- 2011-08-17 15:01 . 2011-08-17 15:01 9926656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c1329691751241c14f8f7f30179601c9\System.Data.Entity.ni.dll

+ 2011-09-18 12:06 . 2011-09-18 12:06 9926656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c1329691751241c14f8f7f30179601c9\System.Data.Entity.ni.dll

- 2011-08-17 15:02 . 2011-08-17 15:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\045ff9d980dcb3ffeac2a0868161215e\System.Core.ni.dll

+ 2011-09-18 12:08 . 2011-09-18 12:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\045ff9d980dcb3ffeac2a0868161215e\System.Core.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b0d7aa182cb0028c92896d58ef4529da\ReachFramework.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b0d7aa182cb0028c92896d58ef4529da\ReachFramework.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7d6eba2dd1fabc7539b153845b95afa9\PresentationUI.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7d6eba2dd1fabc7539b153845b95afa9\PresentationUI.ni.dll

- 2011-08-17 15:00 . 2011-08-17 15:00 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7ad481b1a2b26bd253f0befb765b2cf1\PresentationBuildTasks.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7ad481b1a2b26bd253f0befb765b2cf1\PresentationBuildTasks.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\25fc1b1a3f51770139156021ba97251f\Narrator.ni.exe

- 2011-08-17 15:00 . 2011-08-17 15:00 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\25fc1b1a3f51770139156021ba97251f\Narrator.ni.exe

- 2011-08-17 15:00 . 2011-08-17 15:00 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\3398454f934691efb9798bb493d2f440\MMCEx.ni.dll

+ 2011-09-18 12:05 . 2011-09-18 12:05 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\3398454f934691efb9798bb493d2f440\MMCEx.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\5c89b0298570e4d1a8443ccb7aca4a1e\MIGUIControls.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\5c89b0298570e4d1a8443ccb7aca4a1e\MIGUIControls.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 1301504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\af5dbd65f9cba2efcba703113d233e96\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 1301504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\af5dbd65f9cba2efcba703113d233e96\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll

- 2011-08-17 14:59 . 2011-08-17 14:59 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7785435dab38ed94b6a0a608e91c6cda\Microsoft.VisualBasic.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\031dada967314b31703307bd10697079\Microsoft.Transactions.Bridge.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\031dada967314b31703307bd10697079\Microsoft.Transactions.Bridge.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b008b1b107c6ccdb8ab234437713b3fa\Microsoft.PowerShell.GPowerShell.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b008b1b107c6ccdb8ab234437713b3fa\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\602fed46db569c67500d5d6b00abaeeb\Microsoft.PowerShell.Commands.Utility.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\602fed46db569c67500d5d6b00abaeeb\Microsoft.PowerShell.Commands.Utility.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d659bc7dce6e73b36f5bb6ed60caccf\Microsoft.PowerShell.Editor.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d659bc7dce6e73b36f5bb6ed60caccf\Microsoft.PowerShell.Editor.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\70eecb3c22ca6aa122b67547a9abd604\Microsoft.Office.Tools.Excel.v9.0.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\70eecb3c22ca6aa122b67547a9abd604\Microsoft.Office.Tools.Excel.v9.0.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 3235840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7931d5ff5c42d9fd577fbb1793cc6914\Microsoft.Office.BusinessData.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 3235840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7931d5ff5c42d9fd577fbb1793cc6914\Microsoft.Office.BusinessData.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ddf5b45effdcc461ade1bebf18397ed\Microsoft.MediaCenter.UI.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ddf5b45effdcc461ade1bebf18397ed\Microsoft.MediaCenter.UI.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f7c07195d1967d7cc102fa4e8a8b9251\Microsoft.JScript.ni.dll

- 2011-08-17 14:58 . 2011-08-17 14:58 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f7c07195d1967d7cc102fa4e8a8b9251\Microsoft.JScript.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\6f69588091b002fc0e8fc5682daf77af\Microsoft.Ink.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\6f69588091b002fc0e8fc5682daf77af\Microsoft.Ink.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cf25827006f4021a68411e023afa3b2c\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cf25827006f4021a68411e023afa3b2c\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\251635230ec27ea672ef0bfd1db926c2\Microsoft.Build.Tasks.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\251635230ec27ea672ef0bfd1db926c2\Microsoft.Build.Tasks.ni.dll

- 2011-08-17 14:51 . 2011-08-17 14:51 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e7e696376682ecf6d7a5522757ca790b\Microsoft.Build.Engine.ni.dll

+ 2011-09-18 12:00 . 2011-09-18 12:00 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e7e696376682ecf6d7a5522757ca790b\Microsoft.Build.Engine.ni.dll

+ 2006-11-02 12:33 . 2011-09-16 16:42 10899456 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2006-11-02 12:35 . 2011-09-16 02:32 47946184 c:\windows\system32\mrt.exe

+ 2011-07-21 16:36 . 2011-07-21 16:36 66808320 c:\windows\Installer\2202f5.msp

+ 2011-06-20 03:28 . 2011-06-20 03:28 18457088 c:\windows\Installer\2202b1.msp

+ 2011-05-19 03:06 . 2011-05-19 03:06 38672896 c:\windows\Installer\1310850.msp

+ 2010-03-13 04:05 . 2010-03-13 04:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARTCONV.DLL

+ 2010-03-13 19:08 . 2010-03-13 19:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OART.DLL

+ 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL

+ 2011-08-17 12:43 . 2011-08-17 12:43 10597888 c:\windows\assembly\temp\AP1EQ2FR3F\System.ni.dll

+ 2011-08-17 03:03 . 2011-08-17 03:03 15564800 c:\windows\assembly\temp\4GS4GR2EP0\mscorlib.ni.dll

+ 2011-09-17 23:16 . 2011-09-17 23:16 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\5034d5e3f1bf120d9e61e72be6b9b013\System.ni.dll

+ 2011-09-18 12:46 . 2011-09-18 12:46 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\65c3e4d26ac857162658b81b1efffb19\System.Windows.Forms.ni.dll

+ 2011-09-18 12:50 . 2011-09-18 12:50 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\48ed28e415c976c7adfb2c5ceeaeedb2\System.ServiceModel.ni.dll

+ 2011-09-18 12:48 . 2011-09-18 12:48 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\529f1a1a0f3e9e994eb3356b55924f3c\System.Data.Entity.ni.dll

+ 2011-09-18 12:31 . 2011-09-18 12:31 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\3c24931e3b4e97b6b49c4d459ba8c552\System.Core.ni.dll

+ 2011-09-18 12:45 . 2011-09-18 12:45 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0abeeb299ca73f7afc5312a00e0bf22\PresentationFramework.ni.dll

+ 2011-09-18 12:43 . 2011-09-18 12:43 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\de5aaef4bd369972fea5ba6ff7d3e264\PresentationCore.ni.dll

+ 2011-09-17 23:16 . 2011-09-17 23:16 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\8f7f691aa155c11216387cf3420d9d1b\mscorlib.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll

+ 2011-09-18 12:14 . 2011-09-18 12:14 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\56df5c322f32e926eb46047f65d0a357\System.ServiceModel.ni.dll

+ 2011-09-18 12:13 . 2011-09-18 12:13 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\093195c829c13c7ad35cb3ad43b52b6a\System.Data.Entity.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:18 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll

+ 2011-09-17 23:06 . 2011-09-17 23:06 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll

+ 2011-09-17 23:16 . 2011-09-17 23:16 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\b008f0ff2d87b56ea30f138e32aec2eb\System.ni.dll

- 2011-08-17 12:43 . 2011-08-17 12:43 10597888 c:\windows\assembly\NativeImages_v2.0.50727_64\System\b008f0ff2d87b56ea30f138e32aec2eb\System.ni.dll

- 2011-08-17 12:51 . 2011-08-17 12:51 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\db6376c76598554f7daee0e8accba1e6\System.Windows.Forms.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\db6376c76598554f7daee0e8accba1e6\System.Windows.Forms.ni.dll

- 2011-08-17 14:33 . 2011-08-17 14:33 15225856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\9f87d3f915300b5051f29bf76b3c1874\System.Web.ni.dll

