virtumonde removal - need help
#16
Posted 13 August 2011 - 04:33 AM
#17
Posted 15 August 2011 - 12:50 PM
Edited by xdionne87, 15 August 2011 - 12:57 PM.
#18
Posted 15 August 2011 - 01:02 PM
OK lets see if Combofix can find it - allow it to update if requested
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exeFile::
c:\Windows\System32\esentprfw.dll
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
#19
Posted 15 August 2011 - 02:07 PM
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6135.4338 [GMT -4:00]
Running from: c:\users\Xavier\Desktop\ComboFix.exe
Command switches used :: c:\users\Xavier\Desktop\cfscript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\System32\esentprfw.dll"
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 19:23 . 2011-08-15 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 23:39 . 2011-08-06 23:39 -------- d-----w- C:\_OTL
2011-08-06 19:54 . 2011-08-06 19:54 -------- d-----w- C:\VundoFix Backups
2011-08-03 22:15 . 2011-08-03 22:15 -------- d-----w- c:\users\Xavier\AppData\Local\Mozilla
2011-07-31 20:25 . 2011-08-14 23:30 -------- d-----w- c:\users\Xavier\riotsGamesLogs
2011-07-30 15:52 . 2011-07-30 15:52 -------- d-----w- c:\windows\Sun
2011-07-30 15:51 . 2011-07-30 15:51 231424 ----a-w- c:\windows\Pvahaa.exe
2011-07-30 15:51 . 2011-07-30 15:51 63488 --sha-r- c:\windows\SysWow64\esentprfw.dll
2011-07-29 15:25 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE350E56-B5A7-435E-A6CF-810F453A206B}\mpengine.dll
2011-07-17 14:30 . 2011-07-17 14:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-17 14:25 . 2011-07-17 14:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:26 . 2011-08-10 19:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-15 17:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-15 17:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-29 19:21 . 2011-06-29 19:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07 . 2011-07-13 21:31 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 23:14 . 2010-01-19 00:55 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-28 21:53 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-28 21:53 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-28 21:53 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-28 21:53 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-28 21:53 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2010-05-17 23:58 . 2010-05-17 23:58 299864 ----a-w- c:\program files\dxwebsetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-11_20.33.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 03:19 . 2011-08-15 18:49 53730 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-08-11 20:08 32598 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-15 18:49 32598 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-19 01:10 . 2011-08-15 18:49 19334 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-422954752-2381727462-1605255963-1000_UserData.bin
- 2010-01-18 16:22 . 2011-08-11 20:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-18 16:22 . 2011-08-15 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-11 20:10 . 2011-08-11 20:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-12 22:13 . 2011-08-15 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-15 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-11 20:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-18 16:40 . 2011-08-11 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-18 16:40 . 2011-08-15 19:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-18 16:40 . 2011-08-11 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-18 16:40 . 2011-08-15 19:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-11 21:34 . 2011-08-11 21:34 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\357c754688a5756ac7fc4fc831ffbf03\System.Windows.Presentation.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\f7738bf2ff3dc492be82f64880dcfc4c\System.Web.ApplicationServices.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\32d3441efb46d802cdc65de502f28e3b\System.AddIn.Contract.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\512c12c2af578c00e8655b0ec2a92102\Microsoft.VisualC.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\4a82ab8680409c1dc5a55e26742e8900\dfsvc.ni.exe
+ 2011-08-11 21:30 . 2011-08-11 21:30 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\b1136d0eb9ce963a7675b0d6cd7c4c4e\Accessibility.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a2ef92260effc4f8cef9339a24ba230b\UIAutomationProvider.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\fd3809e0cf174aaadc13e0b409123fd3\System.Windows.Presentation.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\6b87fc6f1e65b1bf6df19a9bd5b02f80\System.Web.ApplicationServices.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\49989f9c9f180a49b0953cb47078df77\System.ServiceModel.Channels.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\6c15a9f7fb56275fb9ad22ae306d9d42\System.AddIn.Contract.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\9cce7d40f80e50a7e43d8e99f039359f\Microsoft.VisualC.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ec6caf1c86ddb8ce9d7a89adb10264e8\Accessibility.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\f4b0a65a0cad6d091bb903fb5f7f490d\System.Windows.Presentation.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\055b996b602a243bd4fcbdde8accc09c\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\b33d58d0716cc4abc0183d5167bcdc2e\stdole.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\fe5b12605f26ab36c26f0a3b3c475dd5\PresentationFontCache.ni.exe
+ 2011-08-11 21:29 . 2011-08-11 21:29 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\66019b987c020943413851e959ca80c2\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\f2ee738d8439bf9025e1234c6afbd7e8\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e29ed5ad26446d196b4a5ea7e69c74e9\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b1c9507f23021701932fca6306d0df0f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a4d48547af11390249b96fd1526ea514\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\636902d124bb3ee04ded9773d46f1d5d\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\6096a2f20727ede39049c5f3628b9a60\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b1a1a072eba978666cefe4f99fc6401c\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\cdbee55e7f6c60f5cb56d6ec9f083951\LoadMxf.ni.exe
+ 2011-08-11 21:28 . 2011-08-11 21:28 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\16951451968fea951a2294c0ff4bd49e\ehiUPnP.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\867a57af137c4a524067cdbbf09766e0\ehiTVMSMusic.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0c6cb1fd7a82938112cbea2c22e433df\dfsvc.ni.exe
+ 2011-08-11 21:22 . 2011-08-11 21:22 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\641960d3bb40a22bb5f4db7f9052eff4\WindowsLiveWriter.ni.exe
+ 2011-08-11 21:22 . 2011-08-11 21:22 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\52f65738c7530cb0221a1a6d9877da84\WindowsLive.Writer.Api.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3ef94ae15e7d80bb818934265bb90c10\System.Windows.Presentation.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\dd2bb107a0bbac08a0ccaf93c8bb7490\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\54d33aa6cf3af2d6e28c7d46c0ce363f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e88e6ace53ab318210c1657483321e40\System.AddIn.Contract.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\cd32e850b908317981c109dd20a0d5b2\stdole.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\fe7afc935e0c66172577a1ded815993b\PresentationFontCache.ni.exe
