Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

System hangs and continual activity light flashing [Closed] [Solved]


  • This topic is locked This topic is locked
47 replies to this topic

#31 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 02 April 2012 - 03:53 PM

Sure...you can go ahead and run it. We may not need it at all.

Advertisement

    Register to Remove


#32 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 06 April 2012 - 06:19 AM

Are you still with me?

#33 kevin_czarnota

kevin_czarnota

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 06 April 2012 - 05:19 PM

I'll try doing it this weekend.

#34 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 06 April 2012 - 06:49 PM

:thumbup:

#35 kevin_czarnota

kevin_czarnota

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 07 April 2012 - 08:11 PM

Jeff, I ran what you said and it found some errors it could not correct and wrote a report. I cant find the report to attach, do you know where It might have written it? Also it seems worse now than before for hanging. Just loading this webpage took forever it seemed. Also, I have tried other audio players and prefer VLC. How much risk will I be taking reinstalling that program?

#36 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 08 April 2012 - 06:57 AM

Hi,

How much risk will I be taking reinstalling that program?

I don't see any problem with that. :)
----------

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

#37 kevin_czarnota

kevin_czarnota

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 08 April 2012 - 05:59 PM

I was not able to include a screen shot, So I attached a jpg of it using paint. And I think my laptop will burn a CD.

Attached Thumbnails

  • screenshot.jpg


#38 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 08 April 2012 - 07:24 PM