+ 2011-09-18 12:17 . 2011-09-18 12:17 15225856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\9f87d3f915300b5051f29bf76b3c1874\System.Web.ni.dll

+ 2011-09-18 12:19 . 2011-09-18 12:19 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\e1c770109a7a73190440f600bcf205ee\System.ServiceModel.ni.dll

- 2011-08-17 14:34 . 2011-08-17 14:34 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\e1c770109a7a73190440f600bcf205ee\System.ServiceModel.ni.dll

- 2011-08-17 14:36 . 2011-08-17 14:36 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\9fc8a6b51c78cdcbb9ac8c1a4fcde9e0\System.Management.Automation.ni.dll

+ 2011-09-18 12:21 . 2011-09-18 12:21 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\9fc8a6b51c78cdcbb9ac8c1a4fcde9e0\System.Management.Automation.ni.dll

- 2011-08-17 12:51 . 2011-08-17 12:51 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\65bc655515d76c3b195cbc59cc9c033d\System.Design.ni.dll

+ 2011-09-18 12:18 . 2011-09-18 12:18 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\65bc655515d76c3b195cbc59cc9c033d\System.Design.ni.dll

+ 2011-09-18 12:26 . 2011-09-18 12:26 13780480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\c6390f1f63400cf2d423c634f08d710e\System.Data.Entity.ni.dll

- 2011-08-17 12:50 . 2011-08-17 12:50 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0663fb78a637caeb02ad253e76cdfd80\PresentationFramework.ni.dll

+ 2011-09-18 12:23 . 2011-09-18 12:23 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0663fb78a637caeb02ad253e76cdfd80\PresentationFramework.ni.dll

- 2011-08-17 12:49 . 2011-08-17 12:49 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\fc3d6eb248aee0bbcd2f8c686f73df78\PresentationCore.ni.dll

+ 2011-09-18 12:22 . 2011-09-18 12:22 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\fc3d6eb248aee0bbcd2f8c686f73df78\PresentationCore.ni.dll

- 2011-08-17 03:03 . 2011-08-17 03:03 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\ee787c7dd39d956a9fdeddc8b5fde80e\mscorlib.ni.dll

+ 2011-09-17 23:16 . 2011-09-17 23:16 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\ee787c7dd39d956a9fdeddc8b5fde80e\mscorlib.ni.dll

- 2011-08-17 14:35 . 2011-08-17 14:35 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\bb249c873f8577188d3922a092b8fa09\ehshell.ni.dll

+ 2011-09-18 12:20 . 2011-09-18 12:20 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\bb249c873f8577188d3922a092b8fa09\ehshell.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll

+ 2011-09-18 11:59 . 2011-09-18 11:59 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll

- 2011-08-17 14:50 . 2011-08-17 14:50 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll

+ 2011-09-18 11:58 . 2011-09-18 11:58 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7217cd3af229159188896c01174b11f9\System.Design.ni.dll

- 2011-08-17 12:56 . 2011-08-17 12:56 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7217cd3af229159188896c01174b11f9\System.Design.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll

+ 2011-09-18 12:02 . 2011-09-18 12:02 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll

+ 2011-09-18 12:01 . 2011-09-18 12:01 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll

- 2011-08-17 12:55 . 2011-08-17 12:55 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll

- 2011-08-17 03:05 . 2011-08-17 03:05 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll

+ 2011-09-17 23:18 . 2011-09-17 23:19 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll

+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\1310871.msp

Posted

Combofix 6

 

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]

2009-08-10 10:39 311808 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2010-12-6 217088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/24 04:04];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-07-26 20376]

S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2010-12-07 222720]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000Core.job

- c:\users\Wayne Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 00:09]

.

2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000UA.job

- c:\users\Wayne Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 00:09]

.

2011-09-16 c:\windows\Tasks\HPCeeScheduleForWayne Wagner.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-13 03:02]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 225816]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]

"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU]

"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Wayne Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\0b9wg7o0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Windows Live\Mesh\MOE.exe

c:\program files (x86)\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Completion time: 2011-09-18 09:07:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-18 13:07

ComboFix2.txt 2011-09-16 02:09

.

Pre-Run: 120,717,447,168 bytes free

Post-Run: 120,103,997,440 bytes free

.

- - End Of File - - EBB0718EAA536DAC78117A731D415F4D

Posted

Here it is. Thank you :)

 

ComboFix 11-09-15.05 - Wayne Wagner 09/15/2011 21:35:03.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.2076 [GMT -4:00]

Running from: c:\users\Wayne Wagner\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Wayne Wagner\14601180EN

c:\users\Wayne Wagner\14601180EN\Autorun.bmp

c:\users\Wayne Wagner\14601180EN\Autorun.exe

c:\users\Wayne Wagner\14601180EN\Autorun.ico

c:\users\Wayne Wagner\14601180EN\AUTORUN.INF

c:\users\Wayne Wagner\14601180EN\Readme.txt

c:\users\Wayne Wagner\14601180EN\Setup\1033.mst

c:\users\Wayne Wagner\14601180EN\Setup\db_pcc.dat

c:\users\Wayne Wagner\14601180EN\Setup\license.rtf

c:\users\Wayne Wagner\14601180EN\Setup\Module\ASPAList.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\ASPBList.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\aucfg.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\BinDT00.PDP

c:\users\Wayne Wagner\14601180EN\Setup\Module\BinDT01.PDP

c:\users\Wayne Wagner\14601180EN\Setup\Module\BinDT02.PDP

c:\users\Wayne Wagner\14601180EN\Setup\Module\BinDT03.PDP

c:\users\Wayne Wagner\14601180EN\Setup\Module\BinDT04.PDP

c:\users\Wayne Wagner\14601180EN\Setup\Module\BPM95.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\BPMNT.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\chksvr.bin

c:\users\Wayne Wagner\14601180EN\Setup\Module\DCE64\DceLog64.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\DCE64\tmvainfo.xml

c:\users\Wayne Wagner\14601180EN\Setup\Module\DCE64\TMVAmain.ptn

c:\users\Wayne Wagner\14601180EN\Setup\Module\DCE64\tsc.ptn

c:\users\Wayne Wagner\14601180EN\Setup\Module\DCE64\tsc64.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\DceLog32.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\Detect.gif

c:\users\Wayne Wagner\14601180EN\Setup\Module\dh1024.pem

c:\users\Wayne Wagner\14601180EN\Setup\Module\DLPccUtl.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\DnsAlt.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\DZIP32.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\Filter32.VXD

c:\users\Wayne Wagner\14601180EN\Setup\Module\GENKEY32.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\Help\tmhelp.chm

c:\users\Wayne Wagner\14601180EN\Setup\Module\Help\tmmain.chm

c:\users\Wayne Wagner\14601180EN\Setup\Module\hhupd.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\HosFList.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\hostexp.hsx

c:\users\Wayne Wagner\14601180EN\Setup\Module\HostFAlt.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\HostFErr.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\Http.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\HttpHosf.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\HttpPDP.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\HttpUErr.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\icudt18l.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\icuin18.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\icuuc18.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\ImPDP.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10N\extra.avi

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10N\FrameH.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10N\FrameR.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10N\FrameV.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10N\PphRes.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10N\tlphish.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10NCfwI.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10NPcc.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\L10NTmpx.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\libexpat.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\license.rtf

c:\users\Wayne Wagner\14601180EN\Setup\Module\LOADHTTP.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\MEMBOOT.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\NVAlert.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\OPID.bin

c:\users\Wayne Wagner\14601180EN\Setup\Module\Patch.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PATCHW32.DLL

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccAltUI.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccapl.xen

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCCBrows.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccCmd64.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccdesc.xen

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccEula.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccEula.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccguide.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccIeBar.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccillin.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCCIOMON.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\pcclient.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCClient.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccLog.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccmain.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccmain.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcCmdCom.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccMsi.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccntsec.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccPrf.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccprof.xen

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccRBMsg.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccrule.xen

