Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUP.Bitminer kwrd.dll infection [Solved]


  • This topic is locked This topic is locked

#46
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
These are all very good questions.

1) As soon as I noticed the infection that I started this thread about, I disconnected an external hard drive from the machine. Is there a way to determine if the infection is also on that external hard drive? It has not been connected to the machine while we have done these scans.

Yes once we clean your machine we will check it out.

First, we will install Panda Vaccine on your machine to prevent an infection, if there is one, on the external drive moving to the computer. Then we will do some initial scans of the external drive to verify it is clean or if infected to clean it up.

2) I ask about the external hard drive because if I reformat, I will need to move some files off the machine. These files include music (.wav and .mp3), photos (.tif and .jpg), .pdf, and .docx and .xls files. I would like to move the relevant files to the external hard drive then move them back once the machine is reformatted. However, I will not do this if we can determine the external hard drive was also infected.


The files yo listed are fine, but need to be scanned before putting them back on the clean install. You do not want to back up html files from your browsers or an executables (.exe. .com. etc.)

3) The other option is to acquire a new, clean external hard drive. If I connect it to the infected computer, will the trojan get transferred upon connection or upon transferring of any of the aforementioned files?

We would protect the external drive with Panda vaccine as well to prevent infection.


CompCav
  • 0

Advertisements


#47
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thanks for the reply.

I have a committment that requries my attention for the next few days and will be unable to work on this problem until most likely Monday.

I will do the processes you listed in the earlier post at that time.

Thank you again for your help. I will post again in a few days.
  • 0

#48
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks for the heads up. I will await your post on Monday!

CompCav
  • 0

#49
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\temp\U folder moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Temp\_uninst_15059840.bat not found.
File\Folder C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_15059840.lnk not found.
File\Folder C:\Program Files\Java\jre6\bin\npjpi160_22.dll not found.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 52435721 bytes
->Temporary Internet Files folder emptied: 60317776 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55377097 bytes
->Flash cache emptied: 3373 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Toni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 212841175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116409344 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01162012_095603

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF107B43ACD1FEA40E.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF266B091403DE21F8.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF27ECA44F30C92D81.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF75469D5BF0372115.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF7DFB8A45530834A7.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF8BF18A0FF89AE826.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFC14FB90CE73A4928.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFDCA70E20B72E1AC8.TMP not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTAET6CJ\fastbutton[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTAET6CJ\page__st__30[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TA3925M\search[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#50
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I am glad the OTL fix ran well.

