Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple Infections limiting internet access

Started by AZCMer , Jul 05 2011 12:14 AM

Please log in to reply

#76
AZCMer

Posted 12 August 2011 - 12:00 AM

Member

Topic Starter
Member
108 posts

I copied and pasted the code into the AVP tool and ran it. I did not get an indication that it was running or that it completed. So, I rebooted.

I then had trouble with the AVP tool itself by getting some of the same errors I posted in previous posts. The way I solved it was by redownloading the tool and then rebooting. I then gathered the system information.

I wasn't sure about rerunning the script, so I didn't.

I have a file called 'The' that is 846 bytes that tries to open every once in a while in my C:\Users directory.

Also, I am not finding those three files in my c:\ directory.

Attached Files

avptool_sysinfo.zip 11.16KB 172 downloads

#77
Cold Titanium

Posted 12 August 2011 - 07:34 PM

Trusted Helper

Malware Removal
1,735 posts

Step #1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
AppIDSvc32
Netlogon32

Files to delete:
c:\windows\system32\mmcico32.exe
C:\Windows\system32\NlsLexicons001332.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #3

Re-run Combofix (let it update) and post its log.

#78
AZCMer

Posted 13 August 2011 - 09:53 AM

Member

Topic Starter
Member
108 posts

I am unable to download ERUNT. The download button takes me to an error page.

#79
Cold Titanium

Posted 13 August 2011 - 01:12 PM

Trusted Helper

Malware Removal
1,735 posts

Try here:

http://dundats.mvps....erunt-setup.exe

#80
AZCMer

Posted 13 August 2011 - 04:15 PM

Member

Topic Starter
Member
108 posts

Thank you for finding ERUNT for me.

Okay, here's the thing. . .

Those files you wanted me to find earlier (_uninst_41226611, _uninst_55723948, _uninst_76996756) were in msconfig as startup programs. I still didn't find them, but when I unchecked them in msconfig, Kaspersky's AVP tool stopped trying to startup.

Next, when I ran avenger, the system did restart. However, there is no C:\avenger.txt and there is no C:\avenger\backup.zip. So, I cannot post the log for avenger.

Here is the log for ComboFix:

ComboFix 11-08-14.01 - The Reeve Family 08/13/2011 14:11:26.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4296 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 21:26 . 2011-08-13 21:26 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-13 21:26 . 2011-08-13 21:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-13 21:26 . 2011-08-13 21:26 -------- d-----w- c:\users\HP New\AppData\Local\temp
2011-08-13 21:26 . 2011-08-13 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 21:02 . 2011-08-13 21:02 61440 ----a-w- c:\windows\SysWow64\drivers\jgfzpxfw.sys
2011-08-13 20:46 . 2011-08-13 20:46 61440 ----a-w- c:\windows\SysWow64\drivers\teehsonr.sys
2011-08-13 20:35 . 2011-08-13 20:35 61440 ----a-w- c:\windows\SysWow64\drivers\jpfiyt.sys
2011-08-13 20:20 . 2011-08-13 21:02 4236 ----a-w- C:\backup.reg
2011-08-13 20:20 . 2011-08-13 20:20 61440 ----a-w- c:\windows\SysWow64\drivers\ebimohx.sys
2011-08-13 19:29 . 2011-08-13 19:29 -------- d-----w- c:\program files (x86)\ERUNT
2011-08-12 05:35 . 2011-08-12 16:09 556632 ----a-w- c:\windows\system32\drivers\9073829drv.sys
2011-08-12 05:35 . 2011-08-12 16:09 460888 ----a-w- c:\windows\system32\drivers\15565155.sys
2011-08-12 05:21 . 2011-08-12 14:09 460888 ----a-w- c:\windows\system32\drivers\72033811.sys
2011-08-10 16:51 . 2011-07-22 05:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 16:51 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-10 16:40 . 2011-08-10 06:15 556632 ----a-w- c:\windows\system32\drivers\6422218drv.sys
2011-08-10 16:40 . 2011-08-10 06:15 460888 ----a-w- c:\windows\system32\drivers\76996756.sys
2011-08-07 21:54 . 2011-05-23 07:32 5777200 ----a-w- c:\program files\Internet Explorer\ienrbreakaway.exe
2011-08-06 21:34 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-06 21:34 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-06 21:34 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-06 21:34 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 21:34 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 21:34 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-06 21:34 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 21:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 21:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\programdata\AVAST Software
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\program files\AVAST Software
2011-08-06 02:56 . 2011-08-06 02:56 -------- d-----w- c:\windows\en
2011-08-06 02:51 . 2011-08-06 02:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ba4d10601cc53e301\MeshBetaRemover.exe
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-04 19:41 . 2008-06-16 10:00 55024 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-04 19:32 . 2011-08-04 19:32 -------- d-----w- c:\windows\SysWow64\syncdb
2011-07-28 08:00 . 2011-07-28 08:00 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-07-27 16:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E519DE36-3744-46AF-A2A4-F861340AC9F9}\mpengine.dll
2011-07-26 19:38 . 2011-07-26 19:38 -------- d-----w- C:\Seagate temp
2011-07-26 19:11 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 19:11 . 2011-07-26 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-26 07:35 . 2011-07-26 07:35 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2011-07-25 20:28 . 2011-07-25 20:30 -------- d-----w- c:\users\The Reeve Family\AdobeLicensingFilesBackup
2011-07-25 15:17 . 2011-07-25 15:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-25 15:17 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-07-25 15:17 . 2011-07-25 15:17 150712 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-25 15:17 . 2011-07-25 15:17 105472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-25 15:16 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\real
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files\iTunes
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files (x86)\iTunes
2011-07-22 16:24 . 2011-07-22 16:24 -------- d-----w- c:\program files\iPod
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files\Bonjour
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-18 22:38 . 2011-07-18 22:38 -------- d-----w- C:\$AVG
2011-07-18 20:54 . 2011-07-18 20:54 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\AVG10
2011-07-18 20:52 . 2011-07-18 20:52 -------- d--h--w- c:\programdata\Common Files
2011-07-18 20:51 . 2011-08-06 21:28 -------- d-----w- c:\programdata\AVG10
2011-07-18 20:47 . 2011-07-18 20:54 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:53 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-18 20:47 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-16 04:26 . 2011-08-10 16:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-07 02:52 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07 . 2011-07-13 17:49 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-25 02:14 . 2009-12-06 14:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 15:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 15:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 15:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 15:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 15:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-09_02.02.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-13 17:49 . 2011-06-03 05:57 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-08-10 16:48 . 2011-07-16 04:25 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-08-10 16:49 . 2011-06-15 08:55 86016 c:\windows\SysWOW64\odbccu32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 16:49 . 2011-06-15 08:55 81920 c:\windows\SysWOW64\odbccr32.dll
+ 2011-08-10 16:48 . 2011-07-16 04:29 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-07-13 17:49 . 2011-06-03 06:00 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-08-10 16:52 . 2011-07-22 02:44 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-10 16:51 . 2011-07-22 02:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-08-10 16:51 . 2011-07-22 02:46 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2011-08-09 02:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-13 21:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-09 02:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-13 21:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-13 17:49 . 2011-06-03 06:57 13312 c:\windows\system32\wow64cpu.dll
+ 2011-08-10 16:48 . 2011-07-16 05:41 13312 c:\windows\system32\wow64cpu.dll
+ 2009-07-14 05:10 . 2011-08-13 21:30 47432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-26 03:08 . 2011-08-13 21:30 32878 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088720637-78751619-3950019920-1000_UserData.bin
+ 2011-08-10 16:48 . 2011-07-16 05:39 16384 c:\windows\system32\ntvdm64.dll
- 2011-07-13 17:49 . 2011-06-03 06:57 16384 c:\windows\system32\ntvdm64.dll
+ 2011-08-10 16:52 . 2011-07-22 05:32 96256 c:\windows\system32\mshtmled.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 96256 c:\windows\system32\mshtmled.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-08-10 16:51 . 2011-07-22 05:34 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-08-10 16:51 . 2011-07-22 05:34 85504 c:\windows\system32\jsproxy.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 85504 c:\windows\system32\jsproxy.dll
+ 2010-07-04 14:17 . 2011-08-13 21:27 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2010-07-04 14:17 . 2011-08-09 02:01 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2009-11-26 03:00 . 2011-08-12 06:42 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 03:00 . 2011-08-08 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-07 21:53 . 2011-08-12 06:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-07 21:53 . 2011-08-08 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-12 06:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-08 15:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-08-10 17:42 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-04-06 23:48 . 2011-04-06 23:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
- 2011-04-13 05:16 . 2011-04-13 05:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2010-03-18 21:27 . 2010-03-18 21:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-04-12 22:11 . 2011-04-12 22:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-16 06:13 . 2011-06-16 06:13 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-16 06:12 . 2011-06-16 06:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 06:12 . 2011-06-16 06:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-04-08 17:52 . 2011-07-13 19:54 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-06-16 14:24 . 2011-06-16 14:24 44032 c:\windows\assembly\temp\W3INSTU491\stdole.ni.dll
+ 2011-08-10 20:04 . 2011-08-10 20:04 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\ed59e15a2a29d02c59dc383215cc85fc\System.Xml.Serialization.ni.dll
+ 2011-08-10 20:04 . 2011-08-10 20:04 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\1a9bcef8abe20b3c0d53c535d680350f\System.Windows.Presentation.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\0ee56d53077b281408cbf186e80ab175\System.Web.ApplicationServices.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\d53f3bf7a26f69ae3ad77f6732ebf9cf\System.AddIn.Contract.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\fbc331d848cf65928cc84de68eba079f\Microsoft.VisualC.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\c551f53c6da4e594269e79636aef9f62\dfsvc.ni.exe
+ 2011-08-10 19:54 . 2011-08-10 19:54 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\28f42eb8dddc9fd54d468171a8d2461d\Accessibility.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5e66ba90ab2f24317ca76582f3ea3948\UIAutomationProvider.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c42639bd8c7c7855c4d11be1f0ccdf97\System.Windows.Presentation.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\3be20b4f9e9df41aaea426041f4f410a\System.Web.ApplicationServices.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3bea7a34d24b4dc1e3925b0b9bc9d45b\System.ServiceModel.Channels.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\882adb9ad5e9b434ef926193f595e757\System.AddIn.Contract.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7ee890ba3e1869ab04930948df453d3f\Microsoft.VisualC.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\f4b0a65a0cad6d091bb903fb5f7f490d\System.Windows.Presentation.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\055b996b602a243bd4fcbdde8accc09c\System.Web.DynamicData.Design.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\b33d58d0716cc4abc0183d5167bcdc2e\stdole.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\b33d58d0716cc4abc0183d5167bcdc2e\stdole.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\fe5b12605f26ab36c26f0a3b3c475dd5\PresentationFontCache.ni.exe
+ 2011-08-10 17:33 . 2011-08-10 17:33 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\a2a31e05462d32f9f49febd89f515738\PresentationCFFRasterizer.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\66019b987c020943413851e959ca80c2\Microsoft.WSMan.Runtime.ni.dll
- 2011-06-16 14:19 . 2011-06-16 14:19 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\f2ee738d8439bf9025e1234c6afbd7e8\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\f2ee738d8439bf9025e1234c6afbd7e8\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e29ed5ad26446d196b4a5ea7e69c74e9\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b1c9507f23021701932fca6306d0df0f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a4d48547af11390249b96fd1526ea514\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
- 2011-06-16 14:19 . 2011-06-16 14:19 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\636902d124bb3ee04ded9773d46f1d5d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\636902d124bb3ee04ded9773d46f1d5d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\6096a2f20727ede39049c5f3628b9a60\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-10 17:26 . 2011-08-10 17:26 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\ae0e01377a99fd22dde3dbea057fadb1\Microsoft.VisualC.ni.dll
- 2011-06-16 13:29 . 2011-06-16 13:29 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\ae0e01377a99fd22dde3dbea057fadb1\Microsoft.VisualC.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b1a1a072eba978666cefe4f99fc6401c\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\cdbee55e7f6c60f5cb56d6ec9f083951\LoadMxf.ni.exe
+ 2011-08-10 18:37 . 2011-08-10 18:37 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\16951451968fea951a2294c0ff4bd49e\ehiUPnP.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\16951451968fea951a2294c0ff4bd49e\ehiUPnP.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\867a57af137c4a524067cdbbf09766e0\ehiTVMSMusic.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c6cb1fd7a82938112cbea2c22e433df\dfsvc.ni.exe
- 2011-06-16 14:16 . 2011-06-16 14:16 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c6cb1fd7a82938112cbea2c22e433df\dfsvc.ni.exe
+ 2011-08-10 17:26 . 2011-08-10 17:26 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\23ea8465ac746c69a6ed7fdf628d3e9c\Accessibility.ni.dll
- 2011-06-16 13:30 . 2011-06-16 13:30 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\23ea8465ac746c69a6ed7fdf628d3e9c\Accessibility.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\a7c9407e400a468846a53c7fc74a61b9\WindowsLiveWriter.ni.exe
+ 2011-08-10 19:43 . 2011-08-10 19:43 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\becd6178ef5cb3df72825e83fcec5195\WindowsLive.Writer.Passport.ni.dll
+ 2011-08-10 17:19 . 2011-08-10 17:19 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
- 2011-06-16 13:34 . 2011-06-16 13:34 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3ef94ae15e7d80bb818934265bb90c10\System.Windows.Presentation.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\dd2bb107a0bbac08a0ccaf93c8bb7490\System.Web.DynamicData.Design.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\54d33aa6cf3af2d6e28c7d46c0ce363f\System.ComponentModel.DataAnnotations.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e88e6ace53ab318210c1657483321e40\System.AddIn.Contract.ni.dll
+ 2011-08-10 17:20 . 2011-08-10 17:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e88e6ace53ab318210c1657483321e40\System.AddIn.Contract.ni.dll
+ 2011-08-10 17:17 . 2011-08-10 17:17 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\cd32e850b908317981c109dd20a0d5b2\stdole.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\cd32e850b908317981c109dd20a0d5b2\stdole.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\fe7afc935e0c66172577a1ded815993b\PresentationFontCache.ni.exe
+ 2011-08-10 17:38 . 2011-08-10 17:38 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e5c56e2a79ebb350e0aa6805f4d5e649\PresentationCFFRasterizer.ni.dll
+ 2011-08-10 17:20 . 2011-08-10 17:20 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\69b036f1479a9aa93430f2d1676032b2\napcrypt.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\69b036f1479a9aa93430f2d1676032b2\napcrypt.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\ab2d4de59dee683a2f77123f671839ba\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a102c44ccfe60d131d7e350d149bf85\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7ce6ebef5427853ecb5bd68da29f1fdd\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-10 17:19 . 2011-08-10 17:19 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\405aa271df15b8ce1b0b970f37687152\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\405aa271df15b8ce1b0b970f37687152\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3442a002e4e5d93ca3895a29ba7adb74\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-10 17:19 . 2011-08-10 17:19 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3442a002e4e5d93ca3895a29ba7adb74\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\20c20811d44ba8c9513f2f2ba96d7047\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\09a9791efe9f32a50bd01346f0b05666\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\034ab6a3d60fdfba641443f16efdf309\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\2ac41c859d5e5e84993a555e3eeaea90\Microsoft.Vsa.ni.dll
- 2011-06-16 13:34 . 2011-06-16 13:34 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f7ce61c1a288adc4c39512d9f6767daf\Microsoft.VisualC.ni.dll
+ 2011-08-10 17:14 . 2011-08-10 17:14 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f7ce61c1a288adc4c39512d9f6767daf\Microsoft.VisualC.ni.dll
+ 2011-08-10 17:18 . 2011-08-10 17:18 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9152d7f0adafac97d853647ca783b8e4\Microsoft.Build.Framework.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9152d7f0adafac97d853647ca783b8e4\Microsoft.Build.Framework.ni.dll
+ 2011-08-10 17:18 . 2011-08-10 17:18 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c219cc49d452997a91d916309511e68\Microsoft.Build.Framework.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c219cc49d452997a91d916309511e68\Microsoft.Build.Framework.ni.dll
+ 2011-08-10 17:17 . 2011-08-10 17:17 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ac010bace23545b3a5b1825e5c7b046e\ehiUserXp.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ac010bace23545b3a5b1825e5c7b046e\ehiUserXp.ni.dll
+ 2011-08-10 17:17 . 2011-08-10 17:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\027211443c6da8187fe92e682c048cd5\dfsvc.ni.exe
- 2011-06-16 14:23 . 2011-06-16 14:23 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\027211443c6da8187fe92e682c048cd5\dfsvc.ni.exe
+ 2011-08-10 17:14 . 2011-08-10 17:14 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
- 2011-06-16 13:34 . 2011-06-16 13:34 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
+ 2011-08-10 16:48 . 2011-07-16 04:24 5120 c:\windows\SysWOW64\wow32.dll
- 2011-07-13 17:49 . 2011-06-03 05:56 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-08-10 16:48 . 2011-07-16 02:21 2048 c:\windows\SysWOW64\user.exe
- 2011-07-13 17:48 . 2011-06-03 03:53 2048 c:\windows\SysWOW64\user.exe
- 2011-07-13 17:49 . 2011-06-03 03:53 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-08-10 16:48 . 2011-07-16 02:21 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-08-10 16:48 . 2011-07-16 02:17 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 03:48 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 02:17 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 03:48 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 02:17 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 03:48 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 02:17 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 03:48 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 17:51 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-08-10 16:48 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2011-08-09 02:01 . 2011-08-09 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-13 21:27 . 2011-08-13 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-13 21:27 . 2011-08-13 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-09 02:01 . 2011-08-09 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-08 17:52 . 2011-08-10 17:02 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-10 17:25 . 2011-08-10 17:25 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1a890e72269abe36365d861bca8fca70\System.Xml.Serialization.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\e335cdfdb3e46fb0f75cb2ce83dabf48\dfsvc.ni.exe
+ 2011-08-10 16:49 . 2011-06-16 04:33 180224 c:\windows\SysWOW64\xmllite.dll
- 2009-07-14 00:20 . 2009-07-14 01:16 180224 c:\windows\SysWOW64\xmllite.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 231936 c:\windows\SysWOW64\url.dll
+ 2011-08-10 16:52 . 2011-07-22 02:47 231936 c:\windows\SysWOW64\url.dll
+ 2011-08-10 16:49 . 2011-06-15 08:55 163840 c:\windows\SysWOW64\odbctrac.dll
- 2011-05-26 19:01 . 2010-11-20 12:20 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2011-08-10 16:49 . 2011-06-15 08:55 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2011-05-26 19:01 . 2010-11-20 12:20 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2011-05-26 19:01 . 2010-11-20 12:20 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-08-10 16:49 . 2011-06-15 08:55 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-08-10 16:48 . 2011-07-16 04:24 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-07-13 17:51 . 2011-06-03 05:56 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-08-10 16:52 . 2011-07-22 02:45 716800 c:\windows\SysWOW64\jscript.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-08-10 16:52 . 2011-07-22 02:43 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-14 00:41 . 2009-07-14 01:41 199680 c:\windows\system32\xmllite.dll
+ 2011-08-10 16:49 . 2011-06-16 05:49 199680 c:\windows\system32\xmllite.dll
- 2011-07-13 17:49 . 2011-06-03 06:57 362496 c:\windows\system32\wow64win.dll
+ 2011-08-10 16:48 . 2011-07-16 05:41 362496 c:\windows\system32\wow64win.dll
+ 2011-08-10 16:48 . 2011-07-16 05:41 243200 c:\windows\system32\wow64.dll
- 2011-07-13 17:49 . 2011-06-03 06:57 243200 c:\windows\system32\wow64.dll