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccScan.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcCtlCom.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcCtlPS.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcCtlSpy.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcCtlVA.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCCTool.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCCTool.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccTool.msi

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCCTSWin.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\pccupd.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccUpdSN.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccUpdUI.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccVaUI.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCCVScan.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccWscAS.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccWscAV.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PccWscFW.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcDce.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcSSE.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PcSSE64.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PCSSEItf.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\PDPAlt.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\PDPCfg.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PEW952.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PEWNT2.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0001.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0002.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0003.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0004.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0005.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0006.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0007.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0008.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0009.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl000A.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl000B.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl000C.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl000D.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl000E.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl000F.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0010.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0011.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0012.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0013.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0014.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0015.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0016.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0017.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0018.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRl0019.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\PFW\TmRulMas.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Pop3.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\PphEng.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\GUID.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00000.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00000.rul

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00001.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00001.rul

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00002.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00002.rul

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00003.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Profile\Prf00003.rul

c:\users\Wayne Wagner\14601180EN\Setup\Module\psapi.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\Public.pem

c:\users\Wayne Wagner\14601180EN\Setup\Module\Readme.txt

c:\users\Wayne Wagner\14601180EN\Setup\Module\Realtime.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\Region.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\remove.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\Rescue\DOS4GW.EXE

c:\users\Wayne Wagner\14601180EN\Setup\Module\Rescue\PCSCAN.DAT

c:\users\Wayne Wagner\14601180EN\Setup\Module\Rescue\pcscan.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\Rescue\Readme.txt

c:\users\Wayne Wagner\14601180EN\Setup\Module\Rescue\Rescue.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\Rescue\Rescue.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\Smtp.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\SmtpPDP.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\splash.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\SpyDlist.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\SpyElist.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\Spyware.htm

c:\users\Wayne Wagner\14601180EN\Setup\Module\ssapi32.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\SSAPI64.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\system.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC75.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC76.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC77.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC78.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC79.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC7A.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC7B.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\TASK\PCC7C.TSK

c:\users\Wayne Wagner\14601180EN\Setup\Module\tm_cfw.vxd

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMAS_Det.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMAS_Hlp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmAsEng.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmcfScan.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmCfwApi.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmdbg.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmdbg64.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmdp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmdp.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmdshell.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMEVENT.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmHash.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmMsg.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmNewML.txt

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMNotify.dat

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMNotify.set

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmntsrv.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMOACfg.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMOAgent.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpeASpm.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpeHosF.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpePDP.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpeUrlF.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpeVS.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmPfw.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmPfw.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmPfwApi.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmPfwHlp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmPfwLog.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmPfwRul.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmphAim.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmphHttp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmphIcq.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmphMsn.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmphPop3.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmphSMTP.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmpp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmpp.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmpp01.enc

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmpp01p.enc

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmpp02.enc

c:\users\Wayne Wagner\14601180EN\Setup\Module\Tmpp02p.enc

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmppRoot.pem

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmProxy.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmproxy.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmProxy.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpxCfg.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmpxHelp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmsmHttp.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmsmIm.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmsmMail.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmtdi.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmtdi.vxd

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmufeng.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmUins14.ini

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmUpdate.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmUtyPPI.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMVA64.ptn

c:\users\Wayne Wagner\14601180EN\Setup\Module\tmvainfo.xml

c:\users\Wayne Wagner\14601180EN\Setup\Module\TMVAmain.ptn

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmvDlg.dll

c:\users\Wayne Wagner\14601180EN\Setup\Module\TmWarn.txt

c:\users\Wayne Wagner\14601180EN\Setup\Module\TRIALMSG.bmp

c:\users\Wayne Wagner\14601180EN\Setup\Module\TRIALMSG.exe

c:\users\Wayne Wagner\14601180EN\Setup\Module\TrialMsg.ini

c:\users\Wayne Wagner\14601180EN\Tools\ncfg.exe

c:\users\Wayne Wagner\14601180EN\Tools\PCCTool.exe

c:\users\Wayne Wagner\14601180EN\Tools\PCCTool.ini

c:\users\Wayne Wagner\14601180EN\Tools\PccTool.msi

c:\users\Wayne Wagner\14601180EN\Tools\TmUins07.ini

c:\users\Wayne Wagner\14601180EN\Tools\TmUins08.ini

c:\users\Wayne Wagner\14601180EN\Tools\TmUins09.ini

c:\users\Wayne Wagner\14601180EN\Tools\TmUins10.ini

c:\users\Wayne Wagner\14601180EN\Tools\TmUins11.ini

c:\users\Wayne Wagner\14601180EN\Tools\TmUins12.ini

c:\users\Wayne Wagner\14601180EN\Tools\TmUins14.ini

c:\users\Wayne Wagner\AppData\Local\ApplicationHistory

c:\users\Wayne Wagner\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini

c:\users\Wayne Wagner\AppData\Local\ApplicationHistory\onplay.exe.9adb2018.ini

c:\users\Wayne Wagner\AppData\Local\ApplicationHistory\TurbineInvoker.exe.f5c5ef67.ini

c:\users\Wayne Wagner\AppData\Local\ApplicationHistory\TurbineLauncher.exe.247941db.ini

c:\windows\SysWow64\comct332.ocx

.

.

((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))

.

.

2011-09-16 01:54 . 2011-09-16 01:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-09-16 01:54 . 2011-09-16 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-16 00:49 . 2011-09-16 00:46 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-09-16 00:49 . 2011-09-16 00:49 -------- d-----w- c:\users\Wayne Wagner\AppData\Roaming\LaunchPad

2011-09-16 00:48 . 2011-09-16 00:46 3553280 ----a-w- c:\windows\system32\bcmihvui64.dll

2011-09-16 00:48 . 2011-09-16 00:46 2685432 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS

2011-09-16 00:43 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-16 00:42 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5098AB6-9A9F-4B32-BD07-13C08F96197E}\mpengine.dll

2011-09-15 12:06 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2011-09-08 12:20 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2427B391-6704-462D-A858-F05A02ACD766}\gapaengine.dll

2011-08-25 13:09 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-25 13:09 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-16 00:46 . 2009-05-24 10:36 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-09-16 00:46 . 2009-05-24 10:36 3888640 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2011-08-17 13:32 . 2011-05-13 10:00 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-05 10:02 . 2011-08-05 10:02 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-13 04:53 . 2011-07-28 16:57 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-06 23:52 . 2011-01-25 21:57 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-01-25 21:57 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 15:49 . 2011-08-17 01:54 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-20 08:45 . 2011-08-17 01:53 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]

2009-08-10 10:39 311808 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2010-12-6 217088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/24 04:04];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-07-26 20376]

S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2010-12-07 222720]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000Core.job

- c:\users\Wayne Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 00:09]

.

2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000UA.job

- c:\users\Wayne Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 00:09]

.

2011-09-16 c:\windows\Tasks\HPCeeScheduleForWayne Wagner.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-13 03:02]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 225816]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Wayne Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\0b9wg7o0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Windows Live\Mesh\MOE.exe

c:\program files (x86)\Windows Live\Contacts\wlcomm.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

c:\windows\SysWow64\Macromed\Flash\FlashUtil10c.exe

.

**************************************************************************

.

Completion time: 2011-09-15 22:09:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-16 02:09

.

Pre-Run: 116,770,082,816 bytes free

Post-Run: 119,469,006,848 bytes free

.

- - End Of File - - F6E278D09D6927B92AFECAF9A4CDA7E7

Posted

Hello, carolinejoy.

OK, nothing major...looks like a false positive in CF.

 

Let's clean up some of the orphaned entries and run two more scans. If these are clean, then malware is not the cause and we'll dig into non-malware issues.

 

 

P2P Warning and Request

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case FrostWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

 

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

 

 

Step 1

 

Install ERUNT

This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

 

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:

  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.

 

 

You'll see an ERUNT error every time you boot with Vista since it can't do the automatic backup. THat's OK since we just did a manual backup. Just ignore the error..it will go away when we are done and you uninstall ERUNT.

 

 

 

Step 2

 

Next, we need to update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 26 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 23
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.