I hope ComboFix and the OTL Scan run well too!
  • 0

#51
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ComboFix 12-01-16.02 - Mike 01/16/2012 10:13:47.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.4513 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 15:18 . 2012-01-16 15:18 -------- d-----w- c:\users\Toni\AppData\Local\temp
2012-01-16 15:18 . 2012-01-16 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 02:31 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:31 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:31 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:31 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 02:31 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:31 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:31 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:31 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 20:00 . 2012-01-07 20:00 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-05 05:28 . 2012-01-05 05:29 102400 ----a-w- c:\windows\RegBootClean.exe
2012-01-04 04:51 . 2012-01-04 04:51 -------- d-----w- C:\_OTL
2011-12-30 23:05 . 2011-12-30 23:05 -------- d-----w- c:\windows\system32\SPReview
2011-12-30 23:03 . 2011-12-30 23:03 -------- d-----w- c:\windows\system32\EventProviders
2011-12-30 21:32 . 2011-12-30 21:32 21520 ----a-w- c:\windows\DCEBoot64.exe
2011-12-30 20:35 . 2011-12-30 20:35 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-30 20:35 . 2011-12-30 20:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-30 20:35 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 20:35 . 2011-12-30 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 19:48 . 2012-01-08 04:00 129024 ----a-w- c:\windows\RegBootClean64.exe
2011-12-30 17:12 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CE2F9CB-B8DC-4FF6-86AF-2C8F1867D2D9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 23:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-30 23:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-24 04:52 . 2011-12-15 16:07 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-15 16:07 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-15 16:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 16:07 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-15 16:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-15 16:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-15 16:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 16:07 43520 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-11 19:04 . 2010-11-11 19:04 645872 ----a-w- c:\program files\UIX.renderapi.dll
2010-11-11 19:04 . 2010-11-11 19:04 1526512 ----a-w- c:\program files\UIX.dll
2010-11-11 19:04 . 2010-11-11 19:04 1243888 ----a-w- c:\program files\ZuneShell.dll
2010-11-11 19:04 . 2010-11-11 19:04 1151728 ----a-w- c:\program files\ZuneDBApi.dll
2010-11-11 19:04 . 2010-11-11 19:04 1284848 ----a-w- c:\program files\UIXcontrols.dll
2010-11-11 19:00 . 2010-11-11 19:00 896240 ----a-w- c:\program files\ZuneWmdu.dll
2010-11-11 19:00 . 2010-11-11 19:00 157936 ----a-w- c:\program files\ZuneZMDB.Library.dll
2010-11-11 19:00 . 2010-11-11 19:00 9456 ----a-w- c:\program files\ZuneWmduResources.dll
2010-11-11 19:00 . 2010-11-11 19:00 467696 ----a-w- c:\program files\ZuneWlanCfgSvc.exe
2010-11-11 19:00 . 2010-11-11 19:00 306416 ----a-w- c:\program files\WMZuneComm.exe
2010-11-11 19:00 . 2010-11-11 19:00 27888 ----a-w- c:\program files\WMZuneTCP2UDP.dll
2010-11-11 19:00 . 2010-11-11 19:00 21232 ----a-w- c:\program files\WMZuneDTPTDNS.dll
2010-11-11 19:00 . 2010-11-11 19:00 195312 ----a-w- c:\program files\ZuneZMDB.Mobile.dll
2010-11-11 19:00 . 2010-11-11 19:00 18672 ----a-w- c:\program files\WMZuneCommProxyStub.dll
2010-11-11 19:00 . 2010-11-11 19:00 156912 ----a-w- c:\program files\ZuneZMDB.ZuneHD.dll
2010-11-11 19:00 . 2010-11-11 19:00 152304 ----a-w- c:\program files\ZuneZMDB.Classic.dll
2010-11-11 19:00 . 2010-11-11 19:00 100080 ----a-w- c:\program files\ZuneTaskbar.dll
2010-11-11 19:00 . 2010-11-11 19:00 507120 ----a-w- c:\program files\ZuneSP.dll
2010-11-11 19:00 . 2010-11-11 19:00 916208 ----a-w- c:\program files\ZuneQP.dll
2010-11-11 19:00 . 2010-11-11 19:00 74480 ----a-w- c:\program files\ZuneShellExt.dll
2010-11-11 19:00 . 2010-11-11 19:00 683760 ----a-w- c:\program files\ZuneSH.dll
2010-11-11 19:00 . 2010-11-11 19:00 514288 ----a-w- c:\program files\ZuneSE.dll
2010-11-11 19:00 . 2010-11-11 19:00 366320 ----a-w- c:\program files\ZuneSrcWrp.dll
2010-11-11 19:00 . 2010-11-11 19:00 16873712 ----a-w- c:\program files\ZuneShellResources.dll
2010-11-11 19:00 . 2010-11-11 19:00 155888 ----a-w- c:\program files\ZuneSA.dll
2010-11-11 19:00 . 2010-11-11 19:00 1521392 ----a-w- c:\program files\ZuneSetup.exe
2010-11-11 19:00 . 2010-11-11 19:00 17648 ----a-w- c:\program files\ZuneShare.exe
2010-11-11 19:00 . 2010-11-11 19:00 1404144 ----a-w- c:\program files\ZuneResources.dll
2010-11-11 19:00 . 2010-11-11 19:00 1240304 ----a-w- c:\program files\ZuneService.dll
2010-11-11 18:59 . 2010-11-11 18:59 9971440 ----a-w- c:\program files\ZuneNativeLib.dll
2010-11-11 18:59 . 2010-11-11 18:59 347888 ----a-w- c:\program files\ZuneNssci.dll
2010-11-11 18:59 . 2010-11-11 18:59 855280 ----a-w- c:\program files\ZuneMBR.dll
2010-11-11 18:59 . 2010-11-11 18:59 8251120 ----a-w- c:\program files\ZuneNss.exe
2010-11-11 18:59 . 2010-11-11 18:59 376560 ----a-w- c:\program files\ZuneEvr.dll
2010-11-11 18:59 . 2010-11-11 18:59 223472 ----a-w- c:\program files\Zune.exe
2010-11-11 18:59 . 2010-11-11 18:59 2109680 ----a-w- c:\program files\ZuneEncEng.dll
2010-11-11 18:59 . 2010-11-11 18:59 20720 ----a-w- c:\program files\ZunePS.dll
2010-11-11 18:59 . 2010-11-11 18:59 1744624 ----a-w- c:\program files\UIXrender.dll
2010-11-11 18:59 . 2010-11-11 18:59 163568 ----a-w- c:\program files\ZuneLauncher.exe
2010-11-11 18:59 . 2010-11-11 18:59 130800 ----a-w- c:\program files\ZunePresenter.dll
2010-11-11 18:59 . 2010-11-11 18:59 1184496 ----a-w- c:\program files\ZuneH264Dec.dll
2010-11-11 18:59 . 2010-11-11 18:59 1161456 ----a-w- c:\program files\ZuneMde.dll
2010-11-11 18:59 . 2010-11-11 18:59 1084144 ----a-w- c:\program files\ZuneMarketplaceResources.dll
2010-11-11 18:59 . 2010-11-11 18:59 72944 ----a-w- c:\program files\ZuneDXVA2.dll
2010-11-11 18:59 . 2010-11-11 18:59 218864 ----a-w- c:\program files\ZuneHost.exe
2010-11-11 18:59 . 2010-11-11 18:59 1464560 ----a-w- c:\program files\ZuneCore.dll
2010-11-11 18:59 . 2010-11-11 18:59 707824 ----a-w- c:\program files\ZUNEMP4SDECD.dll
2010-11-11 18:59 . 2010-11-11 18:59 61680 ----a-w- c:\program files\ZuneCfg.dll
2010-11-11 18:59 . 2010-11-11 18:59 56560 ----a-w- c:\program files\ZuneConfig.exe
2010-11-11 18:59 . 2010-11-11 18:59 38640 ----a-w- c:\program files\ZuneEnc.exe
2010-11-11 18:59 . 2010-11-11 18:59 35568 ----a-w- c:\program files\UIXsup.dll
2010-11-11 18:59 . 2010-11-11 18:59 212208 ----a-w- c:\program files\ZuneDB.dll
2010-11-11 18:59 . 2010-11-11 18:59 129264 ----a-w- c:\program files\ZuneEffects.dll
2010-11-11 18:59 . 2010-11-11 18:59 121072 ----a-w- c:\program files\ZuneAACDec.dll
2010-09-24 16:19 . 2010-09-24 16:19 182784 ----a-w- c:\program files\l3codecp.acm
2010-09-24 15:49 . 2010-09-24 15:49 626688 ----a-w- c:\program files\msvcr90.dll
2010-09-24 15:49 . 2010-09-24 15:49 856576 ----a-w- c:\program files\msvcp90.dll
2010-09-24 15:49 . 2010-09-24 15:49 245760 ----a-w- c:\program files\msvcm90.dll
2007-10-02 19:12 . 2007-10-02 19:12 1642568 ----a-w- c:\program files\msidcrl40.dll
.
.
((((((((((((((((((((((((((((( [email protected]_01.32.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 19:32 . 2012-01-16 15:00 30412 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-16 15:00 30438 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-12-24 03:09 . 2012-01-04 05:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-24 03:09 . 2012-01-16 15:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-24 03:09 . 2012-01-04 05:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-16 15:00 . 2012-01-16 15:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-04 05:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-16 15:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-24 14:24 . 2012-01-04 04:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-24 14:24 . 2012-01-16 15:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-24 14:24 . 2012-01-16 15:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-24 14:24 . 2012-01-04 04:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-24 14:24 . 2012-01-16 15:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-24 14:24 . 2012-01-04 04:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 06:42 . 2012-01-16 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 06:42 . 2012-01-04 04:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-02 06:42 . 2012-01-04 04:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-02 06:42 . 2012-01-16 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-11 02:31 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-11 02:31 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 73728 c:\windows\assembly\NativeImages_v2.0.50727_64\UIXControls\7e1b355b43a15d5209d6a8ddf1312778\UIXControls.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\0d036f215cfdf37305d84ac680e19413\System.Windows.Presentation.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\968c30c131b94a1b5e834fbc333b177b\stdole.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\3a5529f1de05952773c725a6ff2e07fb\PresentationFontCache.ni.exe
+ 2012-01-06 08:19 . 2012-01-06 08:19 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\c066431266a5b4c8326779d12542161c\PresentationCFFRasterizer.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\621b2f176909228deae402a6031e7420\Microsoft.WSMan.Runtime.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\ecd29eb2eda46acfda1229f8362f60e9\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d77eafc89b58f5466b7555d89a293c50\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\c1e58a266d600248f08dca600457e346\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\9f1ca68fbcefac4ef4f13e5f5604ad82\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8260ae5a7d4a7e7cd907c958858da284\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\371120a0816ba5ce909b8e1341da376f\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e6aabbfb38a14559712fdf51064ff3a1\Microsoft.VisualC.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\a9a494047cfbd13fd4a155c77a258a0a\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\90b3ba2f1de795690641228b63586965\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\866c57c6e58cbe8249b36f21ec8ac18a\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\584f193ae53236bf55cd78b246214d83\LoadMxf.ni.exe
+ 2012-01-06 08:25 . 2012-01-06 08:25 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\fae9950502b5464108feda9d64ebea78\ehiTVMSMusic.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe
+ 2012-01-06 08:23 . 2012-01-06 08:23 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\320d4f45d6463976ce238f654e706926\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\d301e1d96d4f39f15482db09206f1fb1\Accessibility.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\de6cc37afc2bb3ea973c29211f0b21d8\System.Windows.Presentation.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\d0ed41e7dcb1be4a43a76e47de276d94\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\17b4308b0e6d35c1230135ed25fffbfe\stdole.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\af072bb984952ba5e573ca93cc0cad44\PresentationFontCache.ni.exe
+ 2012-01-06 08:22 . 2012-01-06 08:22 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7681b87de3ecee06390331f0fab14c93\PresentationCFFRasterizer.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\a38f8e60cdbca2d158d8daaea9577934\napcrypt.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\0067507e3305266a72358b51bdd5dd86\Microsoft.WSMan.Runtime.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f7a51d8e344dda4d7f38e1b824cd83ad\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ed12245481e36d8cc238876bd79b1e6c\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e5e22edbc2a34b9d9a166dbbaf7379ff\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ca1daccfdb3f0bff3bd0062644a539bf\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\afe4d94d07a22c70106c859139cb314a\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62e68252fc137a55d2d39fe0d5093599\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\508857b730c4edea8eca42b3d435ef82\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5011901c735997d46243e3a90e8bd736\Microsoft.Vsa.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\3cb6023aa6ab962babcee9c0ec8991de\Microsoft.VisualC.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\cf3cab157883d19e2fb460518c26f6e7\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\4879f5496d8e920dc19c97e53db253d2\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aac5bc888c15c2630ea22e517e4e19f8\Microsoft.Build.Framework.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4ee55572f0f54a71e24fe3fec094968b\Microsoft.Build.Framework.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\e6e4bd9a47848b93cd2dd8a688968741\ehiUserXp.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\06b63c6e22871790da6705df56a896dc\AuditPolicyGPManagedStubs.Interop.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
+ 2009-12-26 12:09 . 2012-01-16 15:00 5558 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1914085616-3518187634-3453094830-1004_UserData.bin
+ 2012-01-16 15:19 . 2012-01-16 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-05 01:31 . 2012-01-05 01:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-16 15:19 . 2012-01-16 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-05 01:31 . 2012-01-05 01:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-01-13 01:59 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-05 01:28 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-24 20:50 . 2012-01-05 13:49 425566 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-01-16 15:03 894628 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-04 05:10 894628 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-04 05:10 192994 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-16 15:03 192994 c:\windows\system32\perfc009.dat
- 2009-07-14 04:46 . 2011-12-31 01:54 111392 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-16 14:46 111392 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-01-16 15:18 480980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-04 04:58 480980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-15 02:49 . 2012-01-13 17:04 481748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1914085616-3518187634-3453094830-1004-8192.dat