+ 2011-08-10 16:48 . 2011-06-24 05:34 214528 c:\windows\system32\winsrv.dll
- 2011-07-13 17:49 . 2011-06-03 06:57 214528 c:\windows\system32\winsrv.dll
+ 2009-08-21 19:32 . 2011-08-13 21:30 101672 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-08-10 16:52 . 2011-07-22 05:35 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2011-07-30 19:34 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-10 17:09 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-10 17:09 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-30 19:34 106316 c:\windows\system32\perfc009.dat
+ 2011-08-10 16:49 . 2011-06-15 10:02 212992 c:\windows\system32\odbctrac.dll
- 2011-05-26 19:01 . 2010-11-20 13:27 212992 c:\windows\system32\odbctrac.dll
+ 2011-08-10 16:49 . 2011-06-15 10:02 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
+ 2011-08-10 16:49 . 2011-06-15 10:02 106496 c:\windows\system32\odbccr32.dll
- 2011-05-26 19:01 . 2010-11-20 13:27 163840 c:\windows\system32\odbccp32.dll
+ 2011-08-10 16:49 . 2011-06-15 10:02 163840 c:\windows\system32\odbccp32.dll
+ 2011-08-10 16:48 . 2011-07-16 05:37 421888 c:\windows\system32\KernelBase.dll
- 2011-07-13 17:51 . 2011-06-03 06:56 421888 c:\windows\system32\KernelBase.dll
+ 2011-08-10 16:52 . 2011-07-22 05:33 818176 c:\windows\system32\jscript.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 818176 c:\windows\system32\jscript.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 248320 c:\windows\system32\ieui.dll
+ 2011-08-10 16:52 . 2011-07-22 05:30 248320 c:\windows\system32\ieui.dll
+ 2011-08-10 16:49 . 2011-07-09 02:46 288768 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-08-10 16:48 . 2011-06-24 05:25 338432 c:\windows\system32\conhost.exe
+ 2009-07-14 05:01 . 2011-08-13 21:27 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-09 02:00 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-12-03 07:18 . 2011-08-12 05:12 985172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-12288.dat
+ 2011-04-06 23:48 . 2011-04-06 23:48 236880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
- 2011-04-13 05:16 . 2011-04-13 05:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-04-07 00:45 . 2011-04-07 00:45 260448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2011-05-17 17:08 . 2011-05-17 17:08 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- 2010-03-18 21:27 . 2010-03-18 21:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
- 2011-04-12 22:11 . 2011-04-12 22:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 191840 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-05-17 16:27 . 2011-05-17 16:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2011-04-12 22:11 . 2011-04-12 22:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 06:12 . 2011-06-16 06:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 06:12 . 2011-06-16 06:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2010-04-08 17:52 . 2011-07-13 19:54 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-04-08 17:52 . 2011-08-10 17:02 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-04-08 17:52 . 2011-07-13 19:54 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-08-13 19:29 . 2005-10-20 19:02 163328 c:\windows\ERDNT\8-13-2011\ERDNT.EXE
+ 2011-06-16 14:23 . 2011-06-16 14:23 220672 c:\windows\assembly\temp\ZQ62INP9YI\CustomMarshalers.ni.dll
+ 2011-08-10 20:04 . 2011-08-10 20:04 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d3536aadcda3bf1628fd5cb912f0d4df\WindowsFormsIntegration.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\0bbce3d1912c29cdb65f7c7bfdfd8a01\UIAutomationTypes.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\65616f4785226d28371ccf809e213fa6\UIAutomationProvider.ni.dll
+ 2011-08-10 20:04 . 2011-08-10 20:04 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd62d82bb2e0ebe93c68c701a281d204\UIAutomationClient.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\70a6db2664fa1f7e996c58f81f63754d\System.Xml.Linq.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\321d4a33b1363649a45f47f8fbc107c9\System.Windows.Input.Manipulations.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\fbffd4e050d2e397f5b51bcbede33326\System.Transactions.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\41a328f3f1e01dd6d6c45ec27dfb8d12\System.ServiceProcess.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8a3044d7b76d748396c01aec083a1b01\System.ServiceModel.Routing.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4288f4e2ad790e4510344567c092ca68\System.ServiceModel.Channels.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\481e4462ee5dbf73d7f92d14505eabca\System.Security.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ea6aa98aa92eb1c27130599616cd48\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\e01521d8c282ad1e79f9c8334cd4baef\System.Runtime.Remoting.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\0615b26e34fbb01ff661b827e8d80c97\System.Numerics.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\836b59a54e74d2a9350d9dbcbee44e7d\System.Net.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e530f9f49dcc8196f1333f65d9e17a51\System.Messaging.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\ca30070d69a7575b9b3637fde765b533\System.Management.Instrumentation.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\1af1dc859f12d724d15c2f8ac01b7d84\System.IO.Log.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\a236c6b9a7fa2dd99f840ffedb685464\System.IdentityModel.Selectors.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\d0cb2f5412272538eead0de22ee232c1\System.Dynamic.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\87240375600b6608957d4877632deacd\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-10 20:01 . 2011-08-10 20:01 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\22c569ca3bf7de3f386881fdaaefcf5c\System.Device.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\848a93911e91183c5833abac3c19b8c7\System.Data.DataSetExtensions.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\9ef51cbff9a0a281683413ff85bdc67e\System.Configuration.Install.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e5886d887164c57e7bbcff9eace93aff\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\a618c2c8cd6669a1f562d583de816049\System.AddIn.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c06a32f20b3a8c40bb9ee4caaa7f791f\System.Activities.DurableInstancing.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\898051ff62d86ecbb43c730672a5ce01\SMSvcHost.ni.exe
+ 2011-08-10 19:58 . 2011-08-10 19:58 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\2b6fb4f3fe65c3384cd588c84d5f426a\SMDiagnostics.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e7d3ae8b894e645f195435b0d0cca3d5\PresentationFramework.Luna.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9faf962dcc325fbdecde08f2b4b4de12\PresentationFramework.Classic.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\89a56671c51182608a36ddabf7f11579\PresentationFramework.Aero.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1144c8dd74e20a85a56ea12af48cc763\PresentationFramework.Royale.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 421888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\c09acfe61d30d08a34ca3da5a60982e7\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2c6b57b8d66eb686e39af125a7b9cd3f\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-10 19:55 . 2011-08-10 19:55 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4b8193e798a848470e64c71f71a230a4\CustomMarshalers.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1b8d986036465b9f0db4fbaf8876ad72\WindowsFormsIntegration.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7b9037ad1952bc81a382b2fcddd8320a\UIAutomationTypes.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\08b935a4ef1b64faec4e9739db313298\UIAutomationClient.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0f5813c19bc6dc46e87c6beafb97d525\System.Xml.Linq.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8681ad3f75515a261e7980d01ac5fa2e\System.Windows.Input.Manipulations.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5314989a2066877016eaac44f927092c\System.Transactions.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\b784695a620842be9b660769dd43c898\System.ServiceProcess.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8671670b07fb8597048ef4aae0a5ede4\System.ServiceModel.Routing.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e8452df7471e5ba24ca642b4c4e1ef37\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bbc34aac73481fc04fe9b7aff9927437\System.Runtime.Remoting.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\0db265c571d2baf9c46511b9955fa7c4\System.Net.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\5539ada158b0520c68ab8cbaa6dab8b2\System.Messaging.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\89a46fc2fa698580fd2fa81df5cd020a\System.Management.Instrumentation.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e022b746f10ca855a632ff405f7f1259\System.IO.Log.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\a6518b3baf1d987d831c5fc1b295306d\System.IdentityModel.Selectors.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a0ced4a2cbd6aa8f9cf2a28b641e0300\System.Dynamic.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8227f92f9e71e619b541050995617717\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6ec8651192262a0732c9c187486e9fb9\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\1652ce31226964496c1d5b5b4f69277e\System.Device.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\5b1934fc32b50e5a42a64999d0b27112\System.Data.DataSetExtensions.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\7a2a83b1625f100331691f44b6e9c3ab\System.Configuration.Install.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\eb22b58fc80ef55a2879bd6f121e9989\System.ComponentModel.Composition.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a3084fbf0204cd93a9d1e8722774f0b7\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\6254a35e295c52224f7bdc9e5ac9c81f\System.AddIn.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b905c99ccccb248a7653fabe4b55b09\System.Activities.DurableInstancing.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\51bdfe23e8b22bbed5fabfed9371b5b0\SMSvcHost.ni.exe
+ 2011-08-10 17:22 . 2011-08-10 17:22 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef32e2d63c908a8e4b21b30b2debcd03\SMDiagnostics.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ac6b30fb021fe513bc7f5eb98874ab98\PresentationFramework.Royale.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ab273e4606367562d98caf792f366523\PresentationFramework.Classic.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\08ffd91342eb8f789914456a3a0d29dd\PresentationFramework.Luna.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\4033e0316470747a3df3f0d65026b09e\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\da0ae911ee95f4e67660e8e584ca8e7b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8bd0bb7822eb2d50cb4c1a82a7f934e8\CustomMarshalers.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\bfb29034e69046d05e1ff758c0fcda27\WsatConfig.ni.exe
+ 2011-08-10 19:54 . 2011-08-10 19:54 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\1c573262c14ba755ac6ccab0945711cb\WindowsFormsIntegration.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\d4f8fb1bc01621e0b7a19ee0954917d5\UIAutomationTypes.ni.dll
- 2011-06-16 13:30 . 2011-06-16 13:30 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\d4f8fb1bc01621e0b7a19ee0954917d5\UIAutomationTypes.ni.dll
- 2011-06-16 13:30 . 2011-06-16 13:30 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\427b7ac4bbe49410e494979928d9b560\UIAutomationProvider.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\427b7ac4bbe49410e494979928d9b560\UIAutomationProvider.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\ad5c1e837ea97e2e6401fd4fac9d99d4\UIAutomationClient.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\50621c88a5345fd8fcb959a9fc25f084\TaskScheduler.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\ebd55d35d25cf10e6e24453238d3c5eb\System.Xml.Linq.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\0bf594db7ec4fd4754f7535f24b254aa\System.Web.Routing.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\f46bab10a21dd08219f69cf58c6e5766\System.Web.RegularExpressions.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\09199f147cafe8a357cbcf68f6098a77\System.Web.Entity.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\b21a0f26bff3d30480050c41f4f786f6\System.Web.Entity.Design.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\adfea0205de0aeb42c9bd80be40d7c47\System.Web.DynamicData.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\b6cc0ab04339d7cf16e83487e921fb71\System.Web.Abstractions.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\5fbe4fcbb4259d38e57006802c957e23\System.Transactions.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\d69463a51d3536074bff664c0a097b1f\System.ServiceProcess.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\f330ec3533f2f0cb4c6dacd3a3e48044\System.Security.ni.dll
+ 2011-08-10 17:33 . 2011-08-10 17:33 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\ddd7749c4f3e68ca556795b7cd2a7a00\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\0646a91d680e840b201eb7a96876f053\System.Net.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\f53e6c7d027431c87b5839036a2f977d\System.Messaging.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\b9e961f0a21c8afe6213218fdbc8f8a2\System.Management.Instrumentation.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\49a6af02ac362d95ccf98068492053e5\System.IO.Log.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\4b21a062e82d08cf0ce61e7f1c8d1f2a\System.IdentityModel.Selectors.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1f84610e9a8c80e23e82f82cc4a894a3\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\2327e346f00d0f89825a86e691d84dcc\System.Drawing.Design.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\28d1d4c0f794a46ecdf34df502c3e20a\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5e0b2a3713da55d99450c9cad93c4d2f\System.Data.Services.Design.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\486d44582be2000df84c46e187a88e70\System.Data.DataSetExtensions.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\89adf5c48e4551ba19f324ee12780b89\System.Configuration.Install.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\1bcd63abfac2072c18ab799a37dd89cf\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\268f6f10ba5e94d24677a1a68f97ac15\System.AddIn.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fc738e6c257a4851a220b9660688c25f\System.AddIn.Contract.ni.dll
- 2011-06-16 14:20 . 2011-06-16 14:20 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fc738e6c257a4851a220b9660688c25f\System.AddIn.Contract.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\7706a4ac4bf3f09a2d0b655e363fa401\sysglobl.ni.dll
- 2011-06-16 14:21 . 2011-06-16 14:21 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\7706a4ac4bf3f09a2d0b655e363fa401\sysglobl.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8103d9a6fe544e521f89b92d24ac298a\SMSvcHost.ni.exe
+ 2011-08-10 18:36 . 2011-08-10 18:36 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\c268879bbddc814fadfe497300c03752\SMDiagnostics.ni.dll
+ 2011-08-10 17:42 . 2011-08-10 17:42 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\f89aa0bd7259a8fbe122539c26ccdd24\PresentationFramework.Royale.ni.dll
+ 2011-08-10 17:42 . 2011-08-10 17:42 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ed1fe56e5b41607f2b31091a11662f12\PresentationFramework.Luna.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\e197484e00ac02ef81220d0c8b6491e1\PresentationFramework.Aero.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0c098556b5184fe66c987547b512f00a\PresentationFramework.Classic.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:52 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\a04a8437f757b8da7a707e31702169d6\napsnap.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\711d1c8357619b22e5caffd9cab59736\napinit.ni.dll
- 2011-06-16 14:19 . 2011-06-16 14:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\644fd981e996dd2ba072cc6265a0b74b\naphlpr.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\644fd981e996dd2ba072cc6265a0b74b\naphlpr.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fe39885123be43ee8b6f4c1ca669d49b\napcrypt.ni.dll
- 2011-06-16 14:19 . 2011-06-16 14:19 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fe39885123be43ee8b6f4c1ca669d49b\napcrypt.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\b75df85509061d9729506b8af64513f7\MSBuild.ni.exe
+ 2011-08-10 18:38 . 2011-08-10 18:38 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\c42d34f67692030a55a9bc64004e9041\MMCFxCommon.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\5db5412b8b9fdbe83b43a79b76cb39c6\Microsoft.WSMan.Management.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\de2193a90cfc32eed4ad1c78a99b8363\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0836bcb90046e51c8bd055c0755bd57d\Microsoft.Vsa.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b3361f5be5cde787e5e6c67b1bf55684\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d99d7734ec2e39696ac5ce7e7b2d76bd\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\77160cddd8417526c586e13b529f68bf\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6a1869785554446d202d6f718d036a3e\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5c7ffe4abea4b5a400f768cad060835d\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f0cb734b7acfb102c57ed39f8918ce3d\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e4313e989939114d32f9254a74eee676\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\87d3f8fed35fa164d0e5dabbcee46df8\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5ec49bda571c34526ad7db5ec7a201c4\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3ea7a7a15d59a1185b74f340f05c0b33\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1cbb6b9711bed2da17ae866cf2f58c31\Microsoft.MediaCenter.ITVVM.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1cbb6b9711bed2da17ae866cf2f58c31\Microsoft.MediaCenter.ITVVM.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\04b81e74cc96402e59800be2c13358f9\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\04b81e74cc96402e59800be2c13358f9\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\503235feed6b59fff53b29c9def81a5d\Microsoft.ManagementConsole.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\6c999c27e6724dd1d0a10202f3e52e57\Microsoft.Build.Utilities.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\137428fc7e8ae3a1b733ffc45a3f3076\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\748b8b1f294666450436cc174c0b0684\Microsoft.Build.Framework.ni.dll
- 2011-06-16 14:18 . 2011-06-16 14:18 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\748b8b1f294666450436cc174c0b0684\Microsoft.Build.Framework.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\4196ba1264bd52f324e01016716cbbe9\Microsoft.Build.Framework.ni.dll
- 2011-06-16 14:18 . 2011-06-16 14:18 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\4196ba1264bd52f324e01016716cbbe9\Microsoft.Build.Framework.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\8be3ef8d90c0f3e97437887dac5a8d78\Microsoft.Build.Conversion.v3.5.ni.dll
- 2011-06-16 14:18 . 2011-06-16 14:18 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\736323a581cc019ae2027f71dc496668\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\736323a581cc019ae2027f71dc496668\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\39e1e694a468028f2ca73994f76322d4\Mcx2Dvcs.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\d820c1a490dfb31933fd53f96514bbce\mcupdate.ni.exe
+ 2011-08-10 18:37 . 2011-08-10 18:37 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\428aa9c2151b0f385227c513c9497673\mcstoredb.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\614f7b9e9c362ac6d4175638ea2237d9\mcplayerinterop.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7f8a262f2b6807a47517c1ea6e6b2a7b\mcGlidHostObj.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\0801a977b58776ed017238d4aaa7995e\MCESidebarCtrl.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\136009b4f22e65e77a916747429e599b\EventViewer.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d313ec20c40b0fd3125b8e710f74556d\ehRecObj.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\fb85aad5c54840d8c5a17ac30a2fdfd7\ehiWUapi.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\fb85aad5c54840d8c5a17ac30a2fdfd7\ehiWUapi.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\af6c550e9382dba858ca65bb220799ea\ehiwmp.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\af6c550e9382dba858ca65bb220799ea\ehiwmp.ni.dll
