Please advise.
Window 7 - Unable to Boot - Malware Suspected
#106
Posted 01 January 2012 - 12:40 PM
Please advise.
#107
Posted 01 January 2012 - 01:03 PM
Save and extract this file to the desktop. Once extracted, open the folder and click on the SettingsTestWin7.bat and post its report.
#108
Posted 01 January 2012 - 01:16 PM
Node IpAddress: [192.168.1.6] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
ASUS <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
ASUS <20> UNIQUE Registered
Windows IP Configuration
Host Name . . . . . . . . . . . . : ASUS
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-94-35-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f458:38d8:ead7:2c73%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 01, 2012 12:53:26 PM
Lease Expires . . . . . . . . . . : Monday, January 02, 2012 12:53:26 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890776
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-E4-97-63-00-26-18-94-35-54
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B67C9A3D-1E69-4C84-BBE4-F2FA074929A5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Pinging Yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=81ms TTL=48
Reply from 72.30.2.43: bytes=32 time=81ms TTL=48
Reply from 72.30.2.43: bytes=32 time=82ms TTL=48
Reply from 72.30.2.43: bytes=32 time=80ms TTL=48
Ping statistics for 72.30.2.43:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 82ms, Average = 81ms
Pinging Google.com [74.125.225.18] with 32 bytes of data:
Reply from 74.125.225.18: bytes=32 time=15ms TTL=54
Reply from 74.125.225.18: bytes=32 time=15ms TTL=54
Reply from 74.125.225.18: bytes=32 time=16ms TTL=54
Reply from 74.125.225.18: bytes=32 time=17ms TTL=54
Ping statistics for 74.125.225.18:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 17ms, Average = 15ms
These Windows services are started:
Akamai NetSession Interface
Andrea ADI Filters Service
Apple Mobile Device
Application Experience
Application Information
ASUS System Control Service
Background Intelligent Transfer Service
Bonjour Service
CNG Key Isolation
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
Device Handle Service
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Distributed Link Tracking Client
DNS Client
Encrypting File System (EFS)
Extensible Authentication Protocol
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Provider
iPod Service
lxec_device
Microsoft .NET Framework NGEN v4.0.30319_X64
Microsoft .NET Framework NGEN v4.0.30319_X86
Microsoft Antimalware Service
Microsoft Network Inspection
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
NVIDIA Display Driver Service
NVIDIA Stereoscopic 3D Driver Service
NVIDIA Update Service Daemon
Office Source Engine
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Remote Access Connection Manager
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Seagate Service
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Themes
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Connect Now - Config Registrar
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Live ID Sign-in Assistant
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
wscsvc
The command completed successfully.
Results for Windows Vista
.
Afd
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : Ancillary Function Driver for Winsock
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
dhcp
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : NSI
: Tdx
: Afd
SERVICE_START_NAME : NT Authority\LocalService
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 136
FLAGS :
BFE
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
Dnscache
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tdx
: nsi
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1752
FLAGS :
gpsvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: gpsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ProfSvc_Group
TAG : 0
DISPLAY_NAME : Group Policy Client
DEPENDENCIES : RPCSS
: Mup
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: gpsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 464
FLAGS :
iphlpsvc
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
lanmanserver
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES : SamSS
: Srv
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 464
FLAGS :
Lmhosts
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 136
FLAGS :
mpsdrv
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: mpsdrv
TYPE : 1 KERNEL_DRIVER
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\drivers\mpsdrv.sys
LOAD_ORDER_GROUP : network
TAG : 0
DISPLAY_NAME : Windows Firewall Authorization Driver
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: mpsdrv
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
MpsSvc
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
NetBIOS
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 2
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
NetBT
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 0
DISPLAY_NAME : NetBT
DEPENDENCIES : Tdx
: tcpip
SERVICE_START_NAME :
SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
Netman
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Netman
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
: nsi
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Netman
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 344
FLAGS :
netprofm
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: netprofm