+ 2012-01-11 02:31 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-01-05 01:40 . 2011-07-08 22:31 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2011-07-01 23:08 . 2010-11-05 01:56 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2012-01-11 02:31 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-05 01:40 . 2011-07-08 22:33 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-07-01 23:07 . 2010-11-05 01:58 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-01-05 01:39 . 2011-03-29 22:33 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-07-01 23:08 . 2010-11-05 01:57 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-01-05 01:40 . 2011-07-08 22:33 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-07-01 23:09 . 2010-11-05 01:57 995672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-07-01 23:08 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 02:31 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\756011e2290f779331336b1659d804e9\WsatConfig.ni.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\bdf567eb555bffe4d9f4383b6b97832b\WindowsFormsIntegration.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\344ac206baaadddc6f7c5fb8ae189b1a\UIAutomationTypes.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\7a61dc7e8c606d1ed2c703cbeae2f8ef\UIAutomationProvider.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\93585639099b0e1b8280eb528fb12c0b\UIAutomationClient.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da4abebb1b165f2d27c5fe5bc6e9ed71\TaskScheduler.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\2b9253e5a2818152f9f1a3b9d7c7ee60\System.Xml.Linq.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\d78f9ad8894e441f38d96697bee1d6fa\System.Web.RegularExpressions.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\f15a8af412d84b1fd14fc735fb5834f5\System.Transactions.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\8428a82fd82a1ef1d3dab07be67dd78f\System.ServiceProcess.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\a3202e5eeb5c84ca6d5453b50c28e1af\System.Security.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b3b42692707c0f555807def0c4acefe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\1d7d8aef36a4181c824e7b19a5717181\System.Net.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\7b701647e76dc015ef7574b789abac7b\System.Messaging.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\515b6d806d49ee9f3a0c4777c313c5a9\System.Management.Instrumentation.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\09e99130b92146abae3d4c9b5c8bb116\System.IO.Log.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ab72e394c92f57172be9a9d29be90e90\System.IdentityModel.Selectors.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4b0fd98f11e1e243efcfb810c170decf\System.EnterpriseServices.Wrapper.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\4026f724cc80f1beb4450d3286d93c0d\System.Drawing.Design.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ea326d1e49d4824358eb5826fe52921a\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a342b0087027682df86caa73cf0dc223\System.Data.Services.Design.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\0749a52124e604d5104322fd60606810\System.Data.DataSetExtensions.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\7d99138fb23b6c17aa205d49c6bfce9e\System.Configuration.Install.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\63c8a0af333eb6fa7d73d5b30c9acb38\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\3867b72f0fdef0241a18f0c6767ecf05\System.AddIn.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\edf038eef2dc9f21b13da8bdc046a834\System.AddIn.Contract.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\0ba53d547dabd039b0cfc9ce52fa6c57\sysglobl.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\ce64633f4e4ba6f3c45ad5ad6a35d736\SMSvcHost.ni.exe
+ 2012-01-06 08:24 . 2012-01-06 08:24 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\d912b15f4aaac2455b690f6e477a67b1\SMDiagnostics.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\66eee769d42b67224d5ca71d24bb5ed5\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a4757ccc20fa4dac96856aaaea05ffaa\PresentationFramework.Royale.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9ab2ddfc6ccc7d84144aa45fc86969a1\PresentationFramework.Luna.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\631667d5c4e1f0beee46c82e316ed0cb\PresentationFramework.Aero.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2de40f08930236c079d2653ade704bfc\PresentationFramework.Classic.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\d1f466e30784f97cdb0df13554276dd5\napsnap.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\864f48b66cc44fcc43b7a40bc2ccb3cd\napinit.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\fd2464358cddfa04f46d55b9153249e3\naphlpr.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\717cc07bafa8f50a6f87be383fa9018b\napcrypt.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1b9e231c729d1e59a4610531e0314c6d\MSBuild.ni.exe
+ 2012-01-06 08:26 . 2012-01-06 08:26 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\091f53e39941f5371814cc96d71729a3\MMCFxCommon.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8f7d31b01ed5d655fd5c48117453f960\Microsoft.WSMan.Management.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\520f7ea348d330647c204acc32afadae\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\3c37f454edf0064bb10747920ae0be9d\Microsoft.Vsa.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\3bdebcf5831c9f66c55e7b650713b2e9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 318976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\d0f8400be8cc4b7cea8e2b036ee75d23\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\c7a13491e86eb21258a1b0e778115e10\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\b4c1eaad859fe1c90ce29bc671c22890\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\92b61d50825667d08b6c563f35666920\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f616652a9327d4f41f9adc33aedd8feb\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9e3b197d73893a55ec7bf4d4dda692e2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7bba925a067b6efc53e6e4ea3c458dc0\Microsoft.PowerShell.Security.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\608d7a44baf1367d7f4b8aa8e96e3d82\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c9b6a9b9a26ac6d9d3575cda488172ce\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c0673b635e9f01e3084c383e1cc689e5\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a4bde939b3d8da9baf5939b9e62d9ef7\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\53074205d60375dc33155586a27d07eb\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\377d824dde728ce28d61ef522c3be808\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e1b7ce3acfe6f344c39e96d33637c4af\Microsoft.ManagementConsole.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\a28de069a345eb9fa468b65e8a0352b8\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\98ea8003b7a453f2239669a432bf090e\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\a1a7ca0c475f607d60d4c8c17b5049af\Microsoft.Build.Utilities.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\8eda32beeba1d8dff2848edce97f15b3\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\0c7a36fa5c4a99e157201a67c10ba344\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\5236edad06d28858a9c582c2c772be41\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\137a78131ad522e618ac4d1ac9107c39\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\348c58da6c217fb9a1a6f33b19bc1501\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\a37f126e2b6bbb6f476c0d14399949b0\Mcx2Dvcs.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\99229f50cf34d755c07c74f5d7e88803\mcupdate.ni.exe
+ 2012-01-06 08:25 . 2012-01-06 08:25 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\22e35c0c53328cbd317a395f81ce7122\mcstoredb.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4dce2da44e40d021caecb8243667718e\mcplayerinterop.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\9376158dbb6294a55db5b75cf78a06a4\mcGlidHostObj.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\b8735694a594d872e3b89050c3883f5c\MCESidebarCtrl.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\e96db8294b247cffcbd2df3cde0ece40\EventViewer.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d8fcbbc454183dbd4883686dce6fb198\ehRecObj.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\cbebce3e616f8fa475427e94a5f607de\ehiActivScp.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\88c5012f9a84d220dc4d413c7935dd07\ehExtHost.ni.exe
+ 2012-01-06 08:24 . 2012-01-06 08:24 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\574c597861e298e143212535dc1e19ec\ehCIR.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\6ccad398816b1569afb2a7fcbd49bf42\ComSvcConfig.ni.exe
+ 2012-01-06 08:23 . 2012-01-06 08:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\e938d38129512db210e2bc77214849d5\BDATunePIA.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0f0e4119556b49e8e2adcd3a441753fc\WsatConfig.ni.exe
+ 2012-01-06 08:32 . 2012-01-06 08:32 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6eadd2ec3f027920eb71e6e9fed30ff2\UIAutomationClient.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8c9f15092dab9a5f36d9f160b69d108c\TaskScheduler.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\54aff110093134e12558e26c7a038eb7\System.Web.RegularExpressions.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\573003889d88b6c133de7360960c9da0\System.Net.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\4ede0fecbdb3795efa9dca6b77c2031b\System.Messaging.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\2e7668ad46be53fe98c5fbe4b3bf733e\System.Management.Instrumentation.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\ebd645cff62cef59eaf1ef8e3b3c5127\System.IO.Log.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8a7d8a1bed270870c645ff47913f062a\System.IdentityModel.Selectors.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.Wrapper.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8aa064c925a6b6bc885c3bd5bb1f4149\System.Drawing.Design.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a5df8714e91f2e7d0f76081b6581d071\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\50da9308aea01ad914cc87509dd968ec\System.Data.Services.Design.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c523aa7f545394a1ed7f9a6358cf18e3\System.Data.DataSetExtensions.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\66a5094e521e34aecd51e4bae30ac266\System.Configuration.Install.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\571bcd3c57411a09469a58c7462a4c8b\sysglobl.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2a25182592e8c63ea14d0935b0580b9d\SMSvcHost.ni.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\da273b9f6a5cb6438f5779e5a03b6441\SecurityAuditPoliciesSnapIn.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\aae0c17e133300ab45fb897647cdd8d7\PresentationFramework.Luna.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad023d8c5d5925e50b96c0d63da0235\PresentationFramework.Royale.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\a41437397e3b33ebc5d2652d5d840667\napsnap.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c2030859672edc6a6f938650d64c42fc\napinit.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\6c31aace1d7b39145fe0ef94f1530e8a\naphlpr.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\027cfb46a54d640ce0170818510f55cb\MSBuild.ni.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\6bc5509877a8e98672c09d8279aa93f0\MMCFxCommon.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\d2895e306d1273b26f21b2e236a8fa29\Microsoft.WSMan.Management.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce29d5de8d4f6f1b2216f7f17ae66c80\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e34191abf1bb565270cf4a8cda9f7726\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\6d2877875d3e610806b8e3a0c312b945\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\657d937db9f0b5a65714b9d2a99570ab\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\547f0d2298367b51bd1c70a7d3365563\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\75da06cfbcab0c1e87d570e1f89e57a9\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\53ef826acbbf946830301f1fcc0361d2\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3ba895a97f175c7b84165998badb814e\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\38b928a3c5a4ddbe616983989bae6487\Microsoft.PowerShell.Security.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\162342556ee7cad6282e99be346b8651\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\189ddbba16fb3c5b7f2250b3286ad0fa\Microsoft.ManagementConsole.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\c92fc33c0cb945ea773911cd0fbb3df9\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\a391ba9657040ba0711807cc4e117289\Microsoft.GroupPolicy.Interop.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\547d1806b410977e2d3d5c05e5114d1a\Microsoft.Build.Utilities.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4153cdd9b2d16edd1bba53bea09614a2\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\88cf4cd59af3b638ca7b1e82fab428b5\Microsoft.Build.Engine.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\86c1ebc6968927a4ec60d3f14f3fb44e\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\5b07981ed0dbb690ccf9c4078a3041e5\Microsoft.ApplicationId.Framework.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\38dc2628747f2f2c80a329c0eef42971\Microsoft.ApplicationId.RuleWizard.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\2d30f32b6ca585235fada8fb050f2be5\mcstoredb.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\88e8c62f1004f6f07e591df9723f57bd\EventViewer.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\0bde53bae85a8d27007dc0f7d418df41\ehRecObj.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\fbec5a519a2c5005d43b04b6386406b2\ehiVidCtl.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\832b98f0578e73e8693fea7067c3d2ab\ehiProxy.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\fa383760dc46e586ae40374129164b4e\ehiExtens.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c52cbd60b414e74e81e2d2445f36208a\ehExtHost32.ni.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ca2d56fdb2662c94353b2eba49d47725\ComSvcConfig.ni.exe
+ 2012-01-06 08:30 . 2012-01-06 08:30 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\91855551ad544c05d076b476f2e25002\BDATunePIA.ni.dll