- 2011-06-16 14:16 . 2011-06-16 14:16 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\244edb2f64f825975b8c70f34162e6a6\ehiUserXp.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\244edb2f64f825975b8c70f34162e6a6\ehiUserXp.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\b37be197d70d359e864bfffcca28fdb9\ehiiTv.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\b37be197d70d359e864bfffcca28fdb9\ehiiTv.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\b538d9ee6bfc71d120550427ccbe9e9e\ehiExtens.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\b538d9ee6bfc71d120550427ccbe9e9e\ehiExtens.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\ce8305e1973d5a65569d9757f5b59c29\ehiBmlDataCarousel.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\ce8305e1973d5a65569d9757f5b59c29\ehiBmlDataCarousel.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\440bebddd70e03b2548635373ad2b666\ehiActivScp.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\440bebddd70e03b2548635373ad2b666\ehiActivScp.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\a267870c9fce983dca1c454fbde4cc7e\ehExtHost.ni.exe
+ 2011-08-10 18:36 . 2011-08-10 18:36 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\3a7ccf1084f8a546e8f7e7eecf33045c\ehCIR.ni.dll
- 2011-06-16 14:16 . 2011-06-16 14:16 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\436b0b38f271b905950f054c548a5722\CustomMarshalers.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\436b0b38f271b905950f054c548a5722\CustomMarshalers.ni.dll
+ 2011-08-10 18:35 . 2011-08-10 18:35 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\1af89517b158d3a94c051dfbc4ae9769\ComSvcConfig.ni.exe
+ 2011-08-10 18:35 . 2011-08-10 18:35 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\61dd29a580f09716118ef51868ad9edd\BDATunePIA.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\41ccc24e8cc5f2474ce1105f0b8ebb78\WsatConfig.ni.exe
+ 2011-08-10 19:43 . 2011-08-10 19:43 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\3d5351ce86e095303fba275133137193\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fde572524923af2430d9525392a8bbea\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e61916c2a95a661b4f283880056c3042\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e58c1973b837702923fc07d2a5e27707\WindowsLive.Writer.Api.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d7ea7bdb6dd006399d7b74471a9b2f6f\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\afed845d8b8baca6804ac35b162872bd\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\abc9bcdf52d164d4424395ac98c43f80\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9b7e17a219e407c817df48ee0e103324\WindowsLive.Writer.Controls.ni.dll
+ 2011-08-10 17:15 . 2011-08-10 17:15 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9461d16c415bef24d73aa628181765ea\WindowsLive.Writer.Interop.SHDocVw.ni.dll
- 2011-06-16 14:23 . 2011-06-16 14:23 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9461d16c415bef24d73aa628181765ea\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8361b2421d717fc05f9de4dc31e27d30\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\457b24f87e34b9d3d6e8cc53080ad041\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e7ecad8ced9f475964f30c8d52809f0\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\12d8d77ff3c35b2aeb085fbb4b737dfd\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a3e6799a6081a5cf0d2167fea406056\WindowsLive.Writer.Interop.ni.dll
- 2011-08-06 03:00 . 2011-08-06 03:00 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0403af327e2ce5bab0bb0cf8464f7b60\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-08-10 17:15 . 2011-08-10 17:15 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0403af327e2ce5bab0bb0cf8464f7b60\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\53fe01ef07d887e57a42138e67f7040c\WindowsLive.Client.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bb04320c07e3c71ac2d18cb382d97f41\WindowsFormsIntegration.ni.dll
+ 2011-08-10 17:19 . 2011-08-10 17:19 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
- 2011-06-16 13:34 . 2011-06-16 13:34 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d63e6fb41aa502bf6724043e6ac1367f\UIAutomationClient.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\1c1f731e8684204f56f37cc66b5bc60d\TaskScheduler.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b096bd83a66a8d1dcd761747730cc64c\System.Xml.Linq.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\efca1fd7e9df8e24c007cd003346e0e5\System.Web.Routing.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\66126f1309396535f2ba93f752016902\System.Web.RegularExpressions.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6c551bf6f7716b0f527f4274fb04cc2e\System.Web.Extensions.Design.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\03eda303152940cb2e78a0030cf572b5\System.Web.Entity.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7b93fe55a51f2a6010365a17546170bc\System.Web.Entity.Design.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\979bf2cab91b5d50aef1525ca96ff690\System.Web.DynamicData.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\067516a8300bb5fdbddb38cb9f6c934e\System.Web.Abstractions.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4e03de263f1fec29c4a7fa18986d0868\System.Transactions.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\c0d90fae726bca4f272ac9a2906b3741\System.Security.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e16f381a978103ac92bf64b99716c857\System.Net.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ac9fe083b4cf11aab834d6654cdeb429\System.Messaging.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b95b509ac74958a1d8568293c3dc43ba\System.Management.Instrumentation.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e083fdbcc88f5850290f2cf65ae1efae\System.IO.Log.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\736226563a7f564e4629e34d52b3d6c6\System.IdentityModel.Selectors.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.Wrapper.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\41d65038625368f089fc66b8a544f934\System.Drawing.Design.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3c443dc0b8879bfe286a07f15060787f\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1f6d55f401cfe7041f9fd3b4aebffa9b\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0896f955eb175a4e0bfff73b94f57619\System.Data.Services.Design.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\8f130b77f8f47e23cd748679173bdf33\System.Data.Entity.Design.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ad3f6eae36ce486187311de6836b4904\System.Data.DataSetExtensions.ni.dll
+ 2011-08-10 17:37 . 2011-08-10 17:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\81423a8207177ffcfac843f9d7b662d2\System.Configuration.Install.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fc5edc97ac59d0d0d45bb9b623b9927b\System.AddIn.ni.dll
- 2011-06-16 14:25 . 2011-06-16 14:25 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\88f0efe11487b846342fdee227f3da52\sysglobl.ni.dll
+ 2011-08-10 17:21 . 2011-08-10 17:21 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\88f0efe11487b846342fdee227f3da52\sysglobl.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a33aa8911167af5fcba60f1b02ad45b\SMSvcHost.ni.exe
+ 2011-08-10 19:43 . 2011-08-10 19:43 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9997cb70ba2c05761f6196f65dae7588\PresentationFramework.Royale.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4c9a05d7eea9a270d51ffe6f9466d8f8\PresentationFramework.Luna.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\16c2dcb95bda37843824b6b0d82d8ef6\PresentationFramework.Classic.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\96f4e4b87e625a1c36e4de2efb6f7dcc\napsnap.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a4e2648f8b4962f4c9660b2085290b06\napinit.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\8fcb3f856afb930c5add8498cadb4d13\naphlpr.ni.dll
+ 2011-08-10 17:20 . 2011-08-10 17:20 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\8fcb3f856afb930c5add8498cadb4d13\naphlpr.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\46d3794a4a440f22cff17197648f6887\MSBuild.ni.exe
+ 2011-08-10 19:44 . 2011-08-10 19:44 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\71b549afed40761f8be9075ca9ad8dd7\MMCFxCommon.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\fd457e872296300765fa1a6d96a6683c\Microsoft.WSMan.Management.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b96b80f166196dc0e148c73dc8452d25\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f5b347719df9fa791416713aa0fd342f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bebf12cadd8b4fbd9c8135405c64794b\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3b22c86860de1de178e294bc4bd534d\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\512a72ebad1bd44687d8134cd46e1a5c\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1e510aa4de5a90cd44ee2443ae45e097\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\9658825555dc2c9af1a8ce12e6da2cd7\Microsoft.ManagementConsole.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c52f2b0958be337e88f37a141e18be78\Microsoft.Build.Utilities.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3f194ebe9a0c1e0903b32f663cb53556\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e62aa0d898b65d0d831c11b4f56c0785\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\78fb000aaaba73f34dfa9028b7caef8c\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\fe969316614223634cba1c5544f4e3dd\mcstoredb.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\31231127c783eddf25c3d21761e1a15c\EventViewer.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\aceba77dc2230519296726c4a1ce9518\ehRecObj.ni.dll
+ 2011-08-10 17:17 . 2011-08-10 17:17 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\85464949c28a523e3b6cf24679a9776c\ehiVidCtl.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\85464949c28a523e3b6cf24679a9776c\ehiVidCtl.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\2ddabd185f08f72237aaa70edaffa6cc\ehiProxy.ni.dll
+ 2011-08-10 17:17 . 2011-08-10 17:17 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\2ddabd185f08f72237aaa70edaffa6cc\ehiProxy.ni.dll
- 2011-06-16 14:24 . 2011-06-16 14:24 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\536082f3ff1f0f6fcd7bd58878098071\ehiExtens.ni.dll
+ 2011-08-10 17:17 . 2011-08-10 17:17 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\536082f3ff1f0f6fcd7bd58878098071\ehiExtens.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\42621a148e3691a5a992816cb49bee0a\ehExtHost32.ni.exe
+ 2011-08-10 17:17 . 2011-08-10 17:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
- 2011-06-16 14:23 . 2011-06-16 14:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a28cd0923e6ff03f952950eb713f03b3\ComSvcConfig.ni.exe
+ 2011-08-10 19:43 . 2011-08-10 19:43 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\482f9bd79c20ab87b6fa0fa2737d6aa3\BDATunePIA.ni.dll
+ 2011-08-10 16:52 . 2011-07-22 02:49 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-08-10 16:49 . 2011-06-23 04:33 3912576 c:\windows\SysWOW64\ntoskrnl.exe
- 2011-05-11 00:47 . 2011-04-09 06:02 3912576 c:\windows\SysWOW64\ntoskrnl.exe
+ 2011-08-10 16:49 . 2011-06-23 04:33 3967872 c:\windows\SysWOW64\ntkrnlpa.exe
- 2011-05-11 00:47 . 2011-04-09 06:02 3967872 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2011-08-10 16:48 . 2011-07-16 04:24 1114112 c:\windows\SysWOW64\kernel32.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 1797632 c:\windows\SysWOW64\jscript9.dll
+ 2011-08-10 16:52 . 2011-07-22 02:54 1797632 c:\windows\SysWOW64\jscript9.dll
+ 2011-08-10 16:52 . 2011-07-22 02:44 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-08-10 16:51 . 2011-07-22 02:51 9704448 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 04:54 . 2011-08-13 21:28 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-09 02:01 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-10 16:52 . 2011-07-22 05:36 1344512 c:\windows\system32\urlmon.dll
+ 2011-08-10 16:49 . 2011-06-23 05:43 5561216 c:\windows\system32\ntoskrnl.exe
- 2011-07-13 17:49 . 2011-05-14 07:20 1162752 c:\windows\system32\kernel32.dll
+ 2011-08-10 16:48 . 2011-07-16 05:37 1162752 c:\windows\system32\kernel32.dll
+ 2011-08-10 16:52 . 2011-07-22 05:42 2303488 c:\windows\system32\jscript9.dll
- 2011-08-07 21:53 . 2011-08-07 21:53 2303488 c:\windows\system32\jscript9.dll
+ 2011-08-10 16:52 . 2011-07-22 05:33 2143232 c:\windows\system32\iertutil.dll
- 2011-06-16 05:31 . 2011-04-25 05:33 1923968 c:\windows\system32\drivers\tcpip.sys
+ 2011-08-10 16:49 . 2011-06-21 06:34 1923968 c:\windows\system32\drivers\tcpip.sys
- 2009-07-14 04:45 . 2011-08-07 23:11 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-08-10 17:33 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-29 07:17 . 2011-08-13 20:20 4565780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-4096.dat
- 2010-09-29 07:17 . 2011-08-09 02:00 4565780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-4096.dat
+ 2011-04-07 00:45 . 2011-04-07 00:45 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
- 2010-03-18 21:27 . 2010-03-18 21:27 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 1368920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 6428520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-07 00:45 . 2011-04-07 00:45 3824480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2011-04-07 00:45 . 2011-04-07 00:45 3235656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
+ 2011-04-06 23:48 . 2011-04-06 23:48 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 6097256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll
- 2011-03-23 05:01 . 2011-03-23 05:01 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-04-28 15:48 . 2011-04-28 15:48 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 3116376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 1354584 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll
- 2011-04-13 05:16 . 2011-04-13 05:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 1454416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 1514840 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 1511240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- 2011-04-13 05:16 . 2011-04-13 05:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-05-17 17:08 . 2011-05-17 17:08 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-08-10 16:49 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2011-06-16 05:31 . 2011-01-27 23:33 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 2261832 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2011-04-06 23:48 . 2011-04-06 23:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
- 2010-03-18 20:16 . 2010-03-18 20:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
- 2011-03-23 05:01 . 2011-03-23 05:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-28 15:48 . 2011-04-28 15:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2011-04-06 23:48 . 2011-04-06 23:48 1354584 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
- 2011-04-12 22:11 . 2011-04-12 22:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-04-12 22:11 . 2011-04-12 22:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-05-17 16:27 . 2011-05-17 16:27 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-06-16 05:31 . 2011-01-27 23:35 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-08-10 16:49 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-08-10 17:10 . 2011-08-10 17:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-06-16 06:12 . 2011-06-16 06:12 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-10 17:09 . 2011-08-10 17:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-06-16 06:13 . 2011-06-16 06:13 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-07-26 20:50 . 2011-07-26 20:50 5522432 c:\windows\Installer\1a906b.msp
+ 2011-04-28 16:57 . 2011-04-28 16:57 2721280 c:\windows\Installer\1a904a.msp
+ 2010-03-18 20:16 . 2010-03-18 20:16 1663320 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_x86.dll
+ 2010-03-18 21:27 . 2010-03-18 21:27 2153816 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_amd64.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 1303896 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_amd64.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 6346600 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_amd64.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 3545952 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll
+ 2010-03-18 21:27 . 2010-03-18 21:27 3453792 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll
+ 2011-08-13 19:29 . 2011-08-13 19:29 6463488 c:\windows\ERDNT\8-13-2011\Users\00000002\UsrClass.dat
+ 2011-08-13 19:29 . 2011-08-13 19:29 9826304 c:\windows\ERDNT\8-13-2011\Users\00000001\ntuser.dat
+ 2011-06-16 13:34 . 2011-06-16 13:34 1587200 c:\windows\assembly\temp\KILBLF6QMW\System.Drawing.ni.dll
+ 2011-06-16 13:34 . 2011-06-16 13:34 7963648 c:\windows\assembly\temp\BFPWG7TKYK\System.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\2b21f937d40320cabc3c85c031db88d8\WindowsBase.ni.dll
+ 2011-08-10 20:04 . 2011-08-10 20:04 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d14a6bf514550fdc219f580348599c58\UIAutomationClientsideProviders.ni.dll
+ 2011-08-10 19:55 . 2011-08-10 19:55 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\8e4323f5bfb90be4621456033d8b404b\System.Xml.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\2a3c95561c3de429c3c0e7a53a920c45\System.Xaml.ni.dll
+ 2011-08-10 20:04 . 2011-08-10 20:04 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\b346685f479e27aadce1793789333bfb\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\4ee71342f3eadce770c5b227e0e72015\System.Web.Services.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\7211feffc35222c34e5d6b9e97f1c009\System.Speech.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e449cb587c51f7bec5fcff8964844151\System.ServiceModel.Activities.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5af78d8b92c4a0b7f90dd99a8742c565\System.ServiceModel.Discovery.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\2c3f2f005761a596bf9e7262b76735a3\System.Runtime.Serialization.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\d850328fdb0d5b403f2b4a7752ec43da\System.Runtime.DurableInstancing.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\35bb0262c48890be46a1861b63bed32d\System.Printing.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\73c6deea16d8ee87e65156bb9ef90e0b\System.Management.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\6d8ec822ecf54529d04b1342aef58dd3\System.IdentityModel.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\a8ac353249c61750e03ace04cce91d12\System.EnterpriseServices.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0237eaa2a9c71060227e6d310a887c07\System.Drawing.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\8440779374dcb4d650179a61139684b0\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1b6321bae09adccce41aedcd91fcea9b\System.DirectoryServices.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\f0cadc34a72bbfb06158ee14e3f3b97d\System.Deployment.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\20d5aeb1486af05bd5885e431e8cf531\System.Data.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\84e0e94c07d03148371aad1c9212daba\System.Data.SqlXml.ni.dll
+ 2011-08-10 20:01 . 2011-08-10 20:01 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c66f4672f3f96cac1796475fc53084f7\System.Data.Services.Client.ni.dll
+ 2011-08-10 20:01 . 2011-08-10 20:01 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\f985d985539603a521e6051cbef283d7\System.Data.Linq.ni.dll
+ 2011-08-10 19:55 . 2011-08-10 19:55 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\d17a133036827281e02df99161f83199\System.Configuration.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\87cacc996ae318f4bd1e126f8271b8c1\System.ComponentModel.Composition.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\6f46271408743437680ef855e26ba561\System.Activities.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\b5dc8079f2701e3cf6a139deca5c0982\System.Activities.Presentation.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\bb930355f9bcc3bc388397471ae88492\System.Activities.Core.Presentation.ni.dll
+ 2011-08-10 20:00 . 2011-08-10 20:00 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8df1ec785fb8923566f2ce612f108cee\ReachFramework.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\944136b49e38259ce517a6fe3e71fa4d\PresentationUI.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f35f1a86bb6cdfc3547ff815dddfa629\Microsoft.VisualBasic.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b915c536f129912ec5b50a187d663103\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\7caaf5543210b5383267ef450c2173f7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-08-10 19:56 . 2011-08-10 19:56 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\41248e69f60429253a19267620bd5dcd\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-10 20:02 . 2011-08-10 20:02 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\a266703ae4763423c8e41fd9e375bf76\Microsoft.JScript.ni.dll