Hi,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

#39 kevin_czarnota

kevin_czarnota

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 10 April 2012 - 04:36 PM

here is the report ComboFix 12-04-10.01 - kevin 04/10/2012 8:19.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1235 [GMT -5:00] Running from: c:\users\kevin\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\Setup.exe c:\users\kevin\g2mdlhlpx.exe c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\Netopia3l.log c:\windows\NetopiaEvents.log c:\windows\SysWow64\install . . ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 ))))))))))))))))))))))))))))))) . . 2012-04-10 13:34 . 2012-04-10 21:43 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\temp 2012-04-10 13:34 . 2012-04-10 13:35 -------- d-----w- c:\users\Carla\AppData\Local\temp 2012-04-10 13:34 . 2012-04-10 13:34 -------- d-----w- c:\users\kids\AppData\Local\temp 2012-04-10 13:34 . 2012-04-10 13:34 -------- d-----w- c:\users\kevin\AppData\Local\temp 2012-04-10 13:34 . 2012-04-10 13:34 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-04-10 13:34 . 2012-04-10 13:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-10 08:24 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD925858-53C2-4F0A-8670-172B8E5C26B5}\mpengine.dll 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\users\kevin\AppData\Local\WinZip 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\programdata\WinZipEC 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\program files (x86)\WinZip Courier 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP 2012-04-09 12:10 . 2012-04-09 12:10 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\vlc 2012-04-08 02:53 . 2012-04-08 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-08 02:53 . 2012-04-08 02:53 -------- d-----r- c:\program files (x86)\Skype 2012-04-08 02:45 . 2012-04-08 02:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-06 21:12 . 2012-04-08 02:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-04 21:29 . 2012-04-04 21:38 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\gtk-2.0 2012-04-04 21:28 . 2012-04-04 21:28 -------- d-----w- c:\users\Bricks4Kidz\.thumbnails 2012-04-04 21:25 . 2012-04-04 21:38 -------- d-----w- c:\users\Bricks4Kidz\.gimp-2.4 2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\Netscape 2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\programdata\Photodex 2012-03-29 12:28 . 2012-03-29 12:28 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\PotPlayerMini 2012-03-29 12:28 . 2012-03-29 12:28 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\Daum 2012-03-27 02:59 . 2012-03-29 12:38 -------- d-----w- c:\program files (x86)\Daum 2012-03-26 18:49 . 2012-03-26 18:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-03-26 18:49 . 2012-03-26 18:49 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\Adobe 2012-03-23 13:52 . 2012-03-23 13:52 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\join.me 2012-03-23 01:58 . 2012-03-23 01:58 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\Malwarebytes 2012-03-22 18:55 . 2012-03-22 18:55 -------- d-----w- c:\program files (x86)\ESET 2012-03-22 15:34 . 2012-03-22 15:34 -------- d-----w- c:\users\kevin\AppData\Roaming\Malwarebytes 2012-03-22 15:34 . 2012-03-22 15:34 -------- d-----w- c:\programdata\Malwarebytes 2012-03-22 15:34 . 2012-03-22 15:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-22 15:34 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-21 20:58 . 2012-03-21 21:01 -------- d-----w- c:\users\kevin\AppData\Roaming\gtk-2.0 2012-03-21 20:58 . 2012-03-21 20:58 -------- d-----w- c:\users\kevin\.thumbnails 2012-03-21 13:04 . 2012-03-27 03:53 -------- d-----w- c:\users\kevin\.gimp-2.4 2012-03-21 13:03 . 2012-03-21 13:03 -------- d-----w- c:\program files (x86)\GIMP-2.0 2012-03-21 13:02 . 2012-03-21 13:02 -------- d-----w- c:\users\kevin\AppData\Local\I Want This 2012-03-21 11:27 . 2012-03-21 11:27 -------- d-----w- c:\program files (x86)\ERUNT 2012-03-19 03:25 . 2012-03-19 03:25 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-19 03:25 . 2012-03-19 03:25 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 01:20 . 2012-02-02 15:34 2765824 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 01:20 . 2012-02-13 14:03 1555968 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 01:20 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 01:20 . 2012-02-14 16:49 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 01:20 . 2012-02-14 15:45 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-03-14 01:20 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-03-14 01:20 . 2012-02-13 14:38 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 01:20 . 2012-02-13 13:47 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-03-14 01:20 . 2012-02-13 14:06 834048 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 01:20 . 2012-02-14 16:49 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 01:20 . 2012-02-14 15:45 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-03-14 01:19 . 2012-01-31 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat 2012-03-14 01:19 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-14 01:14 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 01:14 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 01:14 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll 2012-03-14 00:41 . 2012-03-14 00:42 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\avidemux . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-08 02:50 . 2011-08-17 21:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-08 02:45 . 2011-03-07 18:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-14 03:27 . 