- 2009-07-14 04:54 . 2012-01-05 01:28 5636096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-13 01:59 5636096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2011-12-31 01:54 7613398 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-13 08:20 7613398 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-12-24 03:48 . 2012-01-04 04:58 2102720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-12-24 03:48 . 2012-01-16 15:18 2102720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-01 23:09 . 2010-11-05 01:57 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-01-05 01:39 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-01-11 02:31 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
- 2011-07-01 23:10 . 2010-11-05 01:57 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-01-05 01:39 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-01-05 01:40 . 2011-07-08 22:31 9990992 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- 2011-07-01 23:09 . 2010-11-05 01:56 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-01-05 01:40 . 2011-07-08 22:31 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-01-05 01:39 . 2011-03-29 22:32 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2011-07-01 23:09 . 2010-11-05 01:56 1576272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2011-07-01 23:09 . 2010-11-05 01:56 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-01-05 01:40 . 2011-07-08 22:31 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
- 2011-07-01 23:09 . 2010-11-05 01:58 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-01-05 01:39 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-01-11 02:31 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2011-07-01 23:10 . 2010-11-05 01:58 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-01-05 01:39 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-01-05 01:40 . 2011-07-08 22:33 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-01 23:09 . 2010-11-05 01:57 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-01-05 01:40 . 2011-07-08 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 5529600 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneShell\d9037f7542a13c749f48d429641fcba5\ZuneShell.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 3570176 c:\windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\278707092ff2347013ff3e53bd19479c\ZuneDBApi.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\bb70e6c85f728c359f1853e2d994dbae\WindowsBase.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 6203904 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX\3afd7bfd598f81e2ff998cea5923cf7a\UIX.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 2629120 c:\windows\assembly\NativeImages_v2.0.50727_64\UIX.RenderApi\3529605f79e6aa0810daca0d76346890\UIX.RenderApi.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\888e738b2d4904fc2193ea2237acb01e\UIAutomationClientsideProviders.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\372dfe1a5b9ed9217b0f491ba07745d2\System.Xml.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\8e2d63ddf8223dab939bbdf5a9a51185\System.Speech.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\1377c29b871c7eb768769b5f4bdbb15d\System.Runtime.Serialization.ni.dll
+ 2012-01-13 08:18 . 2012-01-13 08:18 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-06 08:20 . 2012-01-06 08:20 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\ea01287229d87b63089ee4fa545d70a3\System.Printing.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2fb0402632ad5e804276ac653a95ef80\System.Management.ni.dll
+ 2012-01-13 08:25 . 2012-01-13 08:25 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4b0fd98f11e1e243efcfb810c170decf\System.EnterpriseServices.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\7913f5c6b6fc7a75b2b8f558bb7b5568\System.Drawing.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ece506e2c1e0a1bde755dd7d652b5325\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-06 08:20 . 2012-01-06 08:20 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3623e2ad193bcccf00ac1107d4f62236\System.DirectoryServices.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\9c394336e3ce35330907d1c51c47951c\System.Deployment.ni.dll
+ 2012-01-06 08:20 . 2012-01-06 08:20 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\4cfb4616eb3af7f91c1ea7113465860b\System.Data.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\32cf78868a7f90ad05525253a2540e1f\System.Data.SqlXml.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-06 08:29 . 2012-01-06 08:29 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\55c030c014a9cd3ce63b1ce30722b6d7\System.Data.Services.Client.ni.dll
+ 2012-01-06 08:21 . 2012-01-06 08:21 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\03c0fa3f53e9ddf45a7dce06ae740de8\System.Data.OracleClient.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\6d2a8c2d751cb29ecdbc8a20aac2dd1e\System.Data.Linq.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\eed0dd8cdc46206a76e8c23872fc0787\System.Core.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\fe860189c078d45125ca6366495fd414\System.Configuration.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\6bb26fbae8283643f986174a6b0029c5\SrpUxSnapIn.ni.dll
+ 2012-01-06 08:20 . 2012-01-06 08:20 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c9ead0d73ee0c798c1509479797611d8\ReachFramework.ni.dll
+ 2012-01-06 08:20 . 2012-01-06 08:20 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fd07cec48ab260c1a27c19b37466369f\PresentationUI.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\efa575767e695618224d140941250d8b\PresentationBuildTasks.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\8eb00c2e6ad95f84704a73c15934ad64\Narrator.ni.exe
+ 2012-01-06 08:27 . 2012-01-06 08:27 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\487581cba0779ee130e354096f40edd1\MMCEx.ni.dll
+ 2012-01-13 08:26 . 2012-01-13 08:26 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-13 08:27 . 2012-01-13 08:27 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\014c1c5365a633b4202b23ed09f7599c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d980c42341a396f0980115c80d18ab57\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-01-13 08:26 . 2012-01-13 08:26 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6f0bbc912ec21fad139214ca4578a7ed\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bffc2eeaf9544a9ea24691e9d572438\Microsoft.PowerShell.Editor.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ae64957bd11cb42df95fb949e690980c\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-01-13 08:25 . 2012-01-13 08:25 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\70a990f97a3295782d195bcb052eb69f\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-01-13 08:25 . 2012-01-13 08:25 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-13 08:26 . 2012-01-13 08:26 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\b733f33cc6a07e4cd5bed494cf536af1\Microsoft.JScript.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\ea8f48f12613578b64bd9077bdae4c31\Microsoft.Ink.ni.dll
+ 2012-01-13 08:26 . 2012-01-13 08:26 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\d955463d0397605306d07d25c9c186fb\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\f298e576c8e06073fe2310ccf0756396\Microsoft.Build.Tasks.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\9f6d2a67a43f90c37d475d9eb433e98b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\c8205ffff2cc4dea7093b8c59c3b5a3a\Microsoft.Build.Engine.ni.dll
+ 2012-01-06 08:26 . 2012-01-06 08:26 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a288688a887e392b713bb459110507c1\Microsoft.Build.Engine.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\9fb794b6ac9dc760681ba3b485996b97\mcstore.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\2980298bb4b3f3c844523562d74b0854\mcepg.ni.dll
+ 2012-01-06 08:25 . 2012-01-06 08:25 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\f61f677c8d3ba5191da2d0809bb35fe1\ehiVidCtl.ni.dll
+ 2012-01-06 08:24 . 2012-01-06 08:24 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\650f98b105afd8e1f75baaf6bd53050e\UIAutomationClientsideProviders.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-13 08:20 . 2012-01-13 08:20 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-13 08:20 . 2012-01-13 08:20 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-13 08:20 . 2012-01-13 08:20 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-13 08:20 . 2012-01-13 08:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\0b5017932511872e37f6da04ef4f44b3\System.Speech.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\a18184c1609b655455395c522bd9054f\System.Printing.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\aaffd889b1ac972c5faf72442e92e6f3\System.Management.Automation.ni.dll
+ 2012-01-13 08:23 . 2012-01-13 08:23 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f78fa584bb78607b65e8872d925a96af\System.DirectoryServices.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7bfd55df5c38d128885251b92e392943\System.Data.SqlXml.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\91ee2a5b20d39be70a1d4e39ca9e23bf\System.Data.Services.Client.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1171b168dc6db0132146d8e26ae00d22\System.Data.OracleClient.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll
+ 2012-01-06 08:32 . 2012-01-06 08:32 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\de785592a16c949cfb67da6781acd156\System.Data.Entity.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\3e1c46e0d7b52efcaa091e9e5cfad7bf\SrpUxSnapIn.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb6d83d30262cb6d1b6f2a47dcf8a37d\ReachFramework.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\79f71b891de1584cdcce378e22f047ee\PresentationUI.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d34f41676aed9e84ef18852d371359e1\PresentationBuildTasks.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\060646580ce5113ef5e11d3523cbe883\Narrator.ni.exe
+ 2012-01-06 08:31 . 2012-01-06 08:31 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\09856e5c68686a53563775f9359e07ac\MMCEx.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a31ec9cb215741ea987630aa277ea658\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\beca29b613b68f68560960310c788ec3\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\88b4d41e45ea4e4bcebdb5815f9e3c24\Microsoft.PowerShell.Editor.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-13 08:23 . 2012-01-13 08:23 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a2c9438aa64633f2dc8ef0cf069b57c5\Microsoft.JScript.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d8c9bc51701795a194e6695a137241e4\Microsoft.Ink.ni.dll
+ 2012-01-13 08:24 . 2012-01-13 08:24 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\df2d7205594489b4f1a5336fcf9244e5\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\b6942de187e833d0ec47d9267270ae2b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1e563d8dfdd4017cdc06ed6e845ff9c7\Microsoft.Build.Tasks.ni.dll
+ 2012-01-06 08:31 . 2012-01-06 08:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\84a01599d405e5f2de5eac2da2f13424\Microsoft.Build.Engine.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\a2e0652abfd57dcacef112f2b0beecaf\mcstore.ni.dll
+ 2012-01-06 08:30 . 2012-01-06 08:30 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\67cb5c00eb2555fb2972fe924e592cce\mcepg.ni.dll
+ 2012-01-05 01:39 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-07-01 23:10 . 2010-11-05 01:58 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-05 01:39 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-07-01 23:09 . 2010-11-05 01:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-07-01 23:09 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 02:31 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 02:31 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-07-01 23:09 . 2010-11-05 01:56 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-05 01:40 . 2011-07-08 22:31 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-11 02:31 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-05 01:40 . 2011-07-08 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-07-01 23:09 . 2010-11-05 01:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-14 04:54 . 2012-01-05 01:28 11272192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-13 01:59 11272192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-24 14:45 . 2012-01-13 08:00 54008112 c:\windows\system32\MRT.exe
+ 2012-01-06 08:18 . 2012-01-06 08:18 10618880 c:\windows\assembly\NativeImages_v2.0.50727_64\System\8c862eb9bcba031e1479974a7d62aa0b\System.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc4df91390f1b827ecb62a2edd0d1894\System.Windows.Forms.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-13 08:25 . 2012-01-13 08:25 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-06 08:27 . 2012-01-06 08:27 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\2cafbf62a43038d57239173614435a88\System.Management.Automation.ni.dll
+ 2012-01-13 08:19 . 2012-01-13 08:19 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-06 08:28 . 2012-01-06 08:28 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\2d06fb193634c8d3951a01878f7d3297\System.Data.Entity.ni.dll
+ 2012-01-06 08:20 . 2012-01-06 08:20 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\92eba0d443a423072e9c4b7ca1eec4cd\PresentationFramework.ni.dll
+ 2012-01-06 08:19 . 2012-01-06 08:19 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\11214511a256f136b8425bdd316b47c9\PresentationCore.ni.dll
+ 2012-01-06 08:18 . 2012-01-06 08:18 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\1d2d3e57724bcacaea5e41063dc565c1\mscorlib.ni.dll
+ 2012-01-13 08:26 . 2012-01-13 08:26 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
+ 2012-01-13 08:20 . 2012-01-13 08:20 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-13 08:23 . 2012-01-13 08:23 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-13 08:20 . 2012-01-13 08:20 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
+ 2012-01-06 08:23 . 2012-01-06 08:23 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
+ 2012-01-06 08:22 . 2012-01-06 08:22 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]
"Akamai NetSession Interface"="c:\users\Mike\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
.
c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\WMZuneComm.exe [2010-11-11 306416]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2011-04-15 918032]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
"Zune Launcher"="c:\program files\ZuneLauncher.exe" [2010-11-11 163568]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - hxxp://cvmris.ncsu.edu/Reports/IntraLaunch.CAB
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ck0r55w1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-16 10:24:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-16 15:24
ComboFix2.txt 2012-01-05 01:39
.
Pre-Run: 437,552,513,024 bytes free
Post-Run: 437,476,098,048 bytes free
.
- - End Of File - - 70F318E2952C82A4C22297F52589F951
  • 0