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network List Service
DEPENDENCIES : RpcSs
: nlasvc
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: netprofm
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1136
FLAGS :
NlaSvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: NlaSvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness
DEPENDENCIES : NSI
: RpcSs
: TcpIp
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: NlaSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1752
FLAGS :
nsi
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: nsi
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Store Interface Service
DEPENDENCIES : nsiproxy
SERVICE_START_NAME : NT Authority\LocalService
SERVICE_NAME: nsi
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1136
FLAGS :
PolicyAgent
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPsec Policy Agent
DEPENDENCIES : Tcpip
: bfe
SERVICE_START_NAME : NT Authority\NetworkService
SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1075 (0x433)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
RasMan
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
: SstpSvc
SERVICE_START_NAME : localSystem
SERVICE_NAME: RasMan
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 464
FLAGS :
RPCSS
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES : RpcEptMapper
: DcomLaunch
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: RPCSS
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 888
FLAGS :
SstpSvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: SstpSvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secure Socket Tunneling Protocol Service
DEPENDENCIES :
SERVICE_START_NAME : NT Authority\LocalService
SERVICE_NAME: SstpSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1136
FLAGS :
Tapisrv
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Tapisrv
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: Tapisrv
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1752
FLAGS :
TCPIP
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES :
SERVICE_START_NAME :
SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
Tdx
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Tdx
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tdx.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 4
DISPLAY_NAME : NetIO Legacy TDI Support Driver
DEPENDENCIES : Tcpip
SERVICE_START_NAME :
SERVICE_NAME: Tdx
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
WebClient
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
winmgmt
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME : localSystem
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 464
FLAGS :
#109
Posted 01 January 2012 - 01:51 PM
Download both the registry files
http://www.mediafire...317ea53a883288d
http://www.mediafire...z6aw8j7997qa7j9
Launch and import them to registry
Restart your PC
Now,open RUN and type
regedit and click ok
go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on it-permissions
Click on ADD and type
Everyone and click ok
Now Click on Everyone
Below you have permission for users
Select full control and click ok
Now,open RUN and type
services.msc and click ok
start base filtering engine service and then windows firewall service
Edited by TangentMedia, 01 January 2012 - 01:53 PM.
#110
Posted 01 January 2012 - 02:23 PM
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.01.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris Zachidny :: ASUS [administrator]
1/1/2012 3:05:35 PM
mbam-log-2012-01-01 (15-05-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196079
Time elapsed: 2 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
#111
Posted 01 January 2012 - 03:12 PM
BFE
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
I wonder why it returned this message if you were able to manually locate the BFE key. Perhaps the permissions didn't allow the script to open the key. Go figure.
Let me know the outcome of ESET. Were you able to reach the deeper search in Testdisk with the images posted?
#112
Posted 01 January 2012 - 03:31 PM
I am glad you were able to fix that. The report shows:
BFE
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
I wonder why it returned this message if you were able to manually locate the BFE key. Perhaps the permissions didn't allow the script to open the key. Go figure.
Let me know the outcome of ESET. Were you able to reach the deeper search in Testdisk with the images posted?
That scan was run before i did the Firewall fix.
Running ESET now. 17% complete. Already found 4 more trojans! All the same:
a variant of Win32/Kryptik. YGY trojan
a variant of Win32/Kryptik. YGY trojan
a variant of Win32/Kryptik. YGY trojan
a variant of Win32/Kryptik. YGY trojan
Maybe because i am browsing with Firefox (Updated to 9.0.1). While browsing, got 2 MSE alerts warnings (JAVA related). Blocked and removed both. Then manually removed all JAVA cache; everything under cache. All of this **while running ESET** in IE9 as Admin.
So those YGY trojans may have come in through JAVA
I just got off the phone with a friend who had the same kind of malware attack last week. He went through this same 5 day hassle and he said he was told that this attack almost always occurs through JAVA or Flash. Well my Flash was (and is) totally up to date (just checked). But JAVA was last updated in April!! So I just updated it and told it to update daily at 2:00am from now on.