2010-12-25 18:11 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-16 20:22 . 2012-02-16 20:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-02-16 20:22 . 2012-02-16 20:22 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-16 20:22 . 2012-02-16 20:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-02-16 20:22 . 2012-02-16 20:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-02-16 20:22 . 2012-02-16 20:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-02-16 20:22 . 2012-02-16 20:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-02-16 20:22 . 2012-02-16 20:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-02-16 20:22 . 2012-02-16 20:22 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-02-16 20:22 . 2012-02-16 20:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-02-16 20:22 . 2012-02-16 20:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-02-16 20:22 . 2012-02-16 20:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-02-16 20:22 . 2012-02-16 20:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-02-16 20:22 . 2012-02-16 20:22 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-16 20:22 . 2012-02-16 20:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-02-16 20:22 . 2012-02-16 20:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-16 20:22 . 2012-02-16 20:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-02-16 20:22 . 2012-02-16 20:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-02-16 20:22 . 2012-02-16 20:22 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-16 20:22 . 2012-02-16 20:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-02-16 20:22 . 2012-02-16 20:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-02-16 20:22 . 2012-02-16 20:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-02-16 20:22 . 2012-02-16 20:22 222208 ----a-w- c:\windows\system32\msls31.dll 2012-02-16 20:22 . 2012-02-16 20:22 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-16 20:22 . 2012-02-16 20:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-16 20:22 . 2012-02-16 20:22 2308096 ----a-w- c:\windows\system32\jscript9.dll 2012-02-16 20:22 . 2012-02-16 20:22 12288 ----a-w- c:\windows\system32\mshta.exe 2012-02-16 20:22 . 2012-02-16 20:22 114176 ----a-w- c:\windows\system32\admparse.dll 2012-02-16 20:22 . 2012-02-16 20:22 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-02-16 20:22 . 2012-02-16 20:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-16 20:22 . 2012-02-16 20:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-16 20:22 . 2012-02-16 20:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-16 20:22 . 2012-02-16 20:22 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-16 20:22 . 2012-02-16 20:22 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-02-16 20:22 . 2012-02-16 20:22 448512 ----a-w- c:\windows\system32\html.iec 2012-02-16 20:22 . 2012-02-16 20:22 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-02-16 20:22 . 2012-02-16 20:22 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-16 20:22 . 2012-02-16 20:22 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-16 20:22 . 2012-02-16 20:22 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-02-16 20:22 . 2012-02-16 20:22 160256 ----a-w- c:\windows\system32\wextract.exe 2012-02-16 20:21 . 2012-02-16 20:21 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-02-16 20:21 . 2012-02-16 20:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-16 20:21 . 2012-02-16 20:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-10 09:24 . 2012-02-10 09:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7FA08D8-0338-44BF-B618-2066762C0206}\gapaengine.dll 2012-02-01 23:45 . 2011-08-17 02:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-01-31 12:44 . 2009-10-05 13:40 279656 ------w- c:\windows\system32\MpSigStub.exe 2008-09-30 16:29 . 2008-09-30 16:29 9772544 ------w- c:\program files (x86)\openofficeorg30.msi 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- c:\program files (x86)\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- c:\program files (x86)\instmsia.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-09 4785536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Bricks4Kidz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\users\kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Stoic Joker's T-Clock x64.lnk - c:\program files (x86)\Tclock\tclock-x64\Clock.exe [2009-5-4 156160] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 253600] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-17 140672] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:50] . 2012-04-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2635fb0e-ddb7-4507-8af1-3ac8d4d6c857.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-03 22:03] . 2012-04-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 496ce132-741c-4714-94e8-e5e2782636c9.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-03 22:03] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 69.1.30.43 69.1.30.42 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Bricks4Kidz\AppData\Roaming\Mozilla\Firefox\Profiles\c0iibkez.default\ FF - prefs.js: browser.startup.homepage - hxxps://my.bricks4kidz.com/index.php?module=home . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="04F0D21-79D8-7A25-D702-433F" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe c:\program files\Dell\DellDock\DockLogin.exe c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe . ************************************************************************** . Completion time: 2012-04-10 16:49:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-10 21:49 . Pre-Run: 335,410,049,024 bytes free Post-Run: 332,544,901,120 bytes free . - - End Of File - - 0EAF7FC525DE7B0E39E4F1C009ACF86A