+ 2011-08-11 21:23 . 2011-08-11 21:23 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\69b036f1479a9aa93430f2d1676032b2\napcrypt.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\ab2d4de59dee683a2f77123f671839ba\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a102c44ccfe60d131d7e350d149bf85\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7ce6ebef5427853ecb5bd68da29f1fdd\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\405aa271df15b8ce1b0b970f37687152\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3442a002e4e5d93ca3895a29ba7adb74\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\20c20811d44ba8c9513f2f2ba96d7047\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\09a9791efe9f32a50bd01346f0b05666\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\034ab6a3d60fdfba641443f16efdf309\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\2ac41c859d5e5e84993a555e3eeaea90\Microsoft.Vsa.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9152d7f0adafac97d853647ca783b8e4\Microsoft.Build.Framework.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c219cc49d452997a91d916309511e68\Microsoft.Build.Framework.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ac010bace23545b3a5b1825e5c7b046e\ehiUserXp.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\027211443c6da8187fe92e682c048cd5\dfsvc.ni.exe
+ 2011-08-15 19:24 . 2011-08-15 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-11 20:32 . 2011-08-11 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-11 20:32 . 2011-08-11 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-15 19:24 . 2011-08-15 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-11 21:24 . 2011-08-11 21:24 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\2d01a98c567028c2aa3f58b71581c708\dfsvc.ni.exe
+ 2010-01-21 20:56 . 2011-08-13 19:19 483288 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-08-14 01:35 637182 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-14 01:35 114624 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-08-10 23:50 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-08-12 23:05 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-08-11 20:31 429096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-15 19:23 429096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-11 21:34 . 2011-08-11 21:34 322048 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6c332f5c8c795f7e5415d94bf1d68b0b\WindowsFormsIntegration.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\21b0a1645439e2c615a317dc4cca191d\UIAutomationTypes.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\792559a31b651ec7c2d5da9847961736\UIAutomationProvider.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\0b326be8df8a20d09e9eb8e827c7258c\UIAutomationClient.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 525824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\c767821a3004226d67edf155d5737083\System.Xml.Linq.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 254976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\a7fe785edf8113c49b5fa6adcb537408\System.Windows.Input.Manipulations.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\0cad532e2fb59585cc790c3fe656e64f\System.Transactions.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 280576 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ee501cc4420ce53f2ded79b3ad798c90\System.ServiceProcess.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 107520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e3cbf844da8dbc1190d37abc30570e29\System.ServiceModel.Channels.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 507904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4b2c5b2baad543993991af8e6e347964\System.ServiceModel.Routing.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 939520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\bd4e7dba4c1d18de2bb92f050691f714\System.Security.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 376320 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ee99e5061f73f7e0d64e28e72acdd8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\3ae7f226fe2de56b8a1417d52ed51029\System.Runtime.Remoting.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\97a9eaf09596eebab9ed3e17546ae804\System.Numerics.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 930304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\41d449b0be8ff6b6dc9174313db88459\System.Net.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\f8aa02fc7b4467081e19e35a5601f518\System.Messaging.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\4fc188ed573c4a57a0287938986f6a1c\System.Management.Instrumentation.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\0cca1aa68edcb1f5ee92fc8aaa2c7d51\System.IO.Log.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\80d06aff25a9994a00f2976a1cb06733\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\df0ac9043e9b88bcafa5b378994d8365\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 511488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\ce5254e2408f77d6a09d30508f8dd52a\System.Dynamic.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 628736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6048f7c3071c23536b976d262c34fae1\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\80d5d1a7442173fc59c419b8d1c647ff\System.Device.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\33038b29c486ff870f23a6b37e5b9d11\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 181248 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c509822f920d2613ab999e6148ab8099\System.Configuration.Install.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e0dc7e5bc5e66268387e19c10727a030\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\55d507e7cc2017d6eed82527df1e910a\System.AddIn.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 553472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\0a65293a0732eaeb538fb5d9accafe92\System.Activities.DurableInstancing.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 430080 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\7597686f1c999b6491518ff47508acdf\SMSvcHost.ni.exe
+ 2011-08-11 21:32 . 2011-08-11 21:32 184832 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\53d186939a3367ce3b37c84464370ca6\SMDiagnostics.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 387584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eb1dae468677366538f99b623e7a7018\PresentationFramework.Royale.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 745984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1e80fa78c14d8cac7feaa1d70ffb0a38\PresentationFramework.Luna.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\196d1a63ee35811bd9ce868bc70273a7\PresentationFramework.Classic.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 555520 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\039366972f5ad8f34025c5aed57c1929\PresentationFramework.Aero.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\2282b71e9ea6da3366b3b81984109382\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\85e60ede22b298d7e5fcc17757f74ef1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4f99fd1b2d217c9950b0e7c053b9e906\CustomMarshalers.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\11f340731d6cd696ae7b8b6351702cbe\WindowsFormsIntegration.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\8d3a679adab2761b52ffbb45c9c3a424\UIAutomationTypes.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\0335e0194e209f69c3bd7104f3072818\UIAutomationClient.