#52
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL logfile created on: 1/16/2012 10:34:02 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mike\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 76.86% Memory free
11.50 Gb Paging File | 9.96 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 407.52 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.14 Gb Free Space | 17.85% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 22:53:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/01 11:27:50 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/06/28 04:19:50 | 004,950,664 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 15:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2009/08/05 15:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/07 19:15:58 | 000,130,400 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/13 03:19:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012/01/06 03:31:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2012/01/06 03:23:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2012/01/06 03:23:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2012/01/06 03:23:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2012/01/06 03:22:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2012/01/06 03:22:48 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2012/01/06 03:22:46 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2012/01/06 03:22:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2012/01/06 03:22:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2012/01/06 03:22:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2012/01/06 03:22:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2012/01/06 03:22:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/28 04:19:50 | 004,950,664 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/06/28 04:19:28 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/06/28 04:19:26 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/06/28 04:19:26 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/04/26 15:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/21 14:47:59 | 000,116,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/08/05 15:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 19:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 19:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 19:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 19:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 19:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 19:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 19:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 19:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 14:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 13:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/12/14 20:10:48 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/26 01:52:40 | 002,772,096 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/08/26 01:43:24 | 002,771,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/15 12:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/04 13:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/12/07 14:58:38 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/09 05:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 11:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/07/12 10:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 10:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/01/09 20:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/09 11:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/03 23:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/12 15:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/04/22 12:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/04/22 12:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/23 11:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ck0r55w1.default\extensions
[2011/12/16 20:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/22 07:35:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/06 21:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 20:11:18 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