#40 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 10 April 2012 - 07:43 PM

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    ClearJavaCache::
    
    Folder::
    c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
    
    Firefox::
    FF - ProfilePath - c:\users\Bricks4Kidz\AppData\Roaming\Mozilla\Firefox\Profiles\c0iibkez.default\
    FF - prefs.js: browser.startup.homepage - hxxps://my.bricks4kidz.com/index.php?module=home
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Advertisement

    Register to Remove


#41 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 12 April 2012 - 05:52 AM

Hi, Do you still need help? :)

#42 kevin_czarnota

kevin_czarnota

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 12 April 2012 - 08:18 PM

Jeff Here is the latest combo fix log file. ComboFix 12-04-10.01 - kevin 04/12/2012 7:48.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1236 [GMT -5:00] Running from: c:\users\kevin\Desktop\ComboFix.exe Command switches used :: c:\users\kevin\Desktop\cfscript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP . . ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 ))))))))))))))))))))))))))))))) . . 2012-04-12 13:06 . 2012-04-12 13:21 -------- d-----w- c:\users\kevin\AppData\Local\temp 2012-04-12 13:06 . 2012-04-12 13:07 -------- d-----w- c:\users\Carla\AppData\Local\temp 2012-04-12 13:06 . 2012-04-12 13:06 -------- d-----w- c:\users\kids\AppData\Local\temp 2012-04-12 13:06 . 2012-04-12 13:06 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-04-12 13:06 . 2012-04-12 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-12 13:06 . 2012-04-12 13:06 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\temp 2012-04-12 07:59 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9BB5F3D-F811-4E79-A619-06DACDA8E337}\mpengine.dll 2012-04-11 11:40 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 11:40 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 11:40 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 11:40 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-11 11:40 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-11 11:40 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 11:40 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-11 11:32 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat 2012-04-11 11:32 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-04-10 23:25 . 2012-04-10 23:25 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\WinZip Courier 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\users\kevin\AppData\Local\WinZip 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\programdata\WinZipEC 2012-04-10 04:05 . 2012-04-10 04:05 -------- d-----w- c:\program files (x86)\WinZip Courier 2012-04-09 12:10 . 2012-04-09 12:10 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\vlc 2012-04-08 02:53 . 2012-04-08 02:53 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-08 02:53 . 2012-04-08 02:53 -------- d-----r- c:\program files (x86)\Skype 2012-04-08 02:45 . 2012-04-08 02:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-06 21:12 . 2012-04-08 02:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-04 21:29 . 2012-04-04 21:38 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\gtk-2.0 2012-04-04 21:28 . 2012-04-04 21:28 -------- d-----w- c:\users\Bricks4Kidz\.thumbnails 2012-04-04 21:25 . 2012-04-04 21:38 -------- d-----w- c:\users\Bricks4Kidz\.gimp-2.4 2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\Netscape 2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\programdata\Photodex 2012-03-29 12:28 . 2012-03-29 12:28 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\PotPlayerMini 2012-03-29 12:28 . 2012-03-29 12:28 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\Daum 2012-03-27 02:59 . 2012-03-29 12:38 -------- d-----w- c:\program files (x86)\Daum 2012-03-26 18:49 . 2012-03-26 18:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-03-26 18:49 . 2012-03-26 18:49 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\Adobe 2012-03-23 13:52 . 2012-03-23 13:52 -------- d-----w- c:\users\Bricks4Kidz\AppData\Local\join.me 2012-03-23 01:58 . 2012-03-23 01:58 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\Malwarebytes 2012-03-22 18:55 . 2012-03-22 18:55 -------- d-----w- c:\program files (x86)\ESET 2012-03-22 15:34 . 2012-03-22 15:34 -------- d-----w- c:\users\kevin\AppData\Roaming\Malwarebytes 2012-03-22 15:34 . 2012-03-22 15:34 -------- d-----w- c:\programdata\Malwarebytes 2012-03-22 15:34 . 2012-04-10 22:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-22 15:34 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-21 20:58 . 2012-03-21 21:01 -------- d-----w- c:\users\kevin\AppData\Roaming\gtk-2.0 2012-03-21 20:58 . 2012-03-21 20:58 -------- d-----w- c:\users\kevin\.thumbnails 2012-03-21 13:04 . 2012-03-27 03:53 -------- d-----w- c:\users\kevin\.gimp-2.4 2012-03-21 13:03 . 2012-03-21 13:03 -------- d-----w- c:\program files (x86)\GIMP-2.0 2012-03-21 13:02 . 2012-03-21 13:02 -------- d-----w- c:\users\kevin\AppData\Local\I Want This 2012-03-21 11:27 . 2012-03-21 11:27 -------- d-----w- c:\program files (x86)\ERUNT 2012-03-19 03:25 . 2012-03-19 03:25 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-19 03:25 . 2012-03-19 03:25 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 01:20 . 2012-02-02 15:34 2765824 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 01:20 . 2012-02-13 14:03 1555968 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 01:20 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 01:20 . 2012-02-14 16:49 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 01:20 . 2012-02-14 15:45 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-03-14 01:20 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-03-14 01:20 . 2012-02-13 14:38 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 01:20 . 2012-02-13 13:47 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-03-14 01:20 . 2012-02-13 14:06 834048 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 01:20 . 2012-02-14 16:49 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 01:20 . 2012-02-14 15:45 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-03-14 01:14 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 01:14 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 01:14 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll 2012-03-14 00:41 . 2012-03-14 00:42 -------- d-----w- c:\users\Bricks4Kidz\AppData\Roaming\avidemux . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-08 02:50 . 