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c829c221dcccf40edbd75a0db8677d8a\System.Xml.Linq.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\004e12aad2006c3e9b30c08d52f8785b\System.Windows.Input.Manipulations.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\801e4d0a25c5afb1288c890f9e71257a\System.Transactions.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0af5485ccb0e43dd200f9e21f5eb60bd\System.ServiceProcess.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cfb228e35c0876d643008f616a8e132f\System.ServiceModel.Routing.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\dd02eb52dead028e9ca47004a0ef6811\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1aad834c96402d8cb42631dcbcb14848\System.Runtime.Remoting.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\772b52e4ac8936b913fe017d909c75e4\System.Net.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\800c19289623b452a4681765004a6593\System.Messaging.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\0d9d8caf2b678f6163062213fbebba79\System.Management.Instrumentation.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\f3dae22180575540ae1cce1dc3310ec8\System.IO.Log.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\29722312a1eb3d003a4b1d13a99ce7a2\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3543c115bdc594a29a010e8a9ce20b55\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3543c115bdc594a29a010e8a9ce20b55\System.EnterpriseServices.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\cf4c1eab5c582c8b3240df27a1571014\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\2bb5db827de2910b7ab3b83b402edbd1\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\eb2b27bc25184cd6878192ce2af5d37a\System.Device.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\0861be947a9873ce65c95ad6306dc4b8\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\bfcf802a51a71bdb239e504eac1b2343\System.Configuration.Install.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\75be7916fe8bb0db3fa194b8d6ef9d9b\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0f1bafb387e3571c1b75bf5f3dbc7d41\System.AddIn.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\742dd858317919b757db0d2222c57e7b\System.Activities.DurableInstancing.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7a5c39f61b17e969dfc6c6a7068c49c4\SMSvcHost.ni.exe
+ 2011-08-11 21:25 . 2011-08-11 21:25 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\7b4d732795beab50abf3458fa6a267c9\SMDiagnostics.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a41ff633fc02c4f82a653e98263f9684\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\1751b025496942925f09bc6409e3a175\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\05cdbb716020bb07505b04593ee0f2b0\CustomMarshalers.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\bfb29034e69046d05e1ff758c0fcda27\WsatConfig.ni.exe
+ 2011-08-11 21:30 . 2011-08-11 21:30 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\1c573262c14ba755ac6ccab0945711cb\WindowsFormsIntegration.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\7e380506c8681805bf7341f757fca1cf\VistaBridgeLibrary.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\d588f927370ae718e5b8f246a0bb93d1\VDialog.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\ad5c1e837ea97e2e6401fd4fac9d99d4\UIAutomationClient.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\50621c88a5345fd8fcb959a9fc25f084\TaskScheduler.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\ebd55d35d25cf10e6e24453238d3c5eb\System.Xml.Linq.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\0bf594db7ec4fd4754f7535f24b254aa\System.Web.Routing.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\09199f147cafe8a357cbcf68f6098a77\System.Web.Entity.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\b21a0f26bff3d30480050c41f4f786f6\System.Web.Entity.Design.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\adfea0205de0aeb42c9bd80be40d7c47\System.Web.DynamicData.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\b6cc0ab04339d7cf16e83487e921fb71\System.Web.Abstractions.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\0646a91d680e840b201eb7a96876f053\System.Net.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\f53e6c7d027431c87b5839036a2f977d\System.Messaging.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\b9e961f0a21c8afe6213218fdbc8f8a2\System.Management.Instrumentation.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\49a6af02ac362d95ccf98068492053e5\System.IO.Log.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\4b21a062e82d08cf0ce61e7f1c8d1f2a\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5e0b2a3713da55d99450c9cad93c4d2f\System.Data.Services.Design.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\486d44582be2000df84c46e187a88e70\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\1bcd63abfac2072c18ab799a37dd89cf\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\268f6f10ba5e94d24677a1a68f97ac15\System.AddIn.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\fc738e6c257a4851a220b9660688c25f\System.AddIn.Contract.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\7706a4ac4bf3f09a2d0b655e363fa401\sysglobl.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8103d9a6fe544e521f89b92d24ac298a\SMSvcHost.ni.exe
+ 2011-08-11 21:27 . 2011-08-11 21:27 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\c268879bbddc814fadfe497300c03752\SMDiagnostics.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\a04a8437f757b8da7a707e31702169d6\napsnap.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\711d1c8357619b22e5caffd9cab59736\napinit.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\644fd981e996dd2ba072cc6265a0b74b\naphlpr.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\fe39885123be43ee8b6f4c1ca669d49b\napcrypt.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 407552 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\22df50fcbba0284804674500f8d69545\MyDock.Util.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\b75df85509061d9729506b8af64513f7\MSBuild.ni.exe
+ 2011-08-11 21:28 . 2011-08-11 21:28 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\c42d34f67692030a55a9bc64004e9041\MMCFxCommon.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\5db5412b8b9fdbe83b43a79b76cb39c6\Microsoft.WSMan.Management.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\de2193a90cfc32eed4ad1c78a99b8363\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0836bcb90046e51c8bd055c0755bd57d\Microsoft.Vsa.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b3361f5be5cde787e5e6c67b1bf55684\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d99d7734ec2e39696ac5ce7e7b2d76bd\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\77160cddd8417526c586e13b529f68bf\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6a1869785554446d202d6f718d036a3e\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5c7ffe4abea4b5a400f768cad060835d\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f0cb734b7acfb102c57ed39f8918ce3d\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e4313e989939114d32f9254a74eee676\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\87d3f8fed35fa164d0e5dabbcee46df8\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5ec49bda571c34526ad7db5ec7a201c4\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3ea7a7a15d59a1185b74f340f05c0b33\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1cbb6b9711bed2da17ae866cf2f58c31\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\04b81e74cc96402e59800be2c13358f9\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\503235feed6b59fff53b29c9def81a5d\Microsoft.ManagementConsole.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\6c999c27e6724dd1d0a10202f3e52e57\Microsoft.Build.Utilities.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\137428fc7e8ae3a1b733ffc45a3f3076\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\748b8b1f294666450436cc174c0b0684\Microsoft.Build.Framework.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\4196ba1264bd52f324e01016716cbbe9\Microsoft.Build.Framework.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\8be3ef8d90c0f3e97437887dac5a8d78\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\736323a581cc019ae2027f71dc496668\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\39e1e694a468028f2ca73994f76322d4\Mcx2Dvcs.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\d820c1a490dfb31933fd53f96514bbce\mcupdate.ni.exe