+ 2011-08-10 19:55 . 2011-08-10 19:55 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\db2aa89dbd68dddefe47c70b35c045cf\Microsoft.CSharp.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e6474cae2445440fccb0e62e689e6c22\UIAutomationClientsideProviders.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a216205660fa7dabec6af4a7c52956ee\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\40c543317017c549c3d17d714c3cf1fc\System.Web.Services.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\86d3010efe01e554be5b8cd680fcfe2a\System.Speech.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f37365c0acb4b409a486f3aa4512a03e\System.ServiceModel.Discovery.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a53b7bb4838c656363b29f79f708a0f0\System.ServiceModel.Activities.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\33b886ae33f78b046f90bda3dde2688e\System.Runtime.Serialization.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\5c659e2195f712d6638b8536da384cda\System.Runtime.DurableInstancing.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0751e44f42a603bfe153a4bbd124f62f\System.Printing.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e1acefba94c07ca77d751b68bc3e33d3\System.IdentityModel.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\be3d47a08a8e4118e75e31a402259409\System.DirectoryServices.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\864c2fd53f879fcd5f9b335cf49a66b4\System.Deployment.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\80bdabbd69127228408b96ca23460389\System.Data.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ec8c58572e78fa5fc63bb8b29ed7481a\System.Data.SqlXml.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\04f451f2d493483696f852bdce8c36e0\System.Data.Services.Client.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8a671058b35f625fb958ff2228fbc9cf\System.Data.Linq.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c527fa8c447a9edfeb14eeaf4af0a742\System.Activities.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\5be7a4e9c92dff127c74c0d744b3f523\System.Activities.Presentation.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\1871f74f0a94ec1d26071dcc872d4189\System.Activities.Core.Presentation.ni.dll
+ 2011-08-10 17:23 . 2011-08-10 17:23 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\5d8782e167084ab1fced20b86cfb26e2\ReachFramework.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de59faecd59acbc6caabecbd8efbbb50\PresentationUI.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce05202cabbee87cda0b3df2e56a6b20\Microsoft.VisualBasic.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\899c60052ad7e741dc444017cc907ca8\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0adf14e7c198b3e2a634e53a23ddad7b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-08-10 17:22 . 2011-08-10 17:22 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4376863f8deba766befd5d8e41316a91\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2ceaa7403e2bdea36367a0a67d972f03\Microsoft.JScript.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\64fc9675d94bda9f45731097f140c4f6\WindowsBase.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\b8bf364f0522a662055f670bf4e86c8f\UIAutomationClientsideProviders.ni.dll
+ 2011-08-10 17:31 . 2011-08-10 17:31 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\318b11a6b944c9ef2998d374c9d5bda8\System.Xml.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\394711b95ef17f6a7314eca2aba756e7\System.WorkflowServices.ni.dll
+ 2011-08-10 17:42 . 2011-08-10 17:42 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\eafeb90e353fd552565511cdeb26bebf\System.Workflow.Runtime.ni.dll
+ 2011-08-10 17:42 . 2011-08-10 17:42 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ec790f92424cdcec713fff09d475bf2b\System.Workflow.ComponentModel.ni.dll
+ 2011-08-10 17:42 . 2011-08-10 17:42 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\906d5186dd5dbb570648cd1e3dfed22e\System.Workflow.Activities.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\29bf4a2b9e4edd846f35872642dd0f36\System.Web.Services.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\fe69339f03e5b94b558c688512246a5e\System.Web.Mobile.ni.dll
+ 2011-08-10 19:54 . 2011-08-10 19:54 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\b513632337cadf6b2a8f8b6975c7d96f\System.Web.Extensions.Design.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 3042304 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9c1f2e29f7b5f1d398405640ef4b1c7c\System.Web.Extensions.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\31bbf607c61e3b9aeced14cb984ea9f6\System.Speech.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\667a561422e2ccf10daef0a5dc6c8043\System.ServiceModel.Web.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\50faf7f472bfc6d562696341df45b3c9\System.Runtime.Serialization.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\caddda432d02308c325519a8e2f09dc4\System.Runtime.Remoting.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\3bc065deeefef52f1ff59628ec665ea7\System.Printing.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\36723de72c78b2791de226253580f107\System.Management.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\df0cb96e6d087500c9210b33be2c91c9\System.IdentityModel.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1f84610e9a8c80e23e82f82cc4a894a3\System.EnterpriseServices.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ad884485b63f08acfaf791d2dfaadd32\System.Drawing.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\8255d3cb1b25eaa6e645322daa1f680c\System.DirectoryServices.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\11a932eb07432edfc6f9de22753337ba\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\e2a96543efb1769b60dc0ff9e292c4bb\System.Deployment.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\d71dfde5e15e6b4271c9ce4c514775b2\System.Data.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\ab0d4419e1826292c56e565405151290\System.Data.SqlXml.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\f7483e84119e0be9074377e731ffbe0c\System.Data.Services.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\16932309d9a552f362c85ac0adfe1607\System.Data.Services.Client.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\33f6d511288b5a1aaa011e52ba3821fd\System.Data.OracleClient.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\82b491f0b4a55a29d4de0e7648a43707\System.Data.Linq.ni.dll
+ 2011-08-10 19:53 . 2011-08-10 19:53 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\22600cdf0f670e44b03b243af68cd76d\System.Data.Entity.Design.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\5f7c48b31971fee1af48dd20c7dd7033\System.Core.ni.dll
+ 2011-08-10 17:31 . 2011-08-10 17:31 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\df2bfb30ffdbfbb49d2c5ef6fc763578\System.Configuration.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\b2c3d06da323643af4ab68768cfe8880\ReachFramework.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\0f3e15bd55e4f4171604e889eac1c819\PresentationUI.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\ff71ee8681938634786fac49359c8b15\PresentationBuildTasks.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\2f9ac667c184e068523d6047153f2d91\Narrator.ni.exe
+ 2011-08-10 19:51 . 2011-08-10 19:51 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\92414dfe464e98f09057245b6dd04d05\MMCEx.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\c66470a9076fc188a35ec7643aa1ee2e\MIGUIControls.ni.dll
+ 2011-08-10 19:51 . 2011-08-10 19:51 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\4b85c3384fdda12490074283615d4723\Microsoft.VisualBasic.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\deae3fdab784ca275290c02a3288a33d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f1cc6b5a2520e6b946198cd51498dff9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b1d791e971f5c23b5ab0bf61bcfe60a0\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\42c4e6bd35af9d592663de61cb8c8108\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-10 18:40 . 2011-08-10 18:40 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\332067cce1149bb2008d5af79ef8024d\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\fc417f7e196b7d7d5e717cb892f16144\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ce834b9729a66c3ef9ec5c4350e6ab59\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc0f76a8214ddc88b56c6c14146c2555\Microsoft.MediaCenter.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8f1d674c4309a0c29fb708ba7a5e54c4\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\52e7f067d8a3358baeb77ac8cd988c0e\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\95184c861c38e940aeadc4276a8596e6\Microsoft.JScript.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\0e8c24abc2dbbafc9519f64571a39433\Microsoft.Ink.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\638f3afd3c310ed7d048e60cc1daf57e\Microsoft.Build.Tasks.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\58e96fd5359c0f3d6ed8f350ff721f87\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f2ae54183322e3710c0344c44fd512d8\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\37c906e0ea6325e55c1f222aa4a5462b\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\c0018e4aaaa7eebb4fadaf5220854fe8\mcstore.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\0d18e8a503ef9e5bc676d89c7d508d7f\mcepg.ni.dll
+ 2011-08-10 18:37 . 2011-08-10 18:37 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\864ef3de707640f5a889efc4425e5c40\ehiVidCtl.ni.dll
- 2011-06-16 14:17 . 2011-06-16 14:17 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\864ef3de707640f5a889efc4425e5c40\ehiVidCtl.ni.dll
- 2011-06-16 14:16 . 2011-06-16 14:16 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\60b7bccb6de4c8d42f2eaf1d0e7a9216\ehiProxy.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\60b7bccb6de4c8d42f2eaf1d0e7a9216\ehiProxy.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d4afec0a5e4cfbfde58a3891ab59dec8\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\96c75f3d7d7a0a53260332bf8654e232\WindowsLive.Writer.Localization.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7978d94f1ae7929f854e0c2595e3a3b8\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71bc0a6d90a17b0f5be09380539e9ad0\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\92104881c09380b6b86ec656e8c502f6\UIAutomationClientsideProviders.ni.dll
+ 2011-08-10 17:37 . 2011-08-10 17:37 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
+ 2011-08-10 17:37 . 2011-08-10 17:37 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a6409b4be5018e5cbad7ef197d4237e1\System.WorkflowServices.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9af55d8d4cb44eabe53e940244864daa\System.Workflow.Runtime.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\f40e6a02c815ee66b49d4f48802d9d9c\System.Workflow.ComponentModel.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\82e83c3d87d72cafffc60c55585daaaa\System.Workflow.Activities.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
+ 2011-08-10 19:48 . 2011-08-10 19:48 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4de6ad3bad2dc4fbbbd33b16b1a7b219\System.Web.Mobile.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\871d3f0cc83d73a106151257ee74a4aa\System.Web.Extensions.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2c7c32228442440e4c23f772fd64b24b\System.Speech.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0139ae05cabaf2ac25cc85279e187e0a\System.ServiceModel.Web.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\b2834d89c14922370db32e5e4564e03a\System.Printing.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f2b1857a7db371f0417a84e8ca25f450\System.Management.Automation.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5ab23d203c8bfade7160ea915719c730\System.IdentityModel.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ac4d095d0371999fa879f8167e9a82fa\System.DirectoryServices.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\364993b444187c2dd988cab2fb0f98c6\System.Deployment.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
+ 2011-08-10 17:37 . 2011-08-10 17:37 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\6c9eef4471f39022ab9418637c7ee9e1\System.Data.SqlXml.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\702efea190a39de2bacb81cbaf32de99\System.Data.Services.ni.dll
+ 2011-08-10 19:47 . 2011-08-10 19:47 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3da17a7980d13fae329f2c3a77797b08\System.Data.Services.Client.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\12dc224b1ddff3b0c5b3fce1ac958a3f\System.Data.OracleClient.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:47 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1992ecfb8eb3318820e3d28df55bee6a\System.Data.Linq.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\301160f0d81368efb2f79e9b714ec505\System.Data.Entity.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\a09206d231b222c74183c7255bcacb35\ReachFramework.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7f0d64056a690c2fe26071b7368b4c56\PresentationUI.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c16377318357fb4fcda87c1015815a76\PresentationBuildTasks.ni.dll
+ 2011-08-10 19:46 . 2011-08-10 19:46 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\ca760a3cb6cabbdf11c1aa42e5b79ee9\Narrator.ni.exe
+ 2011-08-10 19:45 . 2011-08-10 19:45 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\97051ca60f5e2ea7927adebcb2af9097\MMCEx.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\40f947b2a4ecb8ba656104c3f77bb79b\MIGUIControls.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0d7a48003dd32151b3518b3ee7f13350\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79af41ccc6bdc25ede7b249ae32f0101\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\348ff55789cc23b72b19036f01903b63\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\21f675cbc3d058e68f7f6371644da25f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ffec5408d56ba9fb311518d6ec521691\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\81359c52225ae557ddf7dbdf3c0bf048\Microsoft.MediaCenter.ni.dll
+ 2011-08-10 19:45 . 2011-08-10 19:45 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\35138a36b7d07f4d37adf96745ef80cb\Microsoft.JScript.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\9c17eb4bfbca7719a4f10bbd3473d07d\Microsoft.Ink.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4b45a3a1f24d0d773f9f8fb2d8ce8164\Microsoft.Build.Tasks.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\01de5c2808a0c30578614dae24c5d591\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\db9750e8aae34d7bd25b76564f2cebd5\Microsoft.Build.Engine.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9004890e93911c7612aa5f218c474618\mcstore.ni.dll
+ 2011-08-10 19:44 . 2011-08-10 19:44 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\e0683c0b9e68c44011a1f4b70b85239f\mcepg.ni.dll
- 2011-06-16 05:31 . 2011-01-27 23:35 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 16:49 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 16:51 . 2011-07-22 02:54 12273664 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-08-10 17:29 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-10 16:51 . 2011-07-22 05:52 17782272 c:\windows\system32\mshtml.dll
+ 2009-11-27 19:58 . 2011-08-10 17:12 54065608 c:\windows\system32\MRT.exe
+ 2011-08-10 16:51 . 2011-07-22 05:40 10886144 c:\windows\system32\ieframe.dll
+ 2009-11-26 17:37 . 2011-08-13 21:27 13793459 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
+ 2011-05-19 06:06 . 2011-05-19 06:06 38672896 c:\windows\Installer\1a90ae.msp
+ 2011-06-16 13:34 . 2011-06-16 13:34 11490304 c:\windows\assembly\temp\UH2RB7Q48D\mscorlib.ni.dll
+ 2011-06-16 13:35 . 2011-06-16 13:35 12433408 c:\windows\assembly\temp\RNTQEL33PC\System.Windows.Forms.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\5034d5e3f1bf120d9e61e72be6b9b013\System.ni.dll
+ 2011-08-10 19:59 . 2011-08-10 19:59 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\65c3e4d26ac857162658b81b1efffb19\System.Windows.Forms.ni.dll
+ 2011-08-10 20:03 . 2011-08-10 20:03 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\48ed28e415c976c7adfb2c5ceeaeedb2\System.ServiceModel.ni.dll
+ 2011-08-10 20:01 . 2011-08-10 20:01 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\529f1a1a0f3e9e994eb3356b55924f3c\System.Data.Entity.ni.dll
+ 2011-08-10 19:55 . 2011-08-10 19:55 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\3c24931e3b4e97b6b49c4d459ba8c552\System.Core.ni.dll
+ 2011-08-10 19:58 . 2011-08-10 19:58 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0abeeb299ca73f7afc5312a00e0bf22\PresentationFramework.ni.dll
+ 2011-08-10 19:57 . 2011-08-10 19:57 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\de5aaef4bd369972fea5ba6ff7d3e264\PresentationCore.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\8f7f691aa155c11216387cf3420d9d1b\mscorlib.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll
+ 2011-08-10 17:25 . 2011-08-10 17:25 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\56df5c322f32e926eb46047f65d0a357\System.ServiceModel.ni.dll
+ 2011-08-10 17:24 . 2011-08-10 17:24 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\093195c829c13c7ad35cb3ad43b52b6a\System.Data.Entity.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll
+ 2011-08-10 17:12 . 2011-08-10 17:12 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll
+ 2011-08-10 17:11 . 2011-08-10 17:11 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
+ 2011-08-10 17:28 . 2011-08-10 17:28 17077760 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDA48.tmp\System.Windows.Forms.dll
+ 2011-08-10 17:31 . 2011-08-10 17:31 10618880 c:\windows\assembly\NativeImages_v2.0.50727_64\System\3e6eefab37b44e147db80a3c34f0ac05\System.ni.dll
+ 2011-08-10 17:33 . 2011-08-10 17:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\0737590c91350bf9ce7416cbbf789bc7\System.Windows.Forms.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 15249408 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\01e1dddd3684f57d19699eeb1fad3892\System.Web.ni.dll
+ 2011-08-10 18:36 . 2011-08-10 18:36 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\962330ba0685ac1176b611bc052d0ca7\System.ServiceModel.ni.dll
+ 2011-08-10 18:39 . 2011-08-10 18:39 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\34d1eab899a35bb7a0075c0b0b3d5938\System.Management.Automation.ni.dll
+ 2011-08-10 17:41 . 2011-08-10 17:41 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\9f162ee8ce0ec6b2a539b68041421911\System.Design.ni.dll
+ 2011-08-10 19:52 . 2011-08-10 19:52 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\7bf5c7476d8c8255a30a4cda0c9f43be\System.Data.Entity.ni.dll
+ 2011-08-10 17:40 . 2011-08-10 17:40 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\90e096ee99f6b0760c47016f862cf5a8\PresentationFramework.ni.dll
+ 2011-08-10 17:32 . 2011-08-10 17:32 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\72ea2b7db0ac2d9407d8ab2ed257c62a\PresentationCore.ni.dll
- 2011-06-16 13:29 . 2011-06-16 13:29 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\8f7abb6f7384aad8fc43659820726eab\mscorlib.ni.dll
+ 2011-08-10 17:26 . 2011-08-10 17:26 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\8f7abb6f7384aad8fc43659820726eab\mscorlib.ni.dll
+ 2011-08-10 18:38 . 2011-08-10 18:38 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\857d393b4e25062d5ba400f3422b74e6\ehshell.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
+ 2011-08-10 19:43 . 2011-08-10 19:43 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
+ 2011-08-10 17:39 . 2011-08-10 17:39 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cbd362859e818467b75aaf0287af0fe2\System.Design.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
+ 2011-08-10 17:38 . 2011-08-10 17:38 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
- 2011-06-16 13:34 . 2011-06-16 13:34 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
+ 2011-08-10 17:14 . 2011-08-10 17:14 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\1a908c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2040898"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Netlogon32;Netlogon ;c:\windows\system32\NlsLexicons001332.exe [x]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-07-21 4407664]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S0 15565155;15565155;c:\windows\system32\DRIVERS\15565155.sys [x]
S0 72033811;72033811;c:\windows\system32\DRIVERS\72033811.sys [x]
S0 76996756;76996756;c:\windows\system32\DRIVERS\76996756.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 6422218drv;6422218drv;c:\windows\system32\DRIVERS\6422218drv.sys [x]
S1 9073829drv;9073829drv;c:\windows\system32\DRIVERS\9073829drv.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: hp.com\h50203.www5
Trusted Zone: hp.com\www
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@DACL=(02 0000)
@="Remote Desktop USB Redirection"
"DllName"=expand:"%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"DisplayName"=expand:"@%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2011-08-13 14:51:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-13 21:51
ComboFix2.txt 2011-08-09 02:23
ComboFix3.txt 2011-08-07 01:17
ComboFix4.txt 2011-08-05 19:06
ComboFix5.txt 2011-08-13 21:10
.
Pre-Run: 145,281,474,560 bytes free
Post-Run: 146,160,902,144 bytes free
.
- - End Of File - - D0BDBE2D689D46C682291809BF9F8C2A