2011-08-17 21:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-08 02:45 . 2011-03-07 18:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-14 03:27 . 2010-12-25 18:11 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-16 20:22 . 2012-02-16 20:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-02-16 20:22 . 2012-02-16 20:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-02-16 20:22 . 2012-02-16 20:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-02-16 20:22 . 2012-02-16 20:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-02-16 20:22 . 2012-02-16 20:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-02-16 20:22 . 2012-02-16 20:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-02-16 20:22 . 2012-02-16 20:22 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-02-16 20:22 . 2012-02-16 20:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-02-16 20:22 . 2012-02-16 20:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-02-16 20:22 . 2012-02-16 20:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-02-16 20:22 . 2012-02-16 20:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-02-16 20:22 . 2012-02-16 20:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-02-16 20:22 . 2012-02-16 20:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-02-16 20:22 . 2012-02-16 20:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-02-16 20:22 . 2012-02-16 20:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-02-16 20:22 . 2012-02-16 20:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-02-16 20:22 . 2012-02-16 20:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-02-16 20:22 . 2012-02-16 20:22 222208 ----a-w- c:\windows\system32\msls31.dll 2012-02-16 20:22 . 2012-02-16 20:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-16 20:22 . 2012-02-16 20:22 12288 ----a-w- c:\windows\system32\mshta.exe 2012-02-16 20:22 . 2012-02-16 20:22 114176 ----a-w- c:\windows\system32\admparse.dll 2012-02-16 20:22 . 2012-02-16 20:22 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-02-16 20:22 . 2012-02-16 20:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-16 20:22 . 2012-02-16 20:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-16 20:22 . 2012-02-16 20:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-16 20:22 . 2012-02-16 20:22 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-16 20:22 . 2012-02-16 20:22 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-02-16 20:22 . 2012-02-16 20:22 448512 ----a-w- c:\windows\system32\html.iec 2012-02-16 20:22 . 2012-02-16 20:22 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-02-16 20:22 . 2012-02-16 20:22 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-16 20:22 . 2012-02-16 20:22 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-02-16 20:22 . 2012-02-16 20:22 160256 ----a-w- c:\windows\system32\wextract.exe 2012-02-16 20:21 . 2012-02-16 20:21 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-02-16 20:21 . 2012-02-16 20:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-10 09:24 . 2012-02-10 09:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7FA08D8-0338-44BF-B618-2066762C0206}\gapaengine.dll 2012-02-01 23:45 . 2011-08-17 02:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-01-31 12:44 . 2009-10-05 13:40 279656 ------w- c:\windows\system32\MpSigStub.exe 2008-09-30 16:29 . 2008-09-30 16:29 9772544 ------w- c:\program files (x86)\openofficeorg30.msi 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- c:\program files (x86)\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- c:\program files (x86)\instmsia.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-04-10_21.43.10 ))))))))))))))))))))))))))))))))))))))))) . - 2012-02-16 20:22 . 2012-02-16 20:22 72704 c:\windows\SysWOW64\mshtmled.dll + 2012-04-11 11:41 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll - 2012-02-16 20:22 . 2012-02-16 20:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-04-11 11:41 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll - 2012-02-16 20:22 . 2012-02-16 20:22 65024 c:\windows\SysWOW64\jsproxy.dll + 2012-04-11 11:41 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll - 2008-01-21 03:20 . 2012-04-10 03:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-21 03:20 . 2012-04-11 11:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-07 18:48 . 2012-04-11 11:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-03-07 18:48 . 2012-04-10 03:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-01-21 03:20 . 2012-04-10 03:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-21 03:20 . 2012-04-11 11:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-16 20:24 . 2012-04-10 22:31 26636 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2707694908-3892883027-3287269716-1000_UserData.bin + 2012-04-11 11:41 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll - 2012-02-16 20:22 . 2012-02-16 20:22 96256 c:\windows\system32\mshtmled.dll - 2012-02-16 20:22 . 2012-02-16 20:22 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-04-11 11:41 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll - 2012-02-16 20:22 . 2012-02-16 20:22 85504 c:\windows\system32\jsproxy.dll + 2012-04-11 11:41 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll + 2012-04-11 11:47 . 2012-04-11 11:47 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2012-02-16 20:10 . 2012-02-16 20:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll - 2012-02-16 20:10 . 2012-02-16 20:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2012-04-11 11:47 . 2012-04-11 11:47 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2012-02-16 20:10 . 2012-02-16 20:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2012-04-11 11:47 . 2012-04-11 11:47 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll - 2012-02-16 20:10 . 2012-02-16 20:10 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll + 2012-04-11 11:47 . 2012-04-11 11:47 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll + 2012-04-11 11:47 . 2012-04-11 11:47 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2012-04-11 11:47 . 2012-04-11 11:47 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2012-02-16 20:10 . 2012-02-16 20:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll + 2012-04-11 11:47 . 2012-04-11 11:47 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll + 2012-04-11 11:47 . 2012-04-11 11:47 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll - 2012-02-16 20:10 . 2012-02-16 20:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll - 2012-02-16 20