+ 2011-08-11 21:28 . 2011-08-11 21:28 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\428aa9c2151b0f385227c513c9497673\mcstoredb.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\614f7b9e9c362ac6d4175638ea2237d9\mcplayerinterop.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7f8a262f2b6807a47517c1ea6e6b2a7b\mcGlidHostObj.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\0801a977b58776ed017238d4aaa7995e\MCESidebarCtrl.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\136009b4f22e65e77a916747429e599b\EventViewer.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d313ec20c40b0fd3125b8e710f74556d\ehRecObj.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\fb85aad5c54840d8c5a17ac30a2fdfd7\ehiWUapi.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\af6c550e9382dba858ca65bb220799ea\ehiwmp.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\244edb2f64f825975b8c70f34162e6a6\ehiUserXp.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\b37be197d70d359e864bfffcca28fdb9\ehiiTv.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\b538d9ee6bfc71d120550427ccbe9e9e\ehiExtens.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\ce8305e1973d5a65569d9757f5b59c29\ehiBmlDataCarousel.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\440bebddd70e03b2548635373ad2b666\ehiActivScp.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\a267870c9fce983dca1c454fbde4cc7e\ehExtHost.ni.exe
+ 2011-08-11 21:27 . 2011-08-11 21:27 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\3a7ccf1084f8a546e8f7e7eecf33045c\ehCIR.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\436b0b38f271b905950f054c548a5722\CustomMarshalers.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\1af89517b158d3a94c051dfbc4ae9769\ComSvcConfig.ni.exe
+ 2011-08-11 21:26 . 2011-08-11 21:26 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\61dd29a580f09716118ef51868ad9edd\BDATunePIA.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\41ccc24e8cc5f2474ce1105f0b8ebb78\WsatConfig.ni.exe
+ 2011-08-11 21:22 . 2011-08-11 21:22 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\37a3bc68532d8558311ccfe6e5290f9e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f4664fc319683614862bfc2e9af285cc\WindowsLive.Writer.Controls.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df8edcd18ebc84a73e95ade53cdb3251\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c16d4a7940b512c75845c9dccfd2f5fa\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b75f79c27907de7e7f75624e8ade0877\WindowsLive.Writer.Passport.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b5ac830a688324c6a5298ac219bfe089\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b487c1894726a433eee298c0f3feb344\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac853830dcaa26f1530e49530833ea42\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a5f215f95158544448dad94b8c828365\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a1c12453e3b2a679dd4917367070c7cc\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9461d16c415bef24d73aa628181765ea\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84c079442ff54fd25633f9f7a29a81c4\WindowsLive.Writer.Interop.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\849aeffc1289e2272f276b5f3b720171\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\19bd3a18d6b6328029988be9af2663f4\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0ee5e3379ea8b09e470f5d572c324716\WindowsLive.Writer.Localization.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\023212c083bc032f4e13895f47d099cc\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\80a7931462cfec6799c87cc475031ccb\WindowsLive.Client.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bb04320c07e3c71ac2d18cb382d97f41\WindowsFormsIntegration.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d63e6fb41aa502bf6724043e6ac1367f\UIAutomationClient.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\1c1f731e8684204f56f37cc66b5bc60d\TaskScheduler.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b096bd83a66a8d1dcd761747730cc64c\System.Xml.Linq.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\efca1fd7e9df8e24c007cd003346e0e5\System.Web.Routing.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6c551bf6f7716b0f527f4274fb04cc2e\System.Web.Extensions.Design.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\03eda303152940cb2e78a0030cf572b5\System.Web.Entity.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7b93fe55a51f2a6010365a17546170bc\System.Web.Entity.Design.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\979bf2cab91b5d50aef1525ca96ff690\System.Web.DynamicData.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\067516a8300bb5fdbddb38cb9f6c934e\System.Web.Abstractions.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e16f381a978103ac92bf64b99716c857\System.Net.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ac9fe083b4cf11aab834d6654cdeb429\System.Messaging.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b95b509ac74958a1d8568293c3dc43ba\System.Management.Instrumentation.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e083fdbcc88f5850290f2cf65ae1efae\System.IO.Log.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\736226563a7f564e4629e34d52b3d6c6\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1f6d55f401cfe7041f9fd3b4aebffa9b\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0896f955eb175a4e0bfff73b94f57619\System.Data.Services.Design.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\8f130b77f8f47e23cd748679173bdf33\System.Data.Entity.Design.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ad3f6eae36ce486187311de6836b4904\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fc5edc97ac59d0d0d45bb9b623b9927b\System.AddIn.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\88f0efe11487b846342fdee227f3da52\sysglobl.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a33aa8911167af5fcba60f1b02ad45b\SMSvcHost.ni.exe
+ 2011-08-11 21:23 . 2011-08-11 21:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\96f4e4b87e625a1c36e4de2efb6f7dcc\napsnap.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a4e2648f8b4962f4c9660b2085290b06\napinit.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\8fcb3f856afb930c5add8498cadb4d13\naphlpr.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\46d3794a4a440f22cff17197648f6887\MSBuild.ni.exe