 

 

 

 

Step 3

 

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

 

We need run an OTL Script

  1. Please download OTL from one of the following mirrors if you do not still have it.

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: No CLSID value found. File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:09B199F1
:Commands
[EmptyTemp]

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

 

 

 

Step 4

 

Please download aswMBR ( 511KB ) to your desktop.

  • Double click the aswMBR.exe icon to run it
  • It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

 

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

 

 

 

Step 5

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

 

etavares

Posted

OTL

 

I cut and paste this under custom scan/fix:

:OTL

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: No CLSID value found. File not found

O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found

O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:09B199F1

:Commands

[EmptyTemp]

 

I waited 1 hour and it states OTL (Not responding).

It states at the bottom:

Processing O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.

 

I tried 2x with the same result. I waited 1 hour each time. I did steps 1-2. I will proceed with the next few steps.

Posted

aswMBR.exe

 

I downloaded and ran this program. It updated itself but when I hit scan, my computer showed me a blue screen.

Something about: beginning physical dump.

 

I tried this 2x also with the same result.

Posted

Hi,

 

For the OTL, please run it without that one line:

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: No CLSID value found. File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:09B199F1
:Commands
[EmptyTemp]

 

For aswMBR, please follow my instructions exactly as above...if it asks to download the latest definitions, please select NO. It will Blue Screen every time if you let it do that and we don't need the extra scan. Say "no" and aswMBR will likely run fine.

 

THanks!

Posted

OTL, AVas and ESET

 

OTL:

I cut and paste the OTL, I ran the fix. It hanged up again. The only difference was all the browsers closed automatically after I ran it. But it stayed on "not responding" for about 30 minutes.

AVAS:

I ran this without the update. Once I hit scan, I got the blue screen again with the physical memory dump.

ESET:

I ran this overnight. I was unable to save the log file, since my room mate who lives with me thought I forgot to turn computer off, so she turned it off. I ran for about 8 hours she said with no threats found. If it saved the log file somewhere please let me know where to find it. Thank you for all your help.

Posted

Hello, carolinejoy.

 

Please try both again, but only after disabling Microsoft Security Essentials first. ANtiviruses will usually block our tools. If you had already disabled it before running the OTL fix and aswMBR before , just skip ahead. If it still won't work, please do the following instead:

 

 

 

 

Step 1

 

  1. Download TDSSKiller.exe and save it to your desktop.
  2. Double-click TDSSKiller.exe to run it.
  3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  4. Click Start scan and allow it to scan for Malicious objects.
  5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the logfile in your next reply

 

 

 

Step 2

 

 

Please run an OTL quick scan and post the resulting log.

 

etavares

Posted

TDS

09:00:02.0982 4544 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

09:00:03.0352 4544 ============================================================

09:00:03.0353 4544 Current date / time: 2011/09/25 09:00:03.0352

09:00:03.0353 4544 SystemInfo:

09:00:03.0353 4544

09:00:03.0353 4544 OS Version: 6.0.6002 ServicePack: 2.0

09:00:03.0353 4544 Product type: Workstation

09:00:03.0353 4544 ComputerName: WAYNEWAGNER-PC

09:00:03.0353 4544 UserName: Wayne Wagner

09:00:03.0353 4544 Windows directory: C:\Windows

09:00:03.0353 4544 System windows directory: C:\Windows

09:00:03.0353 4544 Running under WOW64

09:00:03.0353 4544 Processor architecture: Intel x64

09:00:03.0353 4544 Number of processors: 2

09:00:03.0353 4544 Page size: 0x1000

09:00:03.0353 4544 Boot type: Normal boot

09:00:03.0353 4544 ============================================================

09:00:07.0364 4544 Initialize success

09:00:28.0453 4360 ============================================================

09:00:28.0453 4360 Scan started

09:00:28.0453 4360 Mode: Manual;

09:00:28.0453 4360 ============================================================

09:00:32.0870 4360 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys

09:00:32.0871 4360 Accelerometer - ok

09:00:33.0268 4360 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

09:00:33.0280 4360 ACPI - ok

09:00:33.0560 4360 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

09:00:33.0562 4360 adfs - ok

09:00:33.0728 4360 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

09:00:33.0918 4360 adp94xx - ok

09:00:34.0053 4360 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

09:00:34.0060 4360 adpahci - ok

09:00:34.0575 4360 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

09:00:34.0579 4360 adpu160m - ok

09:00:35.0273 4360 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

09:00:35.0278 4360 adpu320 - ok

09:00:35.0673 4360 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

09:00:35.0774 4360 AFD - ok

09:00:36.0329 4360 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys

09:00:36.0557 4360 AgereSoftModem - ok

09:00:36.0811 4360 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

09:00:36.0820 4360 agp440 - ok

09:00:37.0203 4360 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

09:00:37.0205 4360 aic78xx - ok

09:00:37.0616 4360 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys

09:00:37.0617 4360 aliide - ok

09:00:38.0061 4360 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys

09:00:38.0062 4360 amdide - ok

09:00:38.0358 4360 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

09:00:38.0366 4360 AmdK8 - ok

09:00:38.0520 4360 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

09:00:38.0528 4360 arc - ok

09:00:38.0699 4360 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

09:00:38.0701 4360 arcsas - ok

09:00:38.0894 4360 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

09:00:38.0898 4360 AsyncMac - ok

09:00:38.0972 4360 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

09:00:38.0973 4360 atapi - ok

09:00:39.0379 4360 BCM43XX (eef98ddd0fc6a5da452eb8120d57ce44) C:\Windows\system32\DRIVERS\bcmwl664.sys

09:00:39.0403 4360 BCM43XX - ok

09:00:39.0413 4360 Beep - ok

09:00:39.0646 4360 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

09:00:39.0648 4360 blbdrive - ok

09:00:39.0681 4360 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

09:00:39.0684 4360 bowser - ok

09:00:39.0737 4360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

09:00:39.0742 4360 BrFiltLo - ok

09:00:39.0759 4360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

09:00:39.0761 4360 BrFiltUp - ok

09:00:39.0824 4360 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

09:00:39.0831 4360 Brserid - ok

09:00:39.0843 4360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

09:00:39.0876 4360 BrSerWdm - ok

09:00:39.0945 4360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

09:00:39.0947 4360 BrUsbMdm - ok

09:00:39.0981 4360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

09:00:39.0983 4360 BrUsbSer - ok

09:00:40.0053 4360 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

09:00:40.0056 4360 BTHMODEM - ok

09:00:40.0064 4360 catchme - ok

09:00:40.0205 4360 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

09:00:40.0208 4360 cdfs - ok

09:00:40.0263 4360 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

09:00:40.0265 4360 cdrom - ok

09:00:40.0349 4360 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

09:00:40.0357 4360 circlass - ok

09:00:40.0429 4360 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

09:00:40.0438 4360 CLFS - ok

09:00:40.0516 4360 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

09:00:40.0528 4360 CmBatt - ok

09:00:40.0609 4360 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys

09:00:40.0610 4360 cmdide - ok

09:00:40.0644 4360 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

09:00:40.0645 4360 Compbatt - ok

09:00:40.0685 4360 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

09:00:40.0686 4360 crcdisk - ok

09:00:40.0842 4360 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

09:00:40.0846 4360 DfsC - ok

09:00:41.0027 4360 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

09:00:41.0031 4360 disk - ok

09:00:41.0184 4360 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

09:00:41.0194 4360 drmkaud - ok

09:00:41.0478 4360 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

09:00:41.0487 4360 DXGKrnl - ok

09:00:41.0627 4360 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

09:00:41.0631 4360 E1G60 - ok

09:00:42.0148 4360 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

09:00:42.0152 4360 Ecache - ok

09:00:42.0768 4360 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

09:00:42.0885 4360 elxstor - ok

09:00:43.0328 4360 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys

09:00:43.0333 4360 enecir - ok

09:00:43.0695 4360 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

09:00:43.0697 4360 ErrDev - ok

09:00:43.0970 4360 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

09:00:44.0081 4360 exfat - ok

09:00:44.0930 4360 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

09:00:44.0938 4360 fastfat - ok

09:00:45.0725 4360 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

09:00:45.0826 4360 fdc - ok

09:00:45.0894 4360 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

09:00:45.0903 4360 FileInfo - ok

09:00:45.0915 4360 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

09:00:45.0917 4360 Filetrace - ok

09:00:45.0938 4360 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

09:00:45.0939 4360 flpydisk - ok

09:00:46.0286 4360 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

09:00:46.0514 4360 FltMgr - ok

09:00:47.0629 4360 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

09:00:47.0638 4360 Fs_Rec - ok

09:00:47.0879 4360 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

09:00:47.0887 4360 gagp30kx - ok

09:00:48.0075 4360 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

09:00:48.0221 4360 HdAudAddService - ok

09:00:48.0843 4360 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:00:48.0987 4360 HDAudBus - ok