Tell me, is that your understanding too? Are these worms getting in through JAVA?
#113
Posted 01 January 2012 - 03:39 PM
Tell me, is that your understanding too? Are these worms getting in through JAVA?
There is definitely a possibility, as all cases I attended do come out with infected files in the JAVA cache.
#114
Posted 01 January 2012 - 05:18 PM
ComboFix 12-01-01.06 - Chris Zxx 01/01/2012 17:49:53.5.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.9207.4531 [GMT -5:00]
Running from: c:\users\Chris Zxx\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris Zxx\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\documents and settings\Chris Zxx\Documents\12d8RF4.exe"
"c:\documents and settings\Chris Zxx\Documents\l3e0p62.exe"
"c:\documents and settings\Chris Zxx\My Documents\12d8RF4.exe"
"c:\documents and settings\Chris Zxx\My Documents\l3e0p62.exe"
"c:\users\Chris Zxx\Documents\12d8RF4.exe"
"c:\users\Chris Zxx\Documents\l3e0p62.exe"
"c:\users\Chris Zxx\My Documents\12d8RF4.exe"
"c:\users\Chris Zxx\My Documents\l3e0p62.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris Zxx\Documents\12d8RF4.exe
c:\users\Chris Zxx\Documents\l3e0p62.exe
c:\users\Chris Zxx\My Documents\12d8RF4.exe
c:\users\Chris Zxx\My Documents\l3e0p62.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 23:00 . 2012-01-01 23:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-01 23:00 . 2012-01-01 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 21:13 . 2012-01-01 21:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-01 20:53 . 2012-01-01 20:53 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 20:53 . 2012-01-01 20:53 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 20:53 . 2012-01-01 20:53 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-01 20:53 . 2012-01-01 20:53 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 20:35 . 2012-01-01 20:35 -------- d-----w- c:\program files (x86)\ESET
2012-01-01 20:02 . 2012-01-01 20:02 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B6426C5-2DAC-4459-90AD-9B66C5659282}\offreg.dll
2012-01-01 20:02 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B6426C5-2DAC-4459-90AD-9B66C5659282}\mpengine.dll
2012-01-01 00:52 . 2012-01-01 00:52 -------- d-----w- c:\users\Chris Zxx\AppData\Roaming\Malwarebytes
2012-01-01 00:52 . 2012-01-01 00:52 -------- d-----w- c:\programdata\Malwarebytes
2012-01-01 00:52 . 2012-01-01 00:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-01 00:52 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 22:22 . 2011-12-27 22:32 -------- d-----w- C:\FRST
2011-12-23 04:20 . 2011-12-23 22:15 -------- d-----w- c:\users\Chris Zxx\.scorched3d
2011-12-23 04:18 . 2011-12-23 04:19 -------- d-----w- c:\program files (x86)\Scorched3D
2011-12-23 03:53 . 2011-12-31 19:04 -------- d-----w- c:\users\Chris Zxx\AppData\Local\fxUserEnum
2011-12-17 21:33 . 2011-12-17 21:33 -------- d-----w- c:\program files\iPod
2011-12-17 21:33 . 2011-12-17 21:34 -------- d-----w- c:\program files\iTunes
2011-12-17 21:33 . 2011-12-17 21:33 -------- d-----w- c:\program files (x86)\iTunes
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-17 21:31 . 2011-12-17 21:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-13 20:58 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 20:58 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 20:58 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 20:58 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 20:58 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 20:58 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 04:57 . 2011-12-11 04:57 -------- d-----w- c:\program files (x86)\Sibelius Software
2011-12-10 23:40 . 2011-12-10 23:40 -------- d-----w- c:\users\Chris Zxx\AppData\Local\TechSmith
2011-12-10 23:39 . 2011-12-10 23:39 -------- d-----w- c:\windows\SysWow64\QuickTime
2011-12-10 23:39 . 2011-12-10 23:39 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2011-12-10 23:39 . 2011-12-10 23:39 -------- d-----w- c:\programdata\TechSmith
2011-12-10 23:39 . 2011-12-10 23:39 -------- d-----w- c:\program files (x86)\TechSmith
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2011-12-11 04:57 . 2011-12-11 04:57 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
2011-11-21 11:40 . 2010-05-11 09:56 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 19:31 . 2011-11-18 19:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-18 19:31 . 2011-11-18 19:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-18 19:31 . 2011-11-18 19:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-18 19:31 . 2011-11-18 19:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-18 19:31 . 2011-11-18 19:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-18 19:31 . 2011-11-18 19:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-18 19:31 . 2011-11-18 19:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-18 19:31 . 2011-11-18 19:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-18 19:31 . 2011-11-18 19:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-18 19:31 . 2011-11-18 19:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-18 19:31 . 2011-11-18 19:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-18 19:31 . 