+ 2011-08-11 21:23 . 2011-08-11 21:23 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\71b549afed40761f8be9075ca9ad8dd7\MMCFxCommon.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\fd457e872296300765fa1a6d96a6683c\Microsoft.WSMan.Management.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b96b80f166196dc0e148c73dc8452d25\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f5b347719df9fa791416713aa0fd342f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bebf12cadd8b4fbd9c8135405c64794b\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3b22c86860de1de178e294bc4bd534d\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\512a72ebad1bd44687d8134cd46e1a5c\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1e510aa4de5a90cd44ee2443ae45e097\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\9658825555dc2c9af1a8ce12e6da2cd7\Microsoft.ManagementConsole.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c52f2b0958be337e88f37a141e18be78\Microsoft.Build.Utilities.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3f194ebe9a0c1e0903b32f663cb53556\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e62aa0d898b65d0d831c11b4f56c0785\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\78fb000aaaba73f34dfa9028b7caef8c\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\fe969316614223634cba1c5544f4e3dd\mcstoredb.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\31231127c783eddf25c3d21761e1a15c\EventViewer.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\aceba77dc2230519296726c4a1ce9518\ehRecObj.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\85464949c28a523e3b6cf24679a9776c\ehiVidCtl.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\2ddabd185f08f72237aaa70edaffa6cc\ehiProxy.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\536082f3ff1f0f6fcd7bd58878098071\ehiExtens.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\42621a148e3691a5a992816cb49bee0a\ehExtHost32.ni.exe
+ 2011-08-11 21:23 . 2011-08-11 21:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a28cd0923e6ff03f952950eb713f03b3\ComSvcConfig.ni.exe
+ 2011-08-11 21:22 . 2011-08-11 21:22 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\482f9bd79c20ab87b6fa0fa2737d6aa3\BDATunePIA.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 5176320 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\5202133e255ce05947b8afe895e3f76f\WindowsBase.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\a9bf6deb79fd9d2b2541a950ab75a70f\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 7038976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1ac4e05bc3b2813ddadb59ba9f0fd961\System.Xml.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 2447360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\37ecfcc3de7bdc36ba1c3dfb7ee6a6d5\System.Xaml.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 5627392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\66beb5e0938298c2812c188925644c94\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 2222592 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\3b31367a53da33699ed7f053f1157593\System.Web.Services.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 2733568 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\23e8fddabb602c3efb1e0a66f37fab2f\System.Speech.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 1561600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\713b393e8d7075bd1a3683f9e6f6b268\System.ServiceModel.Discovery.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 1904640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\49d303c42b9b694447a3ba6e2a1548cf\System.ServiceModel.Activities.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 3404288 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\6c1acbeb3e61475007b5d20745cad8e8\System.Runtime.Serialization.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 1346560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\12d17462d5e3ba196e299bb0f1f0b20d\System.Runtime.DurableInstancing.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 1422336 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\ed79f8685b97f5520a3169860c8df9f8\System.Printing.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\58696f56812c7ea9dc5fde8baa3a4b2a\System.Management.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\ad8f2f562edccb394180c80e54ddfb21\System.IdentityModel.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 1096704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\df0ac9043e9b88bcafa5b378994d8365\System.EnterpriseServices.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\058e1143c689861be149cf7c1fcf597a\System.Drawing.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\eb5e94ddc12db438063a90394e46f070\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 1622016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\0cf67c3a77fd159d0af43d16663b1a65\System.DirectoryServices.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 2400256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\39ccef129f4a96c17b6406678d53c87b\System.Deployment.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 8580608 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\fc45ad58e3a025051ededa0efbae404f\System.Data.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\ed5027c747ed64957ac313befd47e345\System.Data.SqlXml.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 1791488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c6f24f3171576104e80b12c4f4254ed2\System.Data.Services.Client.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 3380736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\5f31190f3c1a0ec0518782618b804517\System.Data.Linq.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 1255424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\fcf22c02eb60f8d045daa4386bb604f3\System.Configuration.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 1002496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\6f848e806caa9545c09866dd0950d853\System.ComponentModel.Composition.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 5680640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\c073f492e366b50d599e8f1447579946\System.Activities.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 4887040 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\6f2faf3f19358776373922b510603a8f\System.Activities.Presentation.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 2005504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\9a2609f428f731670b3a730cb3f88dd4\System.Activities.Core.Presentation.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 4127232 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\dbe098606014df542c37b96962fd8717\ReachFramework.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 2032128 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\00416e9efbc68509f113692996b45e75\PresentationUI.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 2314752 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\d83a6fc3a6bd96beaa9845201290f292\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\c386ff5a7c5bfa6b1dfdc6f53119b3a6\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\36347f2a750bf1af184da9b6783a376c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 1510400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\e174701b531de21d8a96ea8ea5975000\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 3312128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\9f986e23b6ecb48281324d51fdb6e799\Microsoft.JScript.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 2009088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\5046c55b7feb9c9156d18fe1d4735480\Microsoft.CSharp.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0ee6dd0ea68bd0023fb12d34d546b7f0\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\75d40b8702403e19cf947062557b1926\System.Xaml.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f15a4db46f1a2e2b99a6b2519612b358\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9d179c77332e8fd8baf44237c976e137\System.Web.Services.