09:00:50.0004 4360 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

09:00:50.0006 4360 HidBth - ok

09:00:50.0225 4360 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

09:00:50.0234 4360 HidIr - ok

09:00:50.0763 4360 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

09:00:50.0766 4360 HidUsb - ok

09:00:51.0011 4360 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

09:00:51.0013 4360 HpCISSs - ok

09:00:51.0265 4360 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys

09:00:51.0266 4360 hpdskflt - ok

09:00:51.0411 4360 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

09:00:51.0432 4360 HpqKbFiltr - ok

09:00:51.0615 4360 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

09:00:51.0637 4360 HTTP - ok

09:00:51.0761 4360 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

09:00:51.0766 4360 i2omp - ok

09:00:51.0875 4360 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

09:00:51.0896 4360 i8042prt - ok

09:00:52.0004 4360 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

09:00:52.0041 4360 iaStorV - ok

09:00:53.0115 4360 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys

09:00:53.0389 4360 igfx - ok

09:00:53.0829 4360 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

09:00:53.0838 4360 iirsp - ok

09:00:54.0201 4360 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys

09:00:54.0209 4360 IntcHdmiAddService - ok

09:00:54.0857 4360 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys

09:00:54.0858 4360 intelide - ok

09:00:55.0001 4360 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

09:00:55.0003 4360 intelppm - ok

09:00:55.0410 4360 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:00:55.0414 4360 IpFilterDriver - ok

09:00:55.0851 4360 IpInIp - ok

09:00:56.0002 4360 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

09:00:56.0006 4360 IPMIDRV - ok

09:00:56.0071 4360 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

09:00:56.0076 4360 IPNAT - ok

09:00:56.0699 4360 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

09:00:56.0705 4360 IRENUM - ok

09:00:57.0158 4360 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

09:00:57.0159 4360 isapnp - ok

09:00:57.0502 4360 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

09:00:57.0504 4360 iScsiPrt - ok

09:00:58.0294 4360 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

09:00:58.0297 4360 iteatapi - ok

09:00:58.0475 4360 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

09:00:58.0476 4360 iteraid - ok

09:00:58.0582 4360 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

09:00:58.0583 4360 kbdclass - ok

09:00:58.0634 4360 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

09:00:58.0636 4360 kbdhid - ok

09:00:58.0789 4360 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

09:00:58.0937 4360 KSecDD - ok

09:00:59.0263 4360 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

09:00:59.0267 4360 ksthunk - ok

09:00:59.0341 4360 Lbd - ok

09:00:59.0488 4360 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

09:00:59.0490 4360 lltdio - ok

09:00:59.0670 4360 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

09:00:59.0673 4360 LSI_FC - ok

09:00:59.0727 4360 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

09:00:59.0732 4360 LSI_SAS - ok

09:00:59.0744 4360 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

09:00:59.0748 4360 LSI_SCSI - ok

09:00:59.0785 4360 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

09:00:59.0789 4360 luafv - ok

09:00:59.0833 4360 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

09:00:59.0837 4360 megasas - ok

09:00:59.0939 4360 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

09:01:00.0058 4360 MegaSR - ok

09:01:00.0523 4360 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

09:01:00.0532 4360 Modem - ok

09:01:00.0846 4360 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

09:01:00.0847 4360 monitor - ok

09:01:00.0967 4360 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

09:01:00.0968 4360 mouclass - ok

09:01:01.0316 4360 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

09:01:01.0320 4360 mouhid - ok

09:01:01.0481 4360 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

09:01:01.0484 4360 MountMgr - ok

09:01:01.0717 4360 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

09:01:01.0719 4360 MpFilter - ok

09:01:01.0817 4360 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

09:01:01.0821 4360 mpio - ok

09:01:01.0860 4360 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

09:01:01.0861 4360 MpNWMon - ok

09:01:01.0893 4360 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

09:01:01.0896 4360 mpsdrv - ok

09:01:01.0932 4360 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

09:01:01.0934 4360 Mraid35x - ok

09:01:02.0052 4360 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

09:01:02.0056 4360 MRxDAV - ok

09:01:02.0498 4360 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:01:02.0502 4360 mrxsmb - ok

09:01:02.0763 4360 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:01:02.0832 4360 mrxsmb10 - ok

09:01:02.0968 4360 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:01:02.0971 4360 mrxsmb20 - ok

09:01:03.0231 4360 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

09:01:03.0233 4360 msahci - ok

09:01:03.0342 4360 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

09:01:03.0435 4360 msdsm - ok

09:01:03.0701 4360 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

09:01:03.0703 4360 Msfs - ok

09:01:03.0827 4360 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

09:01:03.0828 4360 msisadrv - ok

09:01:03.0921 4360 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

09:01:03.0923 4360 MSKSSRV - ok

09:01:03.0994 4360 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

09:01:03.0998 4360 MSPCLOCK - ok

09:01:04.0222 4360 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

09:01:04.0227 4360 MSPQM - ok

09:01:04.0294 4360 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

09:01:04.0451 4360 MsRPC - ok

09:01:04.0571 4360 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

09:01:04.0572 4360 mssmbios - ok

09:01:04.0592 4360 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

09:01:04.0599 4360 MSTEE - ok

09:01:04.0639 4360 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

09:01:04.0641 4360 Mup - ok

09:01:04.0685 4360 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

09:01:04.0690 4360 NativeWifiP - ok

09:01:04.0759 4360 NAVENG - ok

09:01:04.0768 4360 NAVEX15 - ok

09:01:04.0941 4360 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

09:01:05.0252 4360 NDIS - ok

09:01:05.0516 4360 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

09:01:05.0523 4360 NdisTapi - ok

09:01:05.0823 4360 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

09:01:05.0826 4360 Ndisuio - ok

09:01:06.0371 4360 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

09:01:06.0380 4360 NdisWan - ok

09:01:06.0600 4360 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

09:01:06.0606 4360 NDProxy - ok

09:01:06.0674 4360 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

09:01:06.0677 4360 NetBIOS - ok

09:01:06.0765 4360 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

09:01:06.0771 4360 netbt - ok

09:01:07.0459 4360 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys

09:01:07.0582 4360 NETw3v64 - ok

09:01:08.0115 4360 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

09:01:08.0118 4360 nfrd960 - ok

09:01:08.0671 4360 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

09:01:08.0672 4360 NisDrv - ok

09:01:09.0983 4360 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

09:01:09.0987 4360 Npfs - ok

09:01:10.0360 4360 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

09:01:10.0368 4360 nsiproxy - ok

09:01:11.0033 4360 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

09:01:11.0636 4360 Ntfs - ok

09:01:12.0184 4360 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

09:01:12.0186 4360 Null - ok

09:01:12.0507 4360 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

09:01:12.0511 4360 nvraid - ok

09:01:12.0716 4360 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

09:01:12.0726 4360 nvstor - ok

09:01:13.0001 4360 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

09:01:13.0013 4360 nv_agp - ok

09:01:13.0178 4360 NwlnkFlt - ok

09:01:13.0353 4360 NwlnkFwd - ok

09:01:13.0448 4360 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

09:01:13.0452 4360 ohci1394 - ok

09:01:13.0579 4360 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

09:01:13.0583 4360 Parport - ok

09:01:13.0653 4360 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

09:01:13.0659 4360 partmgr - ok

09:01:14.0006 4360 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

09:01:14.0010 4360 pci - ok

09:01:14.0346 4360 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys

09:01:14.0347 4360 pciide - ok

09:01:14.0945 4360 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

09:01:15.0169 4360 pcmcia - ok

09:01:15.0455 4360 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

09:01:16.0138 4360 PEAUTH - ok

09:01:17.0435 4360 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

09:01:17.0441 4360 PptpMiniport - ok

09:01:18.0152 4360 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

09:01:18.0159 4360 Processor - ok

09:01:18.0543 4360 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

09:01:18.0551 4360 PSched - ok

09:01:18.0864 4360 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys

09:01:18.0867 4360 PxHlpa64 - ok

09:01:19.0170 4360 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

09:01:19.0241 4360 ql2300 - ok

09:01:19.0510 4360 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

09:01:19.0514 4360 ql40xx - ok

09:01:19.0543 4360 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

09:01:19.0545 4360 QWAVEdrv - ok

09:01:19.0567 4360 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

09:01:19.0574 4360 RasAcd - ok

09:01:19.0662 4360 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:01:19.0672 4360 Rasl2tp - ok