2011-11-18 19:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-18 19:31 . 2011-11-18 19:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-18 19:31 . 2011-11-18 19:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-18 19:31 . 2011-11-18 19:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-18 19:31 . 2011-11-18 19:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-18 19:31 . 2011-11-18 19:31 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-18 19:31 . 2011-11-18 19:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-18 19:31 . 2011-11-18 19:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-18 19:31 . 2011-11-18 19:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-18 19:31 . 2011-11-18 19:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-18 19:31 . 2011-11-18 19:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-18 19:31 . 2011-11-18 19:31 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-18 19:31 . 2011-11-18 19:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-18 19:31 . 2011-11-18 19:31 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-18 19:31 . 2011-11-18 19:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-18 19:31 . 2011-11-18 19:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-18 19:31 . 2011-11-18 19:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-18 19:31 . 2011-11-18 19:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-18 19:31 . 2011-11-18 19:31 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-18 19:31 . 2011-11-18 19:31 448512 ----a-w- c:\windows\system32\html.iec
2011-11-18 19:31 . 2011-11-18 19:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-18 19:31 . 2011-11-18 19:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-18 19:31 . 2011-11-18 19:31 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-18 17:29 . 2011-07-11 02:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 10:54 . 2010-10-17 20:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-16 15:11 . 2011-10-16 15:11 0 ---ha-w- c:\users\Chris Zxx\AppData\Local\BIT4442.tmp
2011-10-16 15:09 . 2011-10-16 15:09 0 ---ha-w- c:\users\Chris Zxx\AppData\Local\BIT1352.tmp
2011-10-11 02:35 . 2011-10-11 02:35 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEA13868-0F88-4D5C-BF7D-2433AD00CD2A}\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-01_06.03.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-01 06:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-19 19:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-01 06:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-19 19:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-19 19:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-01 06:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-05 18:23 . 2012-01-01 19:46 53478 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-01-01 06:04 41450 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-01 19:46 41450 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-17 00:07 . 2012-01-01 19:46 15530 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-675020251-1707714230-191327267-1000_UserData.bin
- 2011-08-18 17:04 . 2011-12-31 21:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-18 17:04 . 2012-01-01 17:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-18 17:04 . 2012-01-01 17:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-18 17:04 . 2011-12-31 21:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-01 17:34 . 2012-01-01 17:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012010120120102\index.dat
+ 2011-08-18 17:04 . 2012-01-01 17:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-26 10:18 . 2011-12-26 10:18 16656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll
+ 2011-12-26 10:18 . 2011-12-26 10:18 41744 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
+ 2012-01-01 16:50 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2011-12-26 08:54 . 2011-12-26 08:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2012-01-01 16:50 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-01 16:53 . 2012-01-01 16:53 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 98152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 98152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-09-20 15:01 . 2011-09-20 15:01 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-01-01 16:52 . 2012-01-01 16:52 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 16:04 . 2011-10-13 16:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\53a04d67925ebd229e6b1abd7856b774\System.Xaml.Hosting.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\a9f5d739951335baf2cea57a4e54fd9c\System.Web.DynamicData.Design.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\5489f3d82b02843c58a4942afd3807e6\System.Xaml.Hosting.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\55b0452fe2e58293dfd0f6e76c69521f\System.Web.DynamicData.Design.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2012-01-01 19:44 . 2012-01-01 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-01 06:02 . 2012-01-01 06:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-01 06:02 . 