#81
Cold Titanium

Posted 16 August 2011 - 07:58 PM

Trusted Helper

Malware Removal
1,735 posts

Hello AZCMer,

I don't mean to bail on you, but some stuff came up and I can't make these logs anymore.

RKinner has graciously volunteered to take over for me. You'll be in even better hands than me as he is an Expert.

Again I am sorry I had to bail. Good Luck!

#82
RKinner

Posted 16 August 2011 - 09:35 PM

Malware Expert

Expert
24,624 posts

Feel free to make multiple posts. The forum has a limit on the size of a post but it won't warn you if you hit the limit. IT just sort of ignores you. If a post won't work because it's too big then just attach it.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\Tasks\PCDRScheduledMaintenance.job
c:\windows\system32\DRIVERS\15565155.sys
c:\windows\system32\DRIVERS\72033811.sys
c:\windows\system32\DRIVERS\76996756.sys
c:\windows\system32\DRIVERS\6422218drv.sys
c:\windows\system32\DRIVERS\9073829drv.sys
c:\windows\system32\NlsLexicons001332.exe

Driver::
15565155
72033811
76996756
6422218drv
9073829drv
Netlogon32

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted, Yes

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Open Internet Explorer. Tools. Internet Options, Connections., LAN Settings. Check the box for: Automatically Detect Settings, OK. Close IE.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57131
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O32 - AutoRun File - [2009/08/12 15:01:58 | 000,000,073 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/08/25 17:35:19 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ]
O32 - AutoRun File - [2008/07/08 04:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ CDFS ]
O33 - MountPoints2\{306e804f-b4fc-11de-b707-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{306e804f-b4fc-11de-b707-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008/07/08 04:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated)
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell - "" = AutoRun
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
   
:Commands
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Save the log and copy and paste it to a reply.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#83
AZCMer

Posted 16 August 2011 - 09:37 PM

Member

Topic Starter
Member
108 posts

That's okay, Cold Titanium. I understand completely. I appreciate your assistance and value your help greatly.

Thank you so much for all the help you've provided. I only hope that I've been able to complete your instructions properly and have been as helpful as possible.

And thank you most of all for your patience.

I look forward to RKinner's follow up.

#84
AZCMer

Posted 16 August 2011 - 11:55 PM

Member

Topic Starter
Member
108 posts

Ok. Looong reply. Thank you so much for the help. Here are all the results and logs you requested.

Cleared the Java cache as per instructions.
Ran ComboFix with the script and Avast disabled as per instructions. Here is the log:

ComboFix 11-08-16.05 - The Reeve Family 08/16/2011 20:49:51.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4213 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
Command switches used :: c:\users\The Reeve Family\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\DRIVERS\15565155.sys"
"c:\windows\system32\DRIVERS\6422218drv.sys"
"c:\windows\system32\DRIVERS\72033811.sys"
"c:\windows\system32\DRIVERS\76996756.sys"
"c:\windows\system32\DRIVERS\9073829drv.sys"
"c:\windows\system32\NlsLexicons001332.exe"
"c:\windows\Tasks\PCDRScheduledMaintenance.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\15565155.sys
c:\windows\system32\DRIVERS\6422218drv.sys
c:\windows\system32\DRIVERS\72033811.sys
c:\windows\system32\DRIVERS\76996756.sys
c:\windows\system32\DRIVERS\9073829drv.sys
c:\windows\Tasks\PCDRScheduledMaintenance.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_15565155
-------\Legacy_6422218DRV
-------\Legacy_72033811
-------\Legacy_76996756
-------\Legacy_9073829DRV
-------\Service_15565155
-------\Service_6422218drv
-------\Service_72033811
-------\Service_76996756
-------\Service_9073829drv
-------\Service_Netlogon32
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 04:03 . 2011-08-17 04:03 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-17 04:03 . 2011-08-17 04:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-17 04:03 . 2011-08-17 04:03 -------- d-----w- c:\users\HP New\AppData\Local\temp
2011-08-17 04:03 . 2011-08-17 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 21:02 . 2011-08-13 21:02 61440 ----a-w- c:\windows\SysWow64\drivers\jgfzpxfw.sys
2011-08-13 20:46 . 2011-08-13 20:46 61440 ----a-w- c:\windows\SysWow64\drivers\teehsonr.sys
2011-08-13 20:35 . 2011-08-13 20:35 61440 ----a-w- c:\windows\SysWow64\drivers\jpfiyt.sys
2011-08-13 20:20 . 2011-08-13 21:02 4236 ----a-w- C:\backup.reg
2011-08-13 20:20 . 2011-08-13 20:20 61440 ----a-w- c:\windows\SysWow64\drivers\ebimohx.sys
2011-08-13 19:29 . 2011-08-13 19:29 -------- d-----w- c:\program files (x86)\ERUNT
2011-08-10 16:51 . 2011-07-22 05:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 16:51 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-07 21:54 . 2011-05-23 07:32 5777200 ----a-w- c:\program files\Internet Explorer\ienrbreakaway.exe
2011-08-06 21:34 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-06 21:34 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-06 21:34 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-06 21:34 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-06 21:34 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-06 21:34 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-06 21:34 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-06 21:33 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-06 21:33 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\programdata\AVAST Software
2011-08-06 21:33 . 2011-08-06 21:33 -------- d-----w- c:\program files\AVAST Software
2011-08-06 02:56 . 2011-08-06 02:56 -------- d-----w- c:\windows\en
2011-08-06 02:51 . 2011-08-06 02:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ba4d10601cc53e301\MeshBetaRemover.exe
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-05 15:56 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-05 15:04 . 2011-08-05 15:04 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-04 19:41 . 2008-06-16 10:00 55024 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-08-04 19:39 . 2011-08-04 19:39 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-08-04 19:32 . 2011-08-04 19:32 -------- d-----w- c:\windows\SysWow64\syncdb
2011-07-28 08:00 . 2011-07-28 08:00 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-07-27 16:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E519DE36-3744-46AF-A2A4-F861340AC9F9}\mpengine.dll
2011-07-26 19:38 . 2011-07-26 19:38 -------- d-----w- C:\Seagate temp
2011-07-26 19:11 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 19:11 . 2011-07-26 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-26 07:35 . 2011-07-26 07:35 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2011-07-25 20:28 . 2011-07-25 20:30 -------- d-----w- c:\users\The Reeve Family\AdobeLicensingFilesBackup
2011-07-25 15:17 . 2011-07-25 15:17 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-25 15:17 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-07-25 15:17 . 2011-07-25 15:17 150712 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-25 15:17 . 2011-07-25 15:17 105472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-25 15:16 . 2011-07-25 15:17 -------- d-----w- c:\program files (x86)\real
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files\iTunes
2011-07-22 16:24 . 2011-07-22 16:25 -------- d-----w- c:\program files (x86)\iTunes
2011-07-22 16:24 . 2011-07-22 16:24 -------- d-----w- c:\program files\iPod
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files\Bonjour
2011-07-22 16:22 . 2011-07-22 16:22 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-18 22:38 . 2011-07-18 22:38 -------- d-----w- C:\$AVG
2011-07-18 20:54 . 2011-07-18 20:54 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\AVG10
2011-07-18 20:52 . 2011-07-18 20:52 -------- d--h--w- c:\programdata\Common Files
2011-07-18 20:51 . 2011-08-06 21:28 -------- d-----w- c:\programdata\AVG10
2011-07-18 20:47 . 2011-07-18 20:54 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:53 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-18 20:47 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-16 04:26 . 2011-08-10 16:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-07 02:52 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07 . 2011-07-13 17:49 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-25 02:14 . 2009-12-06 14:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 15:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 15:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 15:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 15:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 15:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-13_21.29.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-06-23 06:31 . 2011-06-23 06:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2011-06-23 06:31 . 2011-08-15 18:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2009-07-14 04:54 . 2011-08-13 21:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-17 04:10 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-13 21:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-17 04:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 16:17 . 2011-08-15 03:35 91224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
- 2009-12-01 16:17 . 2010-07-16 19:16 91224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2009-07-14 05:10 . 2011-08-17 04:11 47504 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-26 03:08 . 2011-08-17 04:11 32934 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088720637-78751619-3950019920-1000_UserData.bin
+ 2010-07-04 14:17 . 2011-08-17 04:09 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2010-07-04 14:17 . 2011-08-13 21:27 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2009-07-14 04:46 . 2011-08-15 03:19 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-08-13 21:27 . 2011-08-13 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-17 04:09 . 2011-08-17 04:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-13 21:27 . 2011-08-13 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-17 04:09 . 2011-08-17 04:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-21 19:32 . 2011-08-16 13:49 101720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:01 . 2011-08-13 21:27 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-17 04:08 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-12-03 07:18 . 2011-08-15 07:45 985172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-12288.dat
- 2009-12-03 07:18 . 2011-08-12 05:12 985172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-12288.dat
+ 2011-06-05 23:33 . 2011-08-16 04:13 723388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2011-08-17 04:10 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-13 21:28 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 17:37 . 2011-08-16 04:13 4110232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-11-26 17:37 . 2011-08-09 02:00 4110232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-26 17:37 . 2011-08-17 04:08 13793459 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
- 2009-11-26 17:37 . 2011-08-13 21:27 13793459 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2040898"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-08-15 4411248]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF15822.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: hp.com\h50203.www5
Trusted Zone: hp.com\www
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@DACL=(02 0000)
@="Remote Desktop USB Redirection"
"DllName"=expand:"%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"DisplayName"=expand:"@%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2011-08-16 21:35:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 04:35
ComboFix2.txt 2011-08-13 21:51
ComboFix3.txt 2011-08-09 02:23
ComboFix4.txt 2011-08-07 01:17
ComboFix5.txt 2011-08-17 03:47
.
Pre-Run: 143,435,845,632 bytes free
Post-Run: 143,184,605,184 bytes free
.
- - End Of File - - 0D75C7A9F48E4CEF91FC7732364B783F

#85
AZCMer

Posted 17 August 2011 - 12:04 AM

Member

Topic Starter
Member
108 posts

Next I opened and made sure Automatically detect settings was selected. It was. So, I then went into Firefox tools/options/advanced and selected the network tab and selected settings under connection and changed No proxy to Auto detect proxy settings.

Next I ran the Fix in OTL with the script you provided as administrator. Here is the log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 57131 removed from network.proxy.http_port
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files (x86)\AVG\AVG10\avgssiea.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG10\avgssie.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
File E:\AUTORUN.INF not found.
File not found.
File E:\Autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{306e804f-b4fc-11de-b707-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{306e804f-b4fc-11de-b707-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{306e804f-b4fc-11de-b707-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{306e804f-b4fc-11de-b707-806e6f6e6963}\ not found.
File E:\Autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
File K:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync deleted successfully.
File C:\Program Files (x86)\AVG\AVG10\avgchsva.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart deleted successfully.
File C:\Program Files (x86)\AVG\AVG10\avgrsa.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08162011_215210

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I then ran the OTL scan and here are the two resulting scans:

OTL logfile created on: 8/16/2011 9:56:49 PM - Run 14
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 71.46% Memory free
17.47 Gb Paging File | 15.88 Gb Available in Paging File | 90.92% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 133.42 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 15:49:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 05:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/14 20:37:59 | 004,411,248 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/08/13 14:02:18 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgfzpxfw.sys -- (nfzbvp)
DRV - [2011/08/13 13:46:29 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\teehsonr.sys -- (azxiwab)
DRV - [2011/08/13 13:35:44 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jpfiyt.sys -- (isibyqq)
DRV - [2011/08/13 13:20:26 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\ebimohx.sys -- (iludzair)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A6 9F CC 01 38 B8 C9 48 8F 66 58 1D D4 DC B4 BA [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/04 09:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 08:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/06 14:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 15:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/05 09:41:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\The Reeve Family\AppData\Roaming\Move Networks [2010/01/09 18:18:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]

[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/03 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2011/08/03 00:32:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/26 13:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/09/22 10:01:11 | 000,002,160 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage-https.xml
[2010/09/22 10:00:52 | 000,002,152 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage.xml
[2011/07/14 13:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/27 08:40:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/25 08:17:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/16 15:49:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/27 08:40:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/16 21:10:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [L07AXLRD_2040898] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: grillflame.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([h50203.www5] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 21:10:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/16 21:03:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/16 20:47:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/13 12:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/13 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/13 12:19:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt-setup.exe
[2011/08/12 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{9A853E91-0301-4D89-B128-ACEF06961B52}
[2011/08/12 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{D7BBB8B9-647E-4A3C-BACD-B397482B1370}
[2011/08/12 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\avenger
[2011/08/10 09:52:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 09:52:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 09:52:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 09:52:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 09:52:01 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/10 09:52:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/08/10 09:52:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/10 09:52:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 09:52:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 09:52:00 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/10 09:49:38 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 09:49:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 09:49:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 09:49:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 09:49:37 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 09:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 09:49:37 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 09:49:37 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 09:49:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 09:49:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 09:49:13 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 09:49:13 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 09:49:13 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 09:48:26 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 09:48:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 09:48:25 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 09:48:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 09:48:25 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 09:48:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 09:48:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 09:48:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 09:48:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 09:48:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 09:48:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 09:48:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 09:48:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 09:48:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 09:48:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 09:48:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 09:48:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 09:48:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 09:48:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 09:48:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 09:48:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 09:48:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 09:48:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 09:48:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 09:48:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 09:48:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 09:48:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 09:48:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 09:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 09:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 09:48:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 09:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 09:48:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 09:48:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 09:48:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 09:48:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 09:48:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 09:48:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 09:48:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 09:48:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 09:48:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 09:48:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 09:48:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/07 14:53:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/07 14:53:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/07 14:53:17 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/08/07 14:53:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/07 14:53:17 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/07 14:53:17 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/08/07 14:53:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/07 14:53:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/07 14:53:17 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/08/07 14:53:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/07 14:53:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/07 14:53:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/07 14:53:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/07 14:53:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/07 14:53:17 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/07 14:53:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/08/07 14:53:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/07 14:53:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/07 14:53:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/07 14:53:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/07 14:53:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/07 14:53:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/07 14:53:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/07 14:53:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/07 14:53:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/07 14:53:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/07 14:53:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/07 14:53:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/07 14:53:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/07 14:53:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/07 14:53:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/07 14:53:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/07 14:53:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/07 14:53:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/07 14:53:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/07 14:53:17 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/07 14:53:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/07 14:53:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/07 14:53:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/08/07 14:53:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/07 14:53:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/07 14:53:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/07 14:53:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/07 14:53:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/07 14:53:16 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/07 14:53:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/07 14:53:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/07 14:53:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/07 14:53:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/07 14:53:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/07 14:53:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/07 14:53:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/07 14:53:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/07 14:53:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/07 14:53:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/07 14:53:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/07 14:53:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/07 14:53:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/07 14:53:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/07 14:53:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/07 14:53:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/07 14:53:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/07 14:53:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/07 14:53:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/07 14:53:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/07 14:53:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/07 14:53:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/07 14:53:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/06 14:34:16 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/06 14:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/06 14:34:15 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/06 14:34:11 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/06 14:34:08 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/06 14:34:07 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/06 14:34:03 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/06 14:34:02 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/06 14:33:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/06 14:33:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/06 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/06 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 14:25:40 | 001,819,488 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\The Reeve Family\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/05 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B94F0DAD-8913-4E01-B185-7B2B6EB809BF}
[2011/08/05 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{007C5936-EFB4-4133-BBB5-F7F0525FADDF}
[2011/08/05 19:56:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C70CD49D-93A6-4749-A45B-FF85E3A0189B}
[2011/08/05 19:48:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{86F47851-456E-474E-9455-5D716184E955}
[2011/08/05 14:07:30 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{26312C83-66D3-4BA8-B49C-223576547A09}
[2011/08/05 14:07:17 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C20F9968-93CE-454B-A591-B29139E46C44}
[2011/08/05 11:51:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/05 11:51:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/05 11:51:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/05 10:01:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{87058962-EEDE-401B-A0CB-E1CE5AC7D52B}
[2011/08/05 10:00:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{7FB5818C-CB63-4AFA-B7DA-CD797443BB7B}
[2011/08/05 09:50:57 | 004,174,574 | R--- | C] (Swearware) -- C:\Users\The Reeve Family\Desktop\ComboFix.exe
[2011/08/05 08:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2A15DEC5-2FD4-4354-B2F7-98881254EFDF}
[2011/08/04 17:30:47 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Camera_Raw_6_2
[2011/08/04 12:41:04 | 000,055,024 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/08/04 12:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2011/07/30 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\GooredFix Backups
[2011/07/30 12:21:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/28 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/07/27 10:47:44 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/26 12:38:42 | 000,000,000 | ---D | C] -- C:\Seagate temp
[2011/07/26 12:11:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/26 12:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 12:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/26 12:10:12 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2011/07/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2011/07/25 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\space
[2011/07/25 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{352BF278-585C-4743-806A-B98D33E7D45D}
[2011/07/25 13:28:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AdobeLicensingFilesBackup
[2011/07/25 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\LicenseRecovery
[2011/07/25 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/07/25 08:17:13 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/07/25 08:17:05 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/07/25 08:17:05 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/07/25 08:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/25 08:17:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/25 08:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
[2011/07/22 09:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/21 11:33:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{30EA9FC9-73C1-4C23-93C5-CD71DA605E4D}
[2011/07/20 23:32:22 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{76B61CD7-2761-40DF-8287-3650EFD84036}
[2011/07/20 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B8B4B3B5-3134-4656-B26A-C4D8FFD82FD5}
[2011/07/19 17:21:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{FB299AB1-FA1E-4EA9-BE44-03F5008574D2}
[2011/07/18 15:38:08 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/07/18 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E8E54F29-E756-49E0-8CEB-E6FF97176581}
[2011/07/18 13:54:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2011/07/18 13:52:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/18 13:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/18 13:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

========== Files - Modified Within 30 Days ==========

[2011/08/16 22:00:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 22:00:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 21:53:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 21:53:00 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 21:10:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/16 20:46:56 | 004,174,574 | R--- | M] (Swearware) -- C:\Users\The Reeve Family\Desktop\ComboFix.exe
[2011/08/16 06:47:17 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/08/15 07:07:41 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/13 14:02:19 | 000,004,236 | ---- | M] () -- C:\backup.reg
[2011/08/13 14:02:18 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\jgfzpxfw.sys
[2011/08/13 13:46:29 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\teehsonr.sys
[2011/08/13 13:40:26 | 102,144,472 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\setup_11.0.0.1245.x01_2011_08_13_23_11.exe
[2011/08/13 13:35:44 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\jpfiyt.sys
[2011/08/13 13:20:26 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\ebimohx.sys
[2011/08/13 12:29:09 | 000,000,926 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2011/08/13 12:29:09 | 000,000,907 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2011/08/13 12:19:49 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt-setup.exe
[2011/08/12 20:37:03 | 000,724,952 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\avenger.zip
[2011/08/11 05:45:09 | 000,011,892 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\avptool_sysinfo.zip
[2011/08/10 10:40:43 | 000,001,135 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/08/10 10:09:19 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/10 10:09:19 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/10 10:09:19 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/10 08:06:14 | 000,475,418 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Silent Runners.vbs
[2011/08/07 14:53:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/07 14:53:17 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/07 14:53:17 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/08/07 14:53:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/07 14:53:17 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/07 14:53:17 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/08/07 14:53:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/07 14:53:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/07 14:53:17 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/08/07 14:53:17 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/07 14:53:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/07 14:53:17 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/07 14:53:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/07 14:53:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/07 14:53:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/07 14:53:17 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/08/07 14:53:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/07 14:53:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/07 14:53:17 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/07 14:53:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/07 14:53:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/07 14:53:17 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/07 14:53:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/07 14:53:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/07 14:53:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/07 14:53:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/07 14:53:17 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/07 14:53:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/07 14:53:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/07 14:53:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/07 14:53:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/07 14:53:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/07 14:53:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/07 14:53:17 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/07 14:53:17 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/07 14:53:17 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/07 14:53:17 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/07 14:53:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/07 14:53:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/07 14:53:17 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/08/07 14:53:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/07 14:53:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/07 14:53:17 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/07 14:53:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/07 14:53:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/07 14:53:16 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/07 14:53:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/07 14:53:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/07 14:53:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/07 14:53:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/07 14:53:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/07 14:53:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/07 14:53:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/07 14:53:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/07 14:53:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/07 14:53:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/07 14:53:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/07 14:53:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/07 14:53:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/07 14:53:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/07 14:53:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/07 14:53:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/07 14:53:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/07 14:53:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/07 14:53:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/07 14:53:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/07 14:53:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/07 14:53:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/07 14:53:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/07 14:53:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/06 14:34:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:34:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/06 14:25:41 | 001,819,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\The Reeve Family\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/06 14:25:37 | 056,727,728 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\setup_av_free.exe
[2011/08/05 09:12:28 | 000,377,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/05 08:04:13 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/07/31 15:51:15 | 000,007,597 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2011/07/30 13:41:11 | 002,447,334 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/30 12:21:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/27 10:48:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/27 09:53:01 | 000,099,118 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 12:10:17 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/25 08:17:13 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/07/25 08:17:05 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/07/25 08:17:05 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/07/25 08:17:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/22 09:25:08 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/21 22:42:23 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/07/21 22:35:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/07/21 22:33:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/07/21 22:32:49 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/07/21 22:30:55 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/07/21 19:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/07/21 19:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/07/21 19:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/07/21 19:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/07/21 19:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/07/20 12:32:26 | 000,606,208 | ---- | M] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf

========== Files Created - No Company Name ==========

[2011/08/13 14:02:18 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\jgfzpxfw.sys
[2011/08/13 13:46:29 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\teehsonr.sys
[2011/08/13 13:38:41 | 102,144,472 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\setup_11.0.0.1245.x01_2011_08_13_23_11.exe
[2011/08/13 13:35:44 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\jpfiyt.sys
[2011/08/13 13:20:27 | 000,004,236 | ---- | C] () -- C:\backup.reg
[2011/08/13 13:20:26 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\ebimohx.sys
[2011/08/13 12:29:09 | 000,000,926 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2011/08/13 12:29:09 | 000,000,907 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2011/08/12 20:37:02 | 000,724,952 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\avenger.zip
[2011/08/10 08:06:13 | 000,475,418 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\Silent Runners.vbs
[2011/08/10 07:40:13 | 000,011,892 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\avptool_sysinfo.zip
[2011/08/07 14:53:17 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/07 14:53:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/06 14:34:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/06 14:24:53 | 056,727,728 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\setup_av_free.exe
[2011/08/05 11:51:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/05 11:51:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/05 11:51:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/05 11:51:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/05 11:51:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:04:13 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 12:41:05 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/07/30 13:41:10 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/27 09:53:01 | 000,099,118 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 00:35:26 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/22 09:25:08 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/20 12:25:30 | 000,606,208 | ---- | C] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf
[2010/07/15 18:07:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/15 17:46:54 | 000,171,932 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,597 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/12/21 10:06:32 | 000,002,325 | ---- | C] () -- C:\Windows\checkip.dat
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,001,092 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

OTL Extras:

OTL Extras logfile created on: 8/16/2011 9:56:49 PM - Run 14
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 71.46% Memory free
17.47 Gb Paging File | 15.88 Gb Available in Paging File | 90.92% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 133.42 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07044040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Search Bar (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07041881-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Student with Encarta Premium 2007
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3BB33344-3179-49A4-B6EB-22D2A390764D}" = HP Webcam User's Guide
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41B44041-D45D-41EB-A1EF-A12BB5C6996B}" = ArcSoft Magic-i Visual Effects 2
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C20B2A0-4353-457B-8647-DC8063BF78E1}" = PlayOn
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Learning Essentials for Microsoft Office
"{B3D84D4A-DE51-42A1-964B-E80013272D55}" = HuluDesktopIntegration
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D330B524-FC79-40CC-9886-23738AFBB40B}" = HP RC Mirror Driver
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E92E462A-700D-4949-B24B-789AEDDA3B88}" = ArcSoft ShowBiz
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}" = ArcSoft WebCam Companion 3
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Digital Editions" = Adobe Digital Editions
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EA Download Manager" = EA Download Manager
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"HP Photo Creations" = HP Photo Creations
"hp print screen utility" = hp print screen utility
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Pen Tablet
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 12.0" = RealPlayer
"sp44401" = sp44401
"SystemRequirementsLab" = System Requirements Lab
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WePrint" = WePrint
"WFTK" = Canon Utilities WFT Utility
"WildTangent hp Master Uninstall" = HP Games
"Wingmakers" = Wingmakers
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#86
AZCMer

Posted 17 August 2011 - 12:18 AM

Member

Topic Starter
Member
108 posts

I then cleared my event logs per your instructions.