09:01:19.0905 4360 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

09:01:19.0916 4360 RasPppoe - ok

09:01:20.0320 4360 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

09:01:20.0440 4360 RasSstp - ok

09:01:20.0500 4360 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

09:01:20.0512 4360 rdbss - ok

09:01:20.0681 4360 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:01:20.0685 4360 RDPCDD - ok

09:01:20.0759 4360 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

09:01:20.0859 4360 rdpdr - ok

09:01:20.0874 4360 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

09:01:20.0875 4360 RDPENCDD - ok

09:01:20.0991 4360 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

09:01:21.0000 4360 RDPWD - ok

09:01:21.0565 4360 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

09:01:21.0571 4360 rspndr - ok

09:01:21.0849 4360 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys

09:01:21.0855 4360 RTL8169 - ok

09:01:22.0135 4360 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS

09:01:22.0140 4360 RTSTOR - ok

09:01:22.0345 4360 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

09:01:22.0349 4360 sbp2port - ok

09:01:22.0400 4360 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

09:01:22.0404 4360 sdbus - ok

09:01:22.0443 4360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:01:22.0450 4360 secdrv - ok

09:01:22.0535 4360 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

09:01:22.0538 4360 Serenum - ok

09:01:22.0662 4360 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

09:01:22.0673 4360 Serial - ok

09:01:22.0686 4360 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

09:01:22.0688 4360 sermouse - ok

09:01:22.0725 4360 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

09:01:22.0727 4360 sffdisk - ok

09:01:22.0745 4360 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

09:01:22.0749 4360 sffp_mmc - ok

09:01:22.0765 4360 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

09:01:22.0768 4360 sffp_sd - ok

09:01:22.0785 4360 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

09:01:22.0786 4360 sfloppy - ok

09:01:22.0879 4360 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

09:01:22.0881 4360 SiSRaid2 - ok

09:01:22.0902 4360 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

09:01:22.0905 4360 SiSRaid4 - ok

09:01:23.0020 4360 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

09:01:23.0026 4360 Smb - ok

09:01:23.0221 4360 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

09:01:23.0222 4360 spldr - ok

09:01:23.0238 4360 SRTSP - ok

09:01:23.0256 4360 SRTSPX - ok

09:01:23.0597 4360 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

09:01:23.0756 4360 srv - ok

09:01:23.0884 4360 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

09:01:23.0889 4360 srv2 - ok

09:01:24.0010 4360 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

09:01:24.0014 4360 srvnet - ok

09:01:24.0581 4360 STHDA (0c2bf91cdc0575f5713a4d2d5118bc06) C:\Windows\system32\DRIVERS\stwrt64.sys

09:01:24.0702 4360 STHDA - ok

09:01:25.0077 4360 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

09:01:25.0083 4360 StillCam - ok

09:01:25.0482 4360 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

09:01:25.0483 4360 swenum - ok

09:01:25.0707 4360 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

09:01:25.0796 4360 Symc8xx - ok

09:01:25.0843 4360 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

09:01:25.0848 4360 Sym_hi - ok

09:01:25.0861 4360 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

09:01:25.0863 4360 Sym_u3 - ok

09:01:26.0043 4360 SynTP (5bfcf934891022e15404befe0f5ece9f) C:\Windows\system32\DRIVERS\SynTP.sys

09:01:26.0046 4360 SynTP - ok

09:01:26.0467 4360 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys

09:01:26.0728 4360 Tcpip - ok

09:01:27.0409 4360 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys

09:01:27.0422 4360 Tcpip6 - ok

09:01:27.0624 4360 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys

09:01:27.0630 4360 tcpipreg - ok

09:01:27.0801 4360 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

09:01:27.0803 4360 TDPIPE - ok

09:01:27.0835 4360 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

09:01:27.0838 4360 TDTCP - ok

09:01:27.0886 4360 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

09:01:27.0892 4360 tdx - ok

09:01:28.0180 4360 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

09:01:28.0181 4360 TermDD - ok

09:01:28.0540 4360 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:01:28.0544 4360 tssecsrv - ok

09:01:28.0573 4360 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

09:01:28.0586 4360 tunmp - ok

09:01:28.0755 4360 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

09:01:28.0759 4360 tunnel - ok

09:01:28.0857 4360 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

09:01:28.0869 4360 uagp35 - ok

09:01:29.0267 4360 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

09:01:29.0296 4360 udfs - ok

09:01:29.0846 4360 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

09:01:29.0849 4360 uliagpkx - ok

09:01:30.0240 4360 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

09:01:30.0248 4360 uliahci - ok

09:01:30.0370 4360 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

09:01:30.0375 4360 UlSata - ok

09:01:30.0641 4360 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

09:01:30.0647 4360 ulsata2 - ok

09:01:30.0946 4360 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

09:01:31.0067 4360 umbus - ok

09:01:31.0392 4360 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys

09:01:31.0399 4360 USBAAPL64 - ok

09:01:31.0572 4360 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

09:01:31.0577 4360 usbaudio - ok

09:01:31.0798 4360 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

09:01:31.0812 4360 usbccgp - ok

09:01:32.0066 4360 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

09:01:32.0070 4360 usbcir - ok

09:01:32.0199 4360 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

09:01:32.0204 4360 usbehci - ok

09:01:32.0358 4360 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

09:01:32.0465 4360 usbhub - ok

09:01:32.0681 4360 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

09:01:32.0687 4360 usbohci - ok

09:01:32.0771 4360 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

09:01:32.0783 4360 usbprint - ok

09:01:32.0968 4360 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

09:01:33.0080 4360 usbscan - ok

09:01:33.0289 4360 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:01:33.0294 4360 USBSTOR - ok

09:01:33.0597 4360 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

09:01:33.0601 4360 usbuhci - ok

09:01:33.0973 4360 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

09:01:33.0979 4360 usbvideo - ok

09:01:34.0486 4360 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

09:01:34.0493 4360 vga - ok

09:01:34.0768 4360 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

09:01:34.0773 4360 VgaSave - ok

09:01:34.0856 4360 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys

09:01:34.0857 4360 viaide - ok

09:01:35.0042 4360 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

09:01:35.0051 4360 volmgr - ok

09:01:35.0900 4360 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

09:01:35.0923 4360 volmgrx - ok

09:01:36.0342 4360 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

09:01:36.0348 4360 volsnap - ok

09:01:36.0562 4360 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

09:01:36.0576 4360 vsmraid - ok

09:01:36.0693 4360 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

09:01:36.0706 4360 WacomPen - ok

09:01:36.0853 4360 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:01:36.0865 4360 Wanarp - ok

09:01:36.0965 4360 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:01:36.0966 4360 Wanarpv6 - ok

09:01:37.0593 4360 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

09:01:37.0594 4360 Wd - ok

09:01:37.0978 4360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:01:38.0101 4360 Wdf01000 - ok

09:01:38.0749 4360 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys

09:01:38.0757 4360 WinUSB - ok

09:01:38.0953 4360 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:01:38.0954 4360 WmiAcpi - ok