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\26d93f247c686ef1197e59b7dc9aeed6\System.Speech.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c45d1f357899d55a35a01e11c5e5884d\System.ServiceModel.Discovery.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8b1292c50fb6f1f67a10f133f64964ec\System.ServiceModel.Activities.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\697592d7a5139fd0179ae172dd4f3a61\System.Runtime.Serialization.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\fd3b1de061baa139b6f863ddd951e06b\System.Runtime.DurableInstancing.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\282371fbeea0c16b8d75577441fc7136\System.Printing.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\91f218d93a5679fae72c784290bdfe78\System.Management.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\3679b662f2daf3bb39cef3521473c93e\System.IdentityModel.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5e49964d0ae8f1d04a4a960bd4744ae1\System.DirectoryServices.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\567d29bc3199874f4e5195ddfdff9cdc\System.Deployment.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\bb4d9c8d8243562c8a6c5c089f10c787\System.Data.Services.Client.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\2b771107fbaeebff1d4a0c1d47b40315\System.Activities.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\d95c4d0024643b5700b5ab5317fcc162\System.Activities.Presentation.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\4c62d936587f507d63211abc0cb7e897\System.Activities.Core.Presentation.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\a08b36fee10fd35b8428aba33ce4ee5b\ReachFramework.ni.dll
+ 2011-08-11 21:25 . 2011-08-11 21:25 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\409eefb3a1406ea2bc3f603758e985c1\PresentationUI.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\60684c3c50a42aa363793812de5fc62f\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42ac4445fab5ce709d395af714d93ef3\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\12a104a71f1269dd86e388abc981ad39\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9bbc95193a8dc77903fdbbb756f8dfb3\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\1eeab4edcdfa06150049465854aa6355\Microsoft.JScript.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\b8bf364f0522a662055f670bf4e86c8f\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\394711b95ef17f6a7314eca2aba756e7\System.WorkflowServices.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\fe69339f03e5b94b558c688512246a5e\System.Web.Mobile.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\b513632337cadf6b2a8f8b6975c7d96f\System.Web.Extensions.Design.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 3042304 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9c1f2e29f7b5f1d398405640ef4b1c7c\System.Web.Extensions.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\31bbf607c61e3b9aeced14cb984ea9f6\System.Speech.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\667a561422e2ccf10daef0a5dc6c8043\System.ServiceModel.Web.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\50faf7f472bfc6d562696341df45b3c9\System.Runtime.Serialization.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\36723de72c78b2791de226253580f107\System.Management.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\df0cb96e6d087500c9210b33be2c91c9\System.IdentityModel.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\11a932eb07432edfc6f9de22753337ba\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\f7483e84119e0be9074377e731ffbe0c\System.Data.Services.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\16932309d9a552f362c85ac0adfe1607\System.Data.Services.Client.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\82b491f0b4a55a29d4de0e7648a43707\System.Data.Linq.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\22600cdf0f670e44b03b243af68cd76d\System.Data.Entity.Design.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\5f7c48b31971fee1af48dd20c7dd7033\System.Core.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\ff71ee8681938634786fac49359c8b15\PresentationBuildTasks.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\2f9ac667c184e068523d6047153f2d91\Narrator.ni.exe
+ 2011-08-11 21:29 . 2011-08-11 21:29 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\92414dfe464e98f09057245b6dd04d05\MMCEx.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\c66470a9076fc188a35ec7643aa1ee2e\MIGUIControls.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\4b85c3384fdda12490074283615d4723\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\deae3fdab784ca275290c02a3288a33d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f1cc6b5a2520e6b946198cd51498dff9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b1d791e971f5c23b5ab0bf61bcfe60a0\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\42c4e6bd35af9d592663de61cb8c8108\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\332067cce1149bb2008d5af79ef8024d\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\fc417f7e196b7d7d5e717cb892f16144\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ce834b9729a66c3ef9ec5c4350e6ab59\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc0f76a8214ddc88b56c6c14146c2555\Microsoft.MediaCenter.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8f1d674c4309a0c29fb708ba7a5e54c4\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\52e7f067d8a3358baeb77ac8cd988c0e\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\95184c861c38e940aeadc4276a8596e6\Microsoft.JScript.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\0e8c24abc2dbbafc9519f64571a39433\Microsoft.Ink.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\638f3afd3c310ed7d048e60cc1daf57e\Microsoft.Build.Tasks.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\58e96fd5359c0f3d6ed8f350ff721f87\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f2ae54183322e3710c0344c44fd512d8\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\37c906e0ea6325e55c1f222aa4a5462b\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\c0018e4aaaa7eebb4fadaf5220854fe8\mcstore.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\0d18e8a503ef9e5bc676d89c7d508d7f\mcepg.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\864ef3de707640f5a889efc4425e5c40\ehiVidCtl.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\60b7bccb6de4c8d42f2eaf1d0e7a9216\ehiProxy.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 3419648 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\eb520e15e0f295fc0a98b912455063a6\DellDock.ni.exe
+ 2011-08-11 21:22 . 2011-08-11 21:22 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ea51abf5e3f980962409e7889672bf24\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 2018304 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\133341b7f21cee98711024a2e58f026f\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-08-11 21:22 . 2011-08-11 21:22 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\07646cb4dd5b6c57179bba539808b02f\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\92104881c09380b6b86ec656e8c502f6\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a6409b4be5018e5cbad7ef197d4237e1\System.WorkflowServices.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4de6ad3bad2dc4fbbbd33b16b1a7b219\System.Web.Mobile.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\871d3f0cc83d73a106151257ee74a4aa\System.Web.Extensions.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2c7c32228442440e4c23f772fd64b24b\System.Speech.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0139ae05cabaf2ac25cc85279e187e0a\System.ServiceModel.Web.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f2b1857a7db371f0417a84e8ca25f450\System.Management.Automation.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5ab23d203c8bfade7160ea915719c730\System.IdentityModel.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\702efea190a39de2bacb81cbaf32de99\System.Data.Services.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3da17a7980d13fae329f2c3a77797b08\System.Data.Services.Client.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1992ecfb8eb3318820e3d28df55bee6a\System.Data.Linq.ni.dll