2012-01-01 06:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-01 19:44 . 2012-01-01 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-20 21:34 . 2011-02-03 02:40 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-01 21:13 . 2011-11-10 10:54 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-01 21:13 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-01-01 21:13 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2012-01-01 04:46 664020 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-01 21:52 664020 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-01 04:46 122838 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-01 21:52 122838 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-01-01 19:33 114960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-01-01 19:44 637144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-01 06:01 637144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 10:18 . 2011-12-26 10:18 721680 c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll
+ 2011-12-26 10:47 . 2011-12-26 10:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 16:50 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2011-12-26 09:39 . 2011-12-26 09:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 16:50 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 326000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 326000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 175992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 175992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 810352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 810352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-13 16:04 . 2011-10-13 16:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-01 21:13 . 2012-01-01 21:13 207360 c:\windows\Installer\502837.msi
+ 2012-01-01 21:45 . 2012-01-01 21:45 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\c47cd2fc542c0fc7e20689433fa5123c\System.Web.Entity.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\efc6dead4b44c8e2e1963b7a3acd4988\System.Web.Entity.Design.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\23d96e7cca727a45aca6f28b5bec7dc5\System.Web.DynamicData.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\7257d37f6ed2f933793381870db07a81\System.Web.DataVisualization.Design.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 587776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\92b694399f4f39b23a78ba679073f375\System.ServiceModel.Activation.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\fd8d112a2b0b4a65909d4174d503ae47\System.Runtime.Remoting.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 662528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\f36f39f48842409277d30dce974f6e7d\System.Data.Services.Design.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\09cc3399142a93d77f317dda8c18a346\ComSvcConfig.ni.exe
+ 2012-01-01 20:11 . 2012-01-01 20:11 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\c4688bf6b864e76fbd936a7fdd5f0748\System.Web.Extensions.Design.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\8614eb36d94b640ab78ca4b7165f08f8\System.Web.Entity.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\8e2860651899e90f4de23486fbd5be87\System.Web.Entity.Design.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\b1c10c1591154f94a93dad7bb306f3ed\System.Web.DynamicData.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\17f371e10888ff6fdee8274a11f2605a\System.Web.DataVisualization.Design.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b998d241c567915a2069d0c790dd6c53\System.ServiceModel.Activation.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b209c76b6b03bee6deedfa3e1a8c4290\System.Runtime.Remoting.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\8feecdcd543403861ae71d1c7c37a67b\System.Data.Services.Design.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\c6a7103a6ee46deb73a7343bd7e71e61\ComSvcConfig.ni.exe
+ 2012-01-01 18:15 . 2012-01-01 18:15 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\453bbfe8e7f07f9be9fe1c690687e15b\AspNetMMCExt.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\329019fd5a84e532efc88250db9ed5da\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e63f072f12ca1a4a1a8c99512fa54370\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88356232fa6d15629a0b7224aaa22297\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8041474a243d46b192991297460fb304\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2009-07-14 04:45 . 2012-01-01 17:55 7612890 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-31 20:47 7612890 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-03-18 22:10 . 2012-01-01 19:44 4556612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-675020251-1707714230-191327267-1000-12288.dat
+ 2011-12-26 08:54 . 2011-12-26 08:54 1863464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll
+ 2011-12-26 10:18 . 2011-12-26 10:18 5200656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll
+ 2012-01-01 16:50 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 1863464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 5230864 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2012-01-01 16:50 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-13 16:05 . 2011-10-13 16:05 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 5097816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 5097816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2011-09-20 15:01 . 2011-09-20 15:01 1069936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 1069936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 5200656 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-01 16:53 . 2012-01-01 16:53 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 16:04 . 2011-10-13 16:04 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-01 16:52 . 2012-01-01 16:52 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 11:24 . 2011-12-26 11:24 8835072 c:\windows\Installer\90fd2.msp
+ 2012-01-01 22:55 . 2012-01-01 22:55 1601024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\b581bfffc1808ae8b75717f2a8dd2135\System.WorkflowServices.ni.dll
+ 2012-01-01 22:55 . 2012-01-01 22:55 2887680 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\e69d85c8210a988b4c104948f04cf5aa\System.Workflow.Runtime.ni.dll
+ 2012-01-01 22:55 . 2012-01-01 22:55 3743744 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\572967d338f59ea254e9c1affc52695d\System.Workflow.Activities.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\43728abc794e8a2f8b9178d83299f691\System.Web.Services.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 2964480 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\ae6e69ee7b8f89872246462ba8b6b186\System.Web.Mobile.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\6d04600d11baa5d8a09b594b591d0572\System.Web.Extensions.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 1100800 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\5a312292936c549b4a013fac180e2187\System.Web.Extensions.Design.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 5599232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\4c3d1f744e5edf4b2ee6a6001c4e19c3\System.Web.DataVisualization.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 1506816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\cfbec2879ae56c6bb8b1ba78a92694e9\System.ServiceModel.Web.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 2702848 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\0bd655a7f8793293240accf4c65758c8\System.Data.Services.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 1750528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\18688c8627c24053b0b967d88210548b\System.Data.Entity.Design.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\61b5e642d21b7e31457885975af7ce11\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\122733b12d421862dca6ce320ac6b733\AspNetMMCExt.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 3086336 c:\windows\assembly\NativeImages_v4.0.30319_64\AcWindows\4e2a85444b8f640901173fc991ff26f2\AcWindows.ni.dll
+ 2012-01-01 21:44 . 2012-01-01 21:44 7796224 c:\windows\assembly\NativeImages_v4.0.30319_64\Acmgd\67b16ee642365adf5b44ee75af637995\Acmgd.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c62d9d8bb2b22f8eaf9d8cbbf6123e47\System.WorkflowServices.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\e8804a70f32e7804d259792e7d27b5b8\System.Workflow.Runtime.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\a0ba653e91dcb6fbbfb94e37e18ed736\System.Workflow.Activities.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\53f1ed558eef032f8678a10b623db2c6\System.Web.Services.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f2f7d93088dc2d346d680763d464c03f\System.Web.Mobile.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 3126784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\3722b214046f3e48d9e78d9adf233263\System.Web.Extensions.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a439f6190b9ad82d9345292736777c85\System.Web.DataVisualization.ni.dll
+ 2012-01-01 20:11 . 2012-01-01 20:11 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d40d01d24635877797a3c389510d9c3a\System.ServiceModel.Web.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 2026496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\66ebacc95030b565991917af67cbd885\System.Data.Services.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\3713bc9e571e75a2f26a3b082b3f2609\System.Data.Entity.Design.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8c2ab599a8499bf042f4a256355ff223\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-01 16:54 . 2012-01-01 16:54 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-01 20:12 . 2012-01-01 20:12 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-01 21:42 . 2012-01-01 21:42 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-01 20:12 . 2012-01-01 20:12 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\d955463d0397605306d07d25c9c186fb\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf97fca65714c5ce6abf41a66559a5a4\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cc5644c899b46fe24cac51d1f4be33\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\df2d7205594489b4f1a5336fcf9244e5\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-01-01 16:50 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-04-27 18:47 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-01 16:50 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-01 16:50 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-01-17 04:55 . 2012-01-01 06:01 52866568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-675020251-1707714230-191327267-1000-8192.dat