After that I ran the scan using your instructions (thank you!) and the result was no integrity violations.

I then checked for drivers. It came up with 4:

dpinst.exe in C:windows\system32
nvudisp.exe in C:windows\system32
rcmirror.dll in C:windows\system32
rcmirror.sys in C:windows\system32

These are the two logs generated by the event viewer tool you had me download:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/08/2011 10:46:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/08/2011 5:15:14 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: azxiwab iludzair isibyqq nfzbvp

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/08/2011 10:47:23 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oh yea, I just remembered that ComboFix asked to send some files in for verification which I allowed.

Thanks so much. I appreciate all you are doing to help me.

#87
RKinner

Posted 17 August 2011 - 12:51 AM

Malware Expert

Expert
24,624 posts

The proxy came back again but this time we are seeing some superhidden drivers showing up:

DRV - [2011/08/13 14:02:18 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jgfzpxfw.sys -- (nfzbvp)
DRV - [2011/08/13 13:46:29 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\teehsonr.sys -- (azxiwab)
DRV - [2011/08/13 13:35:44 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\jpfiyt.sys -- (isibyqq)
DRV - [2011/08/13 13:20:26 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\ebimohx.sys -- (iludzair)

Odd that Combofix couldn't see them but these are the same drivers that couldn't load in the event log so maybe the fact they couldn't load makes them visible to OTL. Let's see if OTL can remove them. We will do this in two steps because otherwise OTL seems to hang when removing drivers.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

:files
C:\Windows\system32\drivers\jgfzpxfw.sys
C:\Windows\system32\drivers\teehsonr.sys
C:\Windows\system32\drivers\jpfiyt.sys
C:\Windows\system32\drivers\ebimohx.sys
mkdir C:\Windows\system32\drivers\jgfzpxfw.sys /c
mkdir C:\Windows\system32\drivers\teehsonr.sys /c
mkdir C:\Windows\system32\drivers\jpfiyt.sys /c
mkdir C:\Windows\system32\drivers\ebimohx.sys /c

   
:Commands
[Reboot]


:processes
killallprocesses

:Services
nfzbvp
azxiwab
isibyqq
iludzair

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/04 09:57:29 | 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/04 09:57:29 | 000,000,000 | ---D | M]
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
[2010/11/27 08:40:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=-
    
:Commands
[Reboot]

#88
AZCMer

Posted 17 August 2011 - 01:42 AM

Member

Topic Starter
Member
108 posts

I ran the two scripts you provided in OTL as an administrator. I then ran a quick scan. I submitted each of the 4 files to virustotal.com and each of them came back with 0/43.

Here is the log from the OTL quick scan:

OTL logfile created on: 8/17/2011 12:12:45 AM - Run 15
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.43 Gb Available Physical Memory | 77.09% Memory free
17.47 Gb Paging File | 16.18 Gb Available in Paging File | 92.65% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 133.40 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 05:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/16 23:26:40 | 004,410,736 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A6 9F CC 01 38 B8 C9 48 8F 66 58 1D D4 DC B4 BA [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/04 09:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 08:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/06 14:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 15:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/05 09:41:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\The Reeve Family\AppData\Roaming\Move Networks [2010/01/09 18:18:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]

[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/03 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2011/08/03 00:32:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/26 13:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/09/22 10:01:11 | 000,002,160 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage-https.xml
[2010/09/22 10:00:52 | 000,002,152 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage.xml
[2011/08/17 00:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/25 08:17:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/16 15:49:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/27 08:40:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/16 21:10:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [L07AXLRD_2040898] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\teehsonr.sys
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\jpfiyt.sys
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\jgfzpxfw.sys
[2011/08/17 00:06:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ebimohx.sys
[2011/08/16 22:43:20 | 000,061,440 | ---- | C] ( ) -- C:\Users\The Reeve Family\Desktop\VEW.exe
[2011/08/16 21:10:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/16 21:03:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/16 20:47:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/13 12:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/13 12:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/13 12:19:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt-setup.exe
[2011/08/12 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{9A853E91-0301-4D89-B128-ACEF06961B52}
[2011/08/12 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{D7BBB8B9-647E-4A3C-BACD-B397482B1370}
[2011/08/12 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\avenger
[2011/08/06 14:34:16 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/06 14:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/06 14:34:15 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/06 14:34:11 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/06 14:34:08 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/06 14:34:07 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/06 14:34:03 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/06 14:34:02 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/06 14:33:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/06 14:33:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/06 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/06 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/06 14:25:40 | 001,819,488 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\The Reeve Family\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/05 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B94F0DAD-8913-4E01-B185-7B2B6EB809BF}
[2011/08/05 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{007C5936-EFB4-4133-BBB5-F7F0525FADDF}
[2011/08/05 19:56:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C70CD49D-93A6-4749-A45B-FF85E3A0189B}
[2011/08/05 19:48:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{86F47851-456E-474E-9455-5D716184E955}
[2011/08/05 14:07:30 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{26312C83-66D3-4BA8-B49C-223576547A09}
[2011/08/05 14:07:17 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C20F9968-93CE-454B-A591-B29139E46C44}
[2011/08/05 11:51:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/05 11:51:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/05 11:51:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/05 10:01:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{87058962-EEDE-401B-A0CB-E1CE5AC7D52B}
[2011/08/05 10:00:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{7FB5818C-CB63-4AFA-B7DA-CD797443BB7B}
[2011/08/05 09:50:57 | 004,174,574 | R--- | C] (Swearware) -- C:\Users\The Reeve Family\Desktop\ComboFix.exe
[2011/08/05 08:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2A15DEC5-2FD4-4354-B2F7-98881254EFDF}
[2011/08/04 17:30:47 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Camera_Raw_6_2
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/08/04 12:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/08/04 12:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2011/07/30 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\GooredFix Backups
[2011/07/30 12:21:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/28 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/07/27 10:47:44 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/26 12:38:42 | 000,000,000 | ---D | C] -- C:\Seagate temp
[2011/07/26 12:11:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/26 12:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/26 12:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/26 12:10:12 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2011/07/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ffdshowEx
[2011/07/25 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\space
[2011/07/25 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{352BF278-585C-4743-806A-B98D33E7D45D}
[2011/07/25 13:28:26 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AdobeLicensingFilesBackup
[2011/07/25 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Desktop\LicenseRecovery
[2011/07/25 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/07/25 08:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/25 08:17:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/25 08:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\real
[2011/07/22 09:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/22 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/21 11:33:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{30EA9FC9-73C1-4C23-93C5-CD71DA605E4D}
[2011/07/20 23:32:22 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{76B61CD7-2761-40DF-8287-3650EFD84036}
[2011/07/20 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{B8B4B3B5-3134-4656-B26A-C4D8FFD82FD5}
[2011/07/19 17:21:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{FB299AB1-FA1E-4EA9-BE44-03F5008574D2}
[2011/07/18 15:38:08 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/07/18 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E8E54F29-E756-49E0-8CEB-E6FF97176581}
[2011/07/18 13:54:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2011/07/18 13:52:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/18 13:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/18 13:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

========== Files - Modified Within 30 Days ==========

[2011/08/17 00:19:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 00:19:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 00:11:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 00:11:21 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 23:41:36 | 000,001,318 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2011/08/16 22:43:23 | 000,061,440 | ---- | M] ( ) -- C:\Users\The Reeve Family\Desktop\VEW.exe
[2011/08/16 21:10:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/16 20:46:56 | 004,174,574 | R--- | M] (Swearware) -- C:\Users\The Reeve Family\Desktop\ComboFix.exe
[2011/08/16 06:47:17 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/08/15 07:07:41 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/13 14:02:19 | 000,004,236 | ---- | M] () -- C:\backup.reg
[2011/08/13 13:40:26 | 102,144,472 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\setup_11.0.0.1245.x01_2011_08_13_23_11.exe
[2011/08/13 12:29:09 | 000,000,926 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2011/08/13 12:29:09 | 000,000,907 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2011/08/13 12:19:49 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt-setup.exe
[2011/08/12 20:37:03 | 000,724,952 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\avenger.zip
[2011/08/11 05:45:09 | 000,011,892 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\avptool_sysinfo.zip
[2011/08/10 10:40:43 | 000,001,135 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/08/10 10:09:19 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/10 10:09:19 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/10 10:09:19 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/10 08:06:14 | 000,475,418 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Silent Runners.vbs
[2011/08/07 14:53:17 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/07 14:53:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/06 14:34:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:34:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/06 14:25:41 | 001,819,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\The Reeve Family\Desktop\avg_remover_stf_x64_2011_1322.exe
[2011/08/06 14:25:37 | 056,727,728 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\setup_av_free.exe
[2011/08/05 09:12:28 | 000,377,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/05 08:04:13 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/07/31 15:51:15 | 000,007,597 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2011/07/30 13:41:11 | 002,447,334 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/30 12:21:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\The Reeve Family\Desktop\GooredFix.exe
[2011/07/27 10:48:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\The Reeve Family\Desktop\aswMBR.exe
[2011/07/27 09:53:01 | 000,099,118 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 12:10:17 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/26 00:35:26 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/25 08:17:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/07/22 09:25:08 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/20 12:32:26 | 000,606,208 | ---- | M] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf

========== Files Created - No Company Name ==========

[2011/08/13 13:38:41 | 102,144,472 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\setup_11.0.0.1245.x01_2011_08_13_23_11.exe
[2011/08/13 13:20:27 | 000,004,236 | ---- | C] () -- C:\backup.reg
[2011/08/13 12:29:09 | 000,000,926 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2011/08/13 12:29:09 | 000,000,907 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2011/08/12 20:37:02 | 000,724,952 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\avenger.zip
[2011/08/10 08:06:13 | 000,475,418 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\Silent Runners.vbs
[2011/08/10 07:40:13 | 000,011,892 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\avptool_sysinfo.zip
[2011/08/07 14:53:17 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/07 14:53:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/06 14:34:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/06 14:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/06 14:24:53 | 056,727,728 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\setup_av_free.exe
[2011/08/05 11:51:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/05 11:51:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/05 11:51:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/05 11:51:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/05 11:51:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:04:13 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/04 12:41:05 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/08/04 12:41:05 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/07/30 13:41:10 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p06].bmp
[2011/07/27 09:53:01 | 000,099,118 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Sample Truth Focus Staements.pdf
[2011/07/26 12:42:39 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/07/26 12:11:10 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/26 00:35:26 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PlayOn.lnk
[2011/07/25 08:17:29 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/07/22 09:25:08 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/20 12:25:30 | 000,606,208 | ---- | C] () -- C:\Users\The Reeve Family\Documents\The Healing Codes Manual - Dr Alexander Loyd.pdf
[2010/07/15 18:07:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/15 17:46:54 | 000,171,932 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,597 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/12/21 10:06:32 | 000,002,325 | ---- | C] () -- C:\Windows\checkip.dat
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,001,318 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2011/03/24 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Amazon
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2011/07/18 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\AVG10
[2010/05/28 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2010/05/29 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2011/06/20 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Canon
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2011/08/05 09:44:34 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Dropbox
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2011/03/19 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Jasc
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/08/24 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\muvee Technologies
[2010/07/15 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2011/07/28 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/11/27 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\QuickScan
[2011/07/26 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2011/05/07 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Thunderbird
[2011/02/02 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Visan
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/08/07 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/07/03 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WTouch
[2011/08/06 17:27:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >

#89
AZCMer

Posted 20 August 2011 - 03:29 PM

Member

Topic Starter
Member
108 posts

Did I do everything correctly above? Is everything okay?

#90
RKinner

Posted 20 August 2011 - 06:30 PM

Malware Expert

Expert
24,624 posts

You did exactly right but we are still getting this odd proxy in Firefox:

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

Let's look at the registry where I think that lives.

Copy the next line:

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /s > \junk.txt

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator. Right click in the Command Window and select Paste or Edit then Paste and the copied line should appear. Hit Enter. Now type:

notepad \junk.txt

(Space before \. Copy and Paste the text into a reply.)

Ron