+ 2011-08-11 21:24 . 2011-08-11 21:24 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\301160f0d81368efb2f79e9b714ec505\System.Data.Entity.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c16377318357fb4fcda87c1015815a76\PresentationBuildTasks.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\ca760a3cb6cabbdf11c1aa42e5b79ee9\Narrator.ni.exe
+ 2011-08-11 21:23 . 2011-08-11 21:23 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\97051ca60f5e2ea7927adebcb2af9097\MMCEx.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\40f947b2a4ecb8ba656104c3f77bb79b\MIGUIControls.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0d7a48003dd32151b3518b3ee7f13350\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79af41ccc6bdc25ede7b249ae32f0101\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\348ff55789cc23b72b19036f01903b63\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\21f675cbc3d058e68f7f6371644da25f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ffec5408d56ba9fb311518d6ec521691\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\81359c52225ae557ddf7dbdf3c0bf048\Microsoft.MediaCenter.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\35138a36b7d07f4d37adf96745ef80cb\Microsoft.JScript.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\9c17eb4bfbca7719a4f10bbd3473d07d\Microsoft.Ink.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4b45a3a1f24d0d773f9f8fb2d8ce8164\Microsoft.Build.Tasks.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\01de5c2808a0c30578614dae24c5d591\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\db9750e8aae34d7bd25b76564f2cebd5\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9004890e93911c7612aa5f218c474618\mcstore.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\e0683c0b9e68c44011a1f4b70b85239f\mcepg.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 17288192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e0091eb98fa841649b6fad17bb0e7262\System.Windows.Forms.ni.dll
+ 2011-08-11 21:34 . 2011-08-11 21:34 24483840 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\a73197785f07721fd89b02713b6f0b86\System.ServiceModel.ni.dll
+ 2011-08-11 21:33 . 2011-08-11 21:33 18434048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\fe4d47d9ba672ae77c737bb7ad518324\System.Data.Entity.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 10422272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\4ef06cf2c3950f4d4b9037b841c05914\System.Core.ni.dll
+ 2011-08-11 21:32 . 2011-08-11 21:32 23242240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9b38883339d48793df2b27d247e73971\PresentationFramework.ni.dll
+ 2011-08-11 21:31 . 2011-08-11 21:31 15102976 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\7b4a4ec0cae68a2c165b0a73be99105d\PresentationCore.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\18d8c49bf080b7e4f0614e01ad090954\System.ServiceModel.ni.dll
+ 2011-08-11 21:26 . 2011-08-11 21:26 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\dd205d6f7dd50a72002b928202ca3818\System.Data.Entity.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\962330ba0685ac1176b611bc052d0ca7\System.ServiceModel.ni.dll
+ 2011-08-11 21:29 . 2011-08-11 21:29 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\34d1eab899a35bb7a0075c0b0b3d5938\System.Management.Automation.ni.dll
+ 2011-08-11 21:30 . 2011-08-11 21:30 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\7bf5c7476d8c8255a30a4cda0c9f43be\System.Data.Entity.ni.dll
+ 2011-08-11 21:27 . 2011-08-11 21:27 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\283d7c1c96c55091c1f205e1be8a89bb\MenuSkinning.ni.dll
+ 2011-08-11 21:28 . 2011-08-11 21:28 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\857d393b4e25062d5ba400f3422b74e6\ehshell.ni.dll
+ 2011-08-11 21:23 . 2011-08-11 21:23 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{85C1DD6E-1181-41F2-9AB2-79D5F46F491B}"= "c:\program files (x86)\La barre d'outils AIR MILES\Helper.dll" [2010-02-04 242688]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{85c1dd6e-1181-41f2-9ab2-79d5f46f491b}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{CAFC26B8-CDE3-4BD8-A1B8-C3FD28BD3A57}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 17:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{76A20DB7-AAD4-4EFD-AE21-57811E5E49E4}]
2010-02-04 22:40 1445888 ----a-w- c:\program files (x86)\La barre d'outils AIR MILES\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 17:26 3908192 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DC7A75BF-581D-4675-BDCB-D1B35116EB49}"= "c:\program files (x86)\La barre d'outils AIR MILES\Toolbar.dll" [2010-02-04 1445888]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{dc7a75bf-581d-4675-bdcb-d1b35116eb49}]
[HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{2BA36896-D5E2-425B-85E8-F664D1EA6896}]
[HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-16 2969496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-15 140520]
"WMP110"="c:\program files (x86)\Linksys\WMP110\WMP110.exe" [2008-08-14 995328]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
.
c:\users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys [2010-04-29 678448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1106000.020\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 135664]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 135664]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1106000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1106000.020\SYMEFA64.SYS [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAVx64\1106000.020\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSvia64.sys [2009-10-28 466992]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAVx64\1106000.020\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 20:51]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 20:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: fileplanet.com\www
TCP: DhcpNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
FF - ProfilePath - c:\users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\ar7souvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{DC7A75BF-581D-4675-BDCB-D1B35116EB49} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-08-15 15:29:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-15 19:29
ComboFix2.txt 2011-08-11 20:37
ComboFix3.txt 2011-08-06 23:12
.
Pre-Run: 1,005,504,851,968 bytes free
Post-Run: 1,005,297,594,368 bytes free
.
- - End Of File - - 0F634A4E20F78E9BDA4E82E886F867F1
#20
Posted 15 August 2011 - 02:20 PM
#21
Posted 15 August 2011 - 03:02 PM
#22
Posted 15 August 2011 - 03:06 PM
(SBI $2F4068FC) Library
c:\Windows\System32\esentprfw.dll
Kind : TrojansC-02
#23
Posted 15 August 2011 - 03:26 PM
OK lets use the real big hammer
1. Please download The Avenger by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select "Extract All..."
- Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here: Files to delete: c:\windows\System32\esentprfw.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
- Right click on the window under Input script here:, and select Paste.