09:01:39.0282 4360 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

09:01:39.0290 4360 WpdUsb - ok

09:01:39.0524 4360 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

09:01:39.0530 4360 ws2ifsl - ok

09:01:39.0745 4360 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

09:01:39.0835 4360 WudfPf - ok

09:01:39.0858 4360 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:01:39.0864 4360 WUDFRd - ok

09:01:39.0937 4360 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys

09:01:40.0037 4360 yukonx64 - ok

09:01:40.0408 4360 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

09:01:40.0410 4360 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok

09:01:40.0481 4360 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0

09:01:40.0491 4360 \Device\Harddisk0\DR0 - ok

09:01:40.0618 4360 Boot (0x1200) (e68f655e11e37fbcf682881cca684263) \Device\Harddisk0\DR0\Partition0

09:01:40.0625 4360 \Device\Harddisk0\DR0\Partition0 - ok

09:01:40.0711 4360 Boot (0x1200) (8c2d370cadb49e090423dca14caa457d) \Device\Harddisk0\DR0\Partition1

09:01:40.0713 4360 \Device\Harddisk0\DR0\Partition1 - ok

09:01:40.0714 4360 ============================================================

09:01:40.0714 4360 Scan finished

09:01:40.0714 4360 ============================================================

09:01:40.0736 3456 Detected object count: 0

09:01:40.0736 3456 Actual detected object count: 0

Posted

OTL

 

OTL logfile created on: 9/25/2011 9:03:56 AM - Run 2

OTL by OldTimer - Version 3.2.28.0 Folder = c:\users\Wayne Wagner\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.93 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 46.85% Memory free

8.04 Gb Paging File | 5.68 Gb Available in Paging File | 70.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.51 Gb Total Space | 146.74 Gb Free Space | 51.40% Space Free | Partition Type: NTFS

Drive D: | 12.58 Gb Total Space | 1.36 Gb Free Space | 10.79% Space Free | Partition Type: NTFS

 

Computer Name: WAYNEWAGNER-PC | User Name: Wayne Wagner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - c:\Users\Wayne Wagner\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)

PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()

PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()

PRC - C:\Program Files (x86)\SMINST\BLService.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5e58f10757c91da0ac05161ca8e11e8b\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f2d2ebc3015150594787564a55d5abe9\System.EnterpriseServices.Wrapper.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()

MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe (IDT, Inc.)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)

SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()

SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()

SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)

DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)

DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)

DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)

DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Wayne Wagner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Wayne Wagner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wayne Wagner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wayne Wagner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 14:48:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 21:08:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/20 18:07:00 | 000,000,000 | ---D | M]

 

[2011/09/20 17:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/11 20:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/07 21:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/12/02 19:53:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/09/20 17:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI

[2010/05/15 17:36:38 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\RUNTIME@PANDA3D.ORG

[2011/09/24 14:00:27 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\USERS\WAYNE WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0B9WG7O0.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM

[2011/09/08 21:08:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/09/20 17:25:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/23 06:39:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

 

O1 HOSTS File: ([2011/09/18 08:58:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - Startup: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529F36CD-FA73-44CD-A7AF-1B5A972A52DA}: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2370A83-364F-4105-905A-275EB21DFC24}: DhcpNameServer = 167.206.254.1 167.206.254.2

O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/09/25 09:00:03 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\75578800.sys

[2011/09/24 06:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

[2011/09/20 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/09/20 18:07:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011/09/20 17:29:45 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/09/20 17:29:45 | 000,000,000 | ---D | C] -- \_OTL

[2011/09/20 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/09/20 17:25:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/09/20 17:25:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/09/20 17:25:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/09/20 17:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2011/09/20 17:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011/09/20 17:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2011/09/20 07:32:58 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{55661649-9373-4CCC-9FB6-45B80CCFBED6}

[2011/09/20 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{7B5CAF99-14CC-4AE3-B622-F4A24BEFA21F}

[2011/09/19 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{98D8F728-32BA-4300-BD38-1F37316450FB}

[2011/09/19 17:21:19 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{00DC15CA-088C-4579-9B8B-09F43F9C45D8}

[2011/09/18 19:54:55 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{45DA4A91-C8CC-4A8B-9D79-E5D79DA2B02D}

[2011/09/18 19:54:43 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{600488DC-60D6-473E-BBFD-20C1163BA36C}

[2011/09/18 08:59:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/09/18 08:59:16 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN

[2011/09/18 07:53:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{75C6A650-A699-4563-852C-4D73DAF7566B}

[2011/09/18 07:53:37 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{FFB76197-13EB-4C8A-8684-9FDCE41F87F1}

[2011/09/17 05:32:33 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{C17949C3-9255-4E27-B609-B1E87357FFA7}

[2011/09/17 05:32:17 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{768BE449-5EE2-48D7-A20A-A2ED3C13B9F6}

[2011/09/16 10:06:15 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{54F0C0D5-8BB2-4850-8956-0B127916522D}

[2011/09/16 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{991CB3BD-4EE2-44C0-9474-DD88BD5F8C7D}

[2011/09/15 21:25:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/09/15 21:25:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/09/15 21:25:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/09/15 21:25:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/15 21:25:06 | 000,000,000 | ---D | C] -- \Qoobox

[2011/09/15 20:48:55 | 003,553,280 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll

[2011/09/15 20:48:29 | 002,685,432 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS

[2011/09/15 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2B6AE6AD-0FB7-4689-831B-DBA92883F3BF}

[2011/09/15 20:17:24 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{AD30860F-AEC0-4D79-B60F-E0636BF68D1E}

[2011/09/15 08:06:08 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll

[2011/09/15 07:45:14 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{9E1F420B-67E2-464B-9ECA-98785D86E76A}

[2011/09/15 07:45:01 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{28DE3E36-DAEC-403C-8153-D321E577119A}

[2011/09/13 08:20:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{142A6C4B-6501-420C-947F-A3E5C1C03F53}

[2011/09/13 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{F3E738D9-40A9-49A7-98FB-583D8A7D7ED2}

[2011/09/12 20:19:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2C981927-0C38-4490-A4E3-86650EAFBC5E}

[2011/09/12 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{AAA8F85B-E477-431B-A1F2-F4A9D83405FB}

[2011/09/11 09:15:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{CD1A7517-DAF9-48F5-8537-8C13370287B3}

[2011/09/11 09:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{5EE2974A-69FB-43A0-86DF-069FEB1D5323}

[2011/09/10 15:37:25 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{956C72E8-230A-4196-8FA7-69B78A3D6092}

[2011/09/10 15:37:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{B877ABA4-1842-48CC-897F-9AB80F4550AA}

[2011/09/08 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{A8671E86-E5D5-469A-937D-5460EF1F5623}

[2011/09/08 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8BAFDDC9-305E-462C-AE04-4A398DCD3B6E}

[2011/09/08 08:09:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{0F4F544F-9D12-4D38-9BA5-83AE8B01E786}

[2011/09/08 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{0D1F9A44-34DD-4460-811F-32FFD0134EDD}

[2011/09/06 21:08:01 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{D77B1119-8CBE-4920-8A1B-D1F51C92C19B}

[2011/09/06 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8B869901-0C93-400D-AD92-32FE2F8DE134}

[2011/09/06 08:36:28 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2A7D4682-FE9C-40BB-9F6B-4A706068A2DD}

[2011/09/06 08:36:15 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{770FFAA8-E44B-47BF-8658-66661F169EAE}

[2011/09/05 20:35:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{142E2FDA-26FC-4EE1-BAD4-AA81A427C23A}

[2011/09/05 08:35:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8BCCB06A-8449-4708-A519-36271E982ED3}

[2011/09/05 08:34:59 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{AEB649FD-A761-4303-A666-0982AF42C413}

[2011/09/04 20:34:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{98695C13-74E9-4170-A372-F8B2C230C6B6}

[2011/09/04 20:33:25 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{184E568F-8B63-4115-A327-1E2939C3D293}

[2011/09/04 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8B807566-38C2-4BE2-9764-9516DB4557CA}