+ 2010-01-17 04:55 . 2012-01-01 19:44 52866568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-675020251-1707714230-191327267-1000-8192.dat
+ 2012-01-01 21:44 . 2012-01-01 21:44 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\866ef200ca7a2ed4f26835709646125d\System.Web.ni.dll
+ 2012-01-01 21:45 . 2012-01-01 21:45 13300736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\6be8e8e57a83372e41481009ef6de482\System.Design.ni.dll
+ 2012-01-01 18:15 . 2012-01-01 18:15 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\c775972c9a15169ac27abb027154c1fd\System.Web.ni.dll
+ 2012-01-01 16:54 . 2012-01-01 16:54 10999296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\fa53ece586079c2eccc354b6feb31394\System.Design.ni.dll
+ 2012-01-01 16:54 . 2012-01-01 16:54 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-01 20:12 . 2012-01-01 20:12 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-01 21:43 . 2012-01-01 21:43 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-01 18:14 . 2012-01-01 18:14 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-01 16:55 . 2012-01-01 16:55 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Chris Zxx\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Chris Zxx\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 04:23]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 04:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris Zxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://192.168.1.1/start.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.hisfeet.org:9000
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Chris Zxx\AppData\Roaming\Mozilla\Firefox\Profiles\ocv6nc5t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.peekstuff.com/admin
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110823&q=
FF - prefs.js: network.proxy.ftp - proxy.hisfeet.org
FF - prefs.js: network.proxy.ftp_port - 9000
FF - prefs.js: network.proxy.gopher - proxy.hisfeet.org
FF - prefs.js: network.proxy.gopher_port - 9000
FF - prefs.js: network.proxy.http - proxy.hisfeet.org
FF - prefs.js: network.proxy.http_port - 9000
FF - prefs.js: network.proxy.socks - proxy.hisfeet.org
FF - prefs.js: network.proxy.socks_port - 9000
FF - prefs.js: network.proxy.ssl - proxy.hisfeet.org
FF - prefs.js: network.proxy.ssl_port - 9000
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-01 18:02:24
ComboFix-quarantined-files.txt 2012-01-01 23:02
ComboFix2.txt 2012-01-01 09:58
ComboFix3.txt 2012-01-01 06:42
ComboFix4.txt 2011-12-31 20:24
.
Pre-Run: 121,734,955,008 bytes free
Post-Run: 121,695,576,064 bytes free
.
- - End Of File - - 0249DE6DBC142DB72D20756FD4807FB3
#115
Posted 01 January 2012 - 06:33 PM
How is the computer doing?
#116
Posted 01 January 2012 - 07:08 PM
Seems to be running fine. I have been visit several sites and have not triggered an attacks that i can detect.
1. Is there anything else we need to do to complete the recovery process?
2. What is the best way to prevent this kind of attack in the future? Like what would you do if one of those fake Antivirus windows popped-up. In the past i would just shut off my machine, but that didn't work this time!
3. Would it have helped to have some sort of back up? What is the minimal best-practice back up I can do to prepare for a faster recovery in the future?
Please let me know you answers to these 3 questions. And if we are finished i would like to say thank you with a donation.
Kind Regards,
chris
#117
Posted 01 January 2012 - 09:20 PM
1. Is there anything else we need to do to complete the recovery process?
Seems there is a mis-configured FAT32 partition, but it has no effect in the computer. We weren't able to determine its contents.
Remove Combofix:
Rename Combofix to Uninstall and click on it. That will launch and uninstall the application
2. What is the best way to prevent this kind of attack in the future? Like what would you do if one of those fake Antivirus windows popped-up. In the past i would just shut off my machine, but that didn't work this time!
There is no defense against new variants. Only following good practices while online will keep you away from Trojans.
3. Would it have helped to have some sort of back up? What is the minimal best-practice back up I can do to prepare for a faster recovery in the future?
Windows 7 has a backup utility. It will backup your computer as of today. Any new or modified document will need to be backed-up apart, and the space required is huge.
There are backup utilities in the market, but they are expensive.
The following is a list of tools and utilities that I like to suggest to people.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
- Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Best wishes!
#118
Posted 10 January 2012 - 08:41 PM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users