- You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
- Click on Execute
- Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
#24
Posted 15 August 2011 - 03:42 PM
Edited by xdionne87, 15 August 2011 - 03:42 PM.
#25
Posted 16 August 2011 - 11:04 AM
#26
Posted 16 August 2011 - 12:57 PM
#27
Posted 16 August 2011 - 01:13 PM
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exeFile::
c:\windows\Pvahaa.exe
c:\windows\SysWow64\esentprfw.dll
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
#28
Posted 16 August 2011 - 01:48 PM
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6135.4435 [GMT -4:00]
Running from: c:\users\Xavier\patentes\ComboFix.exe
Command switches used :: c:\users\Xavier\patentes\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Pvahaa.exe"
"c:\windows\SysWow64\esentprfw.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Pvahaa.exe
c:\windows\SysWow64\esentprfw.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 19:39 . 2011-08-16 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-16 18:54 . 2011-08-16 18:54 61440 ----a-w- c:\windows\SysWow64\drivers\xfzt.sys
2011-08-16 18:50 . 2011-08-16 18:50 61440 ----a-w- c:\windows\SysWow64\drivers\rdenmqg.sys
2011-08-15 21:31 . 2011-08-15 21:31 61440 ----a-w- c:\windows\SysWow64\drivers\xcbwk.sys
2011-08-06 23:39 . 2011-08-06 23:39 -------- d-----w- C:\_OTL
2011-08-06 19:54 . 2011-08-06 19:54 -------- d-----w- C:\VundoFix Backups
2011-08-03 22:15 . 2011-08-03 22:15 -------- d-----w- c:\users\Xavier\AppData\Local\Mozilla
2011-07-31 20:25 . 2011-08-15 23:47 -------- d-----w- c:\users\Xavier\riotsGamesLogs
2011-07-30 15:52 . 2011-07-30 15:52 -------- d-----w- c:\windows\Sun
2011-07-29 15:25 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE350E56-B5A7-435E-A6CF-810F453A206B}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:26 . 2011-08-10 19:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-15 17:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-15 17:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-29 19:21 . 2011-06-29 19:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07 . 2011-07-13 21:31 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 23:14 . 2010-01-19 00:55 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-28 21:53 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-28 21:53 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-28 21:53 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-28 21:53 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-28 21:53 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2010-05-17 23:58 . 2010-05-17 23:58 299864 ----a-w- c:\program files\dxwebsetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-15_19.25.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 03:19 . 2011-08-16 18:57 54198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-16 18:57 32614 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-19 01:10 . 2011-08-16 18:57 19426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-422954752-2381727462-1605255963-1000_UserData.bin
- 2010-01-18 16:22 . 2011-08-15 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-18 16:22 . 2011-08-16 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-12 22:13 . 2011-08-15 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-12 22:13 . 2011-08-16 19:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-16 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-15 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-08-16 18:46 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-01-18 16:40 . 2011-08-15 19:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-18 16:40 . 2011-08-16 19:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-18 16:40 . 2011-08-16 19:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-18 16:40 . 2011-08-15 19:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-15 19:24 . 2011-08-15 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-16 19:40 . 2011-08-16 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-15 19:24 . 2011-08-15 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-16 19:40 . 2011-08-16 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-08-12 23:05 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-08-16 19:01 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-08-16 19:39 429096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-15 19:23 429096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{85C1DD6E-1181-41F2-9AB2-79D5F46F491B}"= "c:\program files (x86)\La barre d'outils AIR MILES\Helper.dll" [2010-02-04 242688]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{85c1dd6e-1181-41f2-9ab2-79d5f46f491b}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{CAFC26B8-CDE3-4BD8-A1B8-C3FD28BD3A57}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 17:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{76A20DB7-AAD4-4EFD-AE21-57811E5E49E4}]
2010-02-04 22:40 1445888 ----a-w- c:\program files (x86)\La barre d'outils AIR MILES\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 17:26 3908192 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DC7A75BF-581D-4675-BDCB-D1B35116EB49}"= "c:\program files (x86)\La barre d'outils AIR MILES\Toolbar.dll" [2010-02-04 1445888]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{dc7a75bf-581d-4675-bdcb-d1b35116eb49}]
[HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{2BA36896-D5E2-425B-85E8-F664D1EA6896}]
[HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-16 2969496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-15 140520]
"WMP110"="c:\program files (x86)\Linksys\WMP110\WMP110.exe" [2008-08-14 995328]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
.
c:\users\Xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys [2010-04-29 678448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1106000.020\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 135664]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 135664]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1106000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1106000.020\SYMEFA64.SYS [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAVx64\1106000.020\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSvia64.sys [2009-10-28 466992]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAVx64\1106000.020\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 20:51]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 20:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: fileplanet.com\www
TCP: DhcpNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
FF - ProfilePath - c:\users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\ar7souvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{DC7A75BF-581D-4675-BDCB-D1B35116EB49} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2011-08-16 15:45:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-16 19:45
ComboFix2.txt 2011-08-15 19:29
ComboFix3.txt 2011-08-11 20:37
ComboFix4.txt 2011-08-06 23:12
.
Pre-Run: 1,004,418,531,328 bytes free
Post-Run: 1,004,416,118,784 bytes free
.
- - End Of File - - 6B79315D3FB9740D8F7BE829E7AD87CC
#29
Posted 16 August 2011 - 02:20 PM
#30
Posted 16 August 2011 - 02:22 PM
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exeFile::
c:\windows\SysWow64\drivers\xfzt.sys
c:\windows\SysWow64\drivers\rdenmqg.sys
c:\windows\SysWow64\drivers\xcbwk.sys
c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe
Driver::
SessionLauncher
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users