[2011/09/04 08:23:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{4AAF2909-7970-4603-B35C-0010C186D09E}

[2011/09/03 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{1FD261FB-6E73-419E-A610-D66E9972F1BC}

[2011/09/03 15:27:13 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8FB29E94-13D2-4289-AE8B-007CA53A59B9}

[2011/09/01 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{2DDE5E99-1AB3-43F9-8A75-CEEF1C7EA1A0}

[2011/09/01 21:25:21 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{7F73F182-1126-42BF-9311-B4FE780EACE0}

[2011/09/01 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{854D5223-67A6-4375-BC3D-EA83F989E2E8}

[2011/09/01 07:58:19 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{3960B3E3-DD2A-47CC-B1A0-E911825B5504}

[2011/08/31 18:40:03 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{656A631A-1CFC-40D1-874C-D14179ACD56C}

[2011/08/31 18:39:48 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{BA0C3CF1-9D0C-4E06-800C-61984F3BA65D}

[2011/08/30 20:00:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{8CCC98B6-6FC4-485A-9CE6-4D35FE078F1C}

[2011/08/30 20:00:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{47202C4A-4FD9-4D6B-BD3F-BECD82F93B74}

[2011/08/30 07:59:56 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{339416B4-6C20-42E3-BB90-F41350FD8611}

[2011/08/30 07:59:23 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{3AF33E5D-B8A0-4E6A-B4A6-8D911595232E}

[2011/08/29 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{7BB87FE5-A806-4CA1-9342-B5177282517D}

[2011/08/29 09:47:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{30592DDF-12D3-4BE0-B290-549EB5A2B78D}

[2011/08/28 07:57:16 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{EDA08DB6-BEAB-430C-8813-AF3498A61905}

[2011/08/28 07:57:00 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{304846A3-2493-47D9-AC06-BE44D6543804}

[2011/08/27 13:34:52 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{3C602512-4630-482D-9A93-BAEB218782C5}

[2011/08/27 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{26D4CBB2-7223-4836-9F8E-1B871CA591D9}

[2011/08/26 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{F3C91668-E0A6-43D8-A6BE-E6592A14D62C}

[2011/08/26 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Wayne Wagner\AppData\Local\{DA5022EA-E336-4A28-9E19-58927DA0C672}

 

========== Files - Modified Within 30 Days ==========

 

[2011/09/25 09:03:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000UA.job

[2011/09/25 09:00:03 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\75578800.sys

[2011/09/25 08:44:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/25 08:44:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/25 08:44:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/25 08:44:23 | 4222,820,352 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/24 14:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1463916579-3978265779-3180963287-1000Core.job

[2011/09/24 06:39:08 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

[2011/09/22 14:20:19 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2011/09/22 13:26:46 | 471,517,233 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/09/20 17:25:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/09/20 17:25:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/09/20 17:25:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/09/20 17:25:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2011/09/20 17:14:11 | 000,000,943 | ---- | M] () -- C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2011/09/20 17:14:05 | 000,000,763 | ---- | M] () -- C:\Users\Wayne Wagner\Desktop\NTREGOPT.lnk

[2011/09/20 17:14:05 | 000,000,744 | ---- | M] () -- C:\Users\Wayne Wagner\Desktop\ERUNT.lnk

[2011/09/18 08:58:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/09/17 19:11:55 | 000,741,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/09/17 19:11:55 | 000,619,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/09/17 19:11:55 | 000,111,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/09/15 21:08:39 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWayne Wagner.job

[2011/09/15 20:52:02 | 000,997,978 | ---- | M] () -- C:\Windows\SysNative\oem32.inf

[2011/09/15 20:46:18 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll

[2011/09/15 20:46:11 | 002,685,432 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS

[2011/09/15 20:46:11 | 000,095,472 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll

[2011/09/15 20:46:08 | 003,888,640 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll

[2011/09/15 20:46:08 | 003,553,280 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll

[2011/09/06 11:18:50 | 000,124,416 | ---- | M] () -- C:\Users\Wayne Wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/31 19:58:27 | 000,002,637 | ---- | M] () -- C:\Users\Wayne Wagner\Desktop\Microsoft Word 2010.lnk

[2011/08/29 10:38:40 | 000,237,836 | ---- | M] () -- C:\Users\Wayne Wagner\Documents\david celis inital C4.pdf

[2011/08/28 10:29:54 | 024,256,302 | ---- | M] () -- C:\Users\Wayne Wagner\angelica letter.bmp

 

========== Files Created - No Company Name ==========

 

[2011/09/20 18:07:01 | 471,517,233 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/09/20 17:14:11 | 000,000,943 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2011/09/20 17:14:05 | 000,000,763 | ---- | C] () -- C:\Users\Wayne Wagner\Desktop\NTREGOPT.lnk

[2011/09/20 17:14:05 | 000,000,744 | ---- | C] () -- C:\Users\Wayne Wagner\Desktop\ERUNT.lnk

[2011/09/15 21:25:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/09/15 21:25:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/09/15 21:25:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/09/15 21:25:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/09/15 21:25:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/09/15 20:52:37 | 000,997,978 | ---- | C] () -- C:\Windows\SysNative\oem32.inf

[2011/09/15 20:49:20 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll

[2011/09/15 20:25:56 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForWayne Wagner.job

[2011/08/29 15:13:50 | 024,256,302 | ---- | C] () -- C:\Users\Wayne Wagner\angelica letter.bmp

[2011/08/29 10:26:11 | 000,237,836 | ---- | C] () -- C:\Users\Wayne Wagner\Documents\david celis inital C4.pdf

[2011/05/05 14:40:56 | 4222,820,352 | -HS- | C] () -- \hiberfil.sys

[2010/11/28 17:00:15 | 000,000,552 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d8caps.dat

[2010/09/18 23:56:13 | 000,000,100 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\fusioncache.dat

[2010/09/18 23:54:46 | 000,741,432 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/31 22:07:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/05/09 08:59:21 | 000,000,000 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\prvlcl.dat

[2010/03/23 16:23:51 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/03/23 16:21:30 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2010/03/23 16:21:30 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini

[2010/03/23 15:37:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2010/03/23 15:37:11 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

[2010/03/23 15:37:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2010/03/23 15:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2010/03/23 15:37:08 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2010/03/23 15:28:05 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini

[2010/03/18 08:43:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/03/18 08:43:01 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/03/18 08:42:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/03/11 22:06:47 | 000,000,732 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps64.dat

[2009/09/12 21:17:43 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2009/07/24 08:51:31 | 000,000,405 | ---- | C] () -- C:\Windows\Lexstat.ini

[2009/06/28 09:27:01 | 000,006,080 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\d3d9caps.dat

[2009/06/25 22:28:03 | 000,124,416 | ---- | C] () -- C:\Users\Wayne Wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/25 21:42:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/01/13 12:35:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008/10/28 04:32:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2008/10/28 04:32:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2008/10/28 04:32:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin

[2008/06/09 02:01:12 | 000,333,257 | RHS- | C] () -- \bootmgr

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/12/02 03:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

 

< End of report >

Posted

Hello, carolinejoy.

 

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!

 

 

 

Step 1

 

 

 

Uninstall ComboFix and Clean Up

Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

http://i517.photobucket.com/albums/u338/Eextremeboy/CF_Uninstall-1.jpg

Please advise if this step is missed for any reason as it performs some important actions.

 

Download and Run OTC

 

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

 

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.

 

 

Optional Items

 

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.

 

 

System Still Slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

 

Protect yourself from malicious sites

 

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

 

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:

  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.

    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/HostsXpert_update.png

[*]Click the X to exit the program.

[*]Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

 

 

Keep Windows Up to Date

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

 

Update your AntiVirus Software

 

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

 

 

Make sure your applications have all of their updates

 

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

 

Use a Firewall

 

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

 

For a tutorial on Firewalls and a listing of some available ones see the link below:

 

Understanding and Using Firewalls

 

Install an AntiSpyware Program

 

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

 

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

 

 

Update all these programs regularly

Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

 

Follow this list and your potential for being infected again will reduce dramatically.

 

Good luck!

 

etavares

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...