O1 HOSTS File: ([2012/01/16 10:19:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004..\Run: [Akamai NetSession Interface] C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1914085616-3518187634-3453094830-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} http://cvmris.ncsu.e...IntraLaunch.CAB (IntraLaunch.MainControl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 10:19:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/16 10:18:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/16 10:11:00 | 004,385,658 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/01/07 15:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/07 09:32:31 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
[2012/01/04 22:42:31 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe
[2012/01/04 20:22:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/04 20:22:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/04 20:22:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/04 20:20:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/04 00:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/03 23:51:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/03 23:43:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\RK_Quarantine
[2011/12/31 09:50:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/12/30 18:05:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/30 18:03:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/12/30 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\malware removal
[2011/12/30 15:35:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/12/30 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 15:35:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/30 15:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/11 14:04:20 | 001,526,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll
[2010/11/11 14:04:20 | 001,243,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll
[2010/11/11 14:04:20 | 001,151,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll
[2010/11/11 14:04:20 | 000,645,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll
[2010/11/11 14:04:18 | 001,284,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll
[2010/11/11 14:00:34 | 000,896,240 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll
[2010/11/11 14:00:34 | 000,157,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll
[2010/11/11 14:00:32 | 000,467,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe
[2010/11/11 14:00:32 | 000,306,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe
[2010/11/11 14:00:32 | 000,195,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll
[2010/11/11 14:00:32 | 000,156,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll
[2010/11/11 14:00:32 | 000,152,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll
[2010/11/11 14:00:32 | 000,027,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll
[2010/11/11 14:00:32 | 000,021,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll
[2010/11/11 14:00:32 | 000,018,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll
[2010/11/11 14:00:32 | 000,009,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll
[2010/11/11 14:00:30 | 000,100,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll
[2010/11/11 14:00:18 | 000,507,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll
[2010/11/11 14:00:14 | 016,873,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll
[2010/11/11 14:00:14 | 001,521,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe
[2010/11/11 14:00:14 | 000,916,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll
[2010/11/11 14:00:14 | 000,683,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll
[2010/11/11 14:00:14 | 000,514,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll
[2010/11/11 14:00:14 | 000,366,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll
[2010/11/11 14:00:14 | 000,155,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll
[2010/11/11 14:00:14 | 000,074,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll
[2010/11/11 14:00:12 | 001,404,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll
[2010/11/11 14:00:12 | 001,240,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll
[2010/11/11 14:00:12 | 000,017,648 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe
[2010/11/11 13:59:38 | 009,971,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll
[2010/11/11 13:59:38 | 000,347,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll
[2010/11/11 13:59:36 | 008,251,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe
[2010/11/11 13:59:36 | 002,109,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll
[2010/11/11 13:59:36 | 001,744,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll
[2010/11/11 13:59:36 | 001,184,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll
[2010/11/11 13:59:36 | 001,161,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll
[2010/11/11 13:59:36 | 001,084,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll
[2010/11/11 13:59:36 | 000,855,280 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll
[2010/11/11 13:59:36 | 000,376,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll
[2010/11/11 13:59:36 | 000,223,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe
[2010/11/11 13:59:36 | 000,163,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe
[2010/11/11 13:59:36 | 000,130,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll
[2010/11/11 13:59:36 | 000,020,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll
[2010/11/11 13:59:32 | 001,464,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll
[2010/11/11 13:59:32 | 000,218,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe
[2010/11/11 13:59:32 | 000,072,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll
[2010/11/11 13:59:30 | 000,707,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll
[2010/11/11 13:59:24 | 000,212,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll
[2010/11/11 13:59:24 | 000,129,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll
[2010/11/11 13:59:24 | 000,121,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll
[2010/11/11 13:59:24 | 000,061,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll
[2010/11/11 13:59:24 | 000,056,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe
[2010/11/11 13:59:24 | 000,038,640 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe
[2010/11/11 13:59:24 | 000,035,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll
[2010/09/24 11:19:24 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm
[2010/09/24 10:49:20 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2010/09/24 10:49:18 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2010/09/24 10:49:18 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2007/10/02 14:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll

========== Files - Modified Within 30 Days ==========

[2012/01/16 10:36:07 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 10:36:07 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 10:33:18 | 001,088,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 10:33:18 | 000,894,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 10:33:18 | 000,192,994 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 10:28:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 10:28:51 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 10:19:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/16 10:11:06 | 004,385,658 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/01/16 09:40:38 | 000,016,556 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/01/11 23:36:16 | 000,012,318 | ---- | M] () -- C:\Users\Mike\Desktop\avptool_sysinfo.zip
[2012/01/11 06:44:59 | 000,000,282 | -HS- | M] () -- C:\Windows\9909145drv.spi
[2012/01/07 23:00:43 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/01/07 15:00:06 | 112,124,392 | ---- | M] () -- C:\Users\Mike\Desktop\setup_11.0.0.1245.x01_2012_01_07_22_36.exe
[2012/01/07 14:26:39 | 000,080,384 | ---- | M] () -- C:\Users\Mike\Desktop\MBRCheck.exe
[2012/01/07 11:40:11 | 000,000,512 | ---- | M] () -- C:\Users\Mike\Desktop\MBR.dat
[2012/01/07 09:32:31 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
[2012/01/05 00:29:23 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2012/01/04 22:53:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2012/01/04 22:42:41 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe
[2012/01/03 23:43:07 | 000,776,704 | ---- | M] () -- C:\Users\Mike\Desktop\RogueKiller.exe
[2011/12/30 20:52:16 | 004,990,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 17:52:29 | 000,000,394 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/12/30 16:32:37 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2011/12/30 15:36:25 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:17:14 | 001,008,141 | ---- | M] () -- C:\Users\Mike\Desktop\iExplore.exe
[2011/12/22 08:13:53 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini

========== Files Created - No Company Name ==========

[2012/01/11 23:37:14 | 000,012,318 | ---- | C] () -- C:\Users\Mike\Desktop\avptool_sysinfo.zip
[2012/01/08 15:42:44 | 000,000,282 | -HS- | C] () -- C:\Windows\9909145drv.spi
[2012/01/07 15:00:04 | 112,124,392 | ---- | C] () -- C:\Users\Mike\Desktop\setup_11.0.0.1245.x01_2012_01_07_22_36.exe
[2012/01/07 14:26:39 | 000,080,384 | ---- | C] () -- C:\Users\Mike\Desktop\MBRCheck.exe
[2012/01/07 09:37:17 | 000,000,512 | ---- | C] () -- C:\Users\Mike\Desktop\MBR.dat
[2012/01/05 00:28:05 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/01/04 20:22:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/04 20:22:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/04 20:22:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/04 20:22:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/04 20:22:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/03 23:43:03 | 000,776,704 | ---- | C] () -- C:\Users\Mike\Desktop\RogueKiller.exe
[2011/12/30 17:52:28 | 000,000,394 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/12/30 16:32:37 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/12/30 15:36:25 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:20:30 | 001,008,141 | ---- | C] () -- C:\Users\Mike\Desktop\iExplore.exe
[2011/12/30 14:48:32 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/12/22 08:13:52 | 000,000,021 | ---- | C] () -- C:\tmuninst.ini
[2011/08/27 14:40:14 | 000,011,586 | ---- | C] () -- C:\Users\Mike\AppData\Local\tmpBUTTERFLY_navi.JPG
[2011/08/27 14:40:13 | 002,153,753 | ---- | C] () -- C:\Users\Mike\AppData\Local\tmpBUTTERFLY.JPG
[2011/08/27 11:09:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/24 12:52:30 | 001,070,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/24 10:51:32 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config
[2010/09/24 10:51:18 | 000,138,893 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png
[2010/09/24 10:51:18 | 000,138,241 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png
[2010/09/24 10:51:18 | 000,138,239 | ---- | C] () -- C:\Program Files\quickplaymap_por.png
[2010/09/24 10:51:18 | 000,124,277 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png
[2010/09/24 10:51:18 | 000,124,066 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png
[2010/09/24 10:51:18 | 000,122,665 | ---- | C] () -- C:\Program Files\quickplaymap_frc.png
[2010/09/24 10:51:18 | 000,121,667 | ---- | C] () -- C:\Program Files\quickplaymap_esm.png
[2010/09/24 10:51:18 | 000,121,034 | ---- | C] () -- C:\Program Files\quickplaymap.png
[2010/09/24 10:51:18 | 000,118,456 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png
[2010/09/24 10:51:18 | 000,113,696 | ---- | C] () -- C:\Program Files\softwaremap_por.png
[2010/09/24 10:51:18 | 000,112,268 | ---- | C] () -- C:\Program Files\softwaremap_nld.png
[2010/09/24 10:51:18 | 000,104,707 | ---- | C] () -- C:\Program Files\softwaremap_esm.png
[2010/09/24 10:51:18 | 000,103,753 | ---- | C] () -- C:\Program Files\softwaremap_deu.png
[2010/09/24 10:51:18 | 000,103,128 | ---- | C] () -- C:\Program Files\softwaremap_frc.png
[2010/09/24 10:51:18 | 000,102,831 | ---- | C] () -- C:\Program Files\softwaremap_ita.png
[2010/09/24 10:51:18 | 000,100,035 | ---- | C] () -- C:\Program Files\softwaremap.png
[2010/09/24 10:51:18 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif
[2010/09/24 10:51:18 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif
[2010/09/24 10:51:18 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif
[2010/09/03 19:42:03 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2010/09/03 19:42:03 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libfaac.dll
[2010/09/03 19:42:02 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/03 19:42:02 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/03 19:42:01 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2009/12/24 10:26:38 | 000,016,556 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/17 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canon
[2011/06/01 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\EndNote
[2009/12/26 07:08:21 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PictureMover
[2010/08/08 18:22:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/22 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thunderbird
[2009/12/25 13:22:48 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\acccore
[2011/11/10 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\AMICAS
[2011/12/11 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Dropbox
[2009/12/25 13:22:57 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\eFax Messenger
[2009/12/25 13:22:59 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\eJournal
[2011/10/11 13:43:12 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\EndNote
[2009/12/25 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\GARMIN
[2009/12/25 13:23:18 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\muvee Technologies
[2009/12/23 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\PictureMover
[2011/06/30 09:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 00:08:49 | 000,027,936 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F1A0FBCA-0112-4F48-9677-74A15FF817D4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 05 01 04 01 03 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ipsec /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd /s >
"BootFlags" = 1
"DisplayName" = @%systemroot%\system32\drivers\afd.sys,-1000
"Group" = PNP_TDI
"ImagePath" = \SystemRoot\system32\drivers\afd.sys
"Description" = @%systemroot%\system32\drivers\afd.sys,-1000
"ErrorControl" = 1
"Start" = 1
"Type" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Enum]
"0" = Root\LEGACY_AFD\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >
  • 0

#53
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks for ComboFix.

I will now prepare the next post but I have a question:

Do you now have all your start menu items and your desktop icons?

Edited by CompCav, 16 January 2012 - 09:53 AM.

  • 0

#54
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
The computer seems to be running normaly. I still have not done much with it since we have been fixing it.

If we have removed the virus, please let me know how we should proceed in preperation for a reformat.

My goals:
1) Verify that the exteranl hard drive is clean (contains some files, but mostly compressed backup files). It has been unplugged from the computer from when I first suspected an infection
2) Transfer the above metioned files to external HD or other media (DVD, etc) in preperation for reformat
3) Reformat
4) Protect against future infection

Thanks
  • 0

#55
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Thanks for ComboFix.

I will now prepare the next post but I have a question:

Do you now have all your start menu items and your desktop icons?


Yes. All start menu items and desktop icons are present. Still any icon on teh desktop that directs to an .exe file has a blue and gold sheild over the lower right quadrant of the icon.
  • 0

Advertisements


#56
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Yes. All start menu items and desktop icons are present. Still any icon on teh desktop that directs to an .exe file has a blue and gold sheild over the lower right quadrant of the icon.


The reset of UAC we did to enhance security does put that shield on and ask you do you want to run it after you click on it. This is normal and good computer safety practices.

CompCav
  • 0

#57
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Before you start the steps below please answer these questions:

What make and model number is your computer?

Do you have a recovery console disk?

Do you have a set of recovery disks to restore your computer? (This would have been recommended in the hP documentation when you purchased the computer)

Do you have another computer available for file transfers and internet communication?



Also please make sure you have the serial numbers and disks for any programs you may have installed since you purchased this computer. All of these will need to be reinstalled after we restore to the initial conditions and do the MS and hP updates of your computer.



Step 1.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    :files
    ipconfig /flushdns /c
    
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 3.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Step 4.

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.

  • Double-click on the file USBVaccine.zip located on your desktop.
  • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
  • Follow the steps on screen to install the program on your computer.

  • Now we are ready to work on your external drive.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.


Step 5.

We will now do a full scan of your external drive.

  • Reopen MalwareBytes' Anti-Malware
  • Click the Update tab and click Check for Updates. Click OK once it updates.
  • Click the Scanner tab, click Perform full scan, check the external drive and uncheck all others. Click Scan.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Step 6.

Please post:

OTL fix log
mbam log for computer
eset log
mbam log for external drive


How is the computer performing now?
  • 0

#58
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
[quote name='CompCav' timestamp='1326738207' post='2108470']
Before you start the steps below please answer these questions:

What make and model number is your computer?

Do you have a recovery console disk?

Do you have a set of recovery disks to restore your computer? (This would have been recommended in the hP documentation when you purchased the computer)

Do you have another computer available for file transfers and internet communication?



Also please make sure you have the serial numbers and disks for any programs you may have installed since you purchased this computer. All of these will need to be reinstalled after we restore to the initial conditions and do the MS and hP updates of your computer.


The Computer is an HP Pavillion p6210y

We have a Windows 7 DVD

I do not have a recovery console disk (or my wife misplaced it)
We do not have a set of recovery disks

I do have an alternate computer avaialbe
I do have all the seria #'s and disks for programs installed on the computer.
  • 0

#59
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 369428 bytes
->Temporary Internet Files folder emptied: 4324569 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Toni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01162012_141434

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF23ECB7056AEB3466.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF24900A0D686234E3.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF5D53AC64D64D6F93.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF62DD9D7EF8D5C6A0.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DF7FC63DA8E82DC026.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFAFC0301D4F85D034.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFC6824370D69CBD6E.TMP not found!
File\Folder C:\Users\Mike\AppData\Local\Temp\~DFE47442D89840DC76.TMP not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6NA09Y3\fastbutton[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6NA09Y3\page__st__45__gopid__2108498[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#60
integrinB4

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mike :: DESKTOP [administrator]

1/16/2012 2:29:09 PM
mbam-log-2012-01-16 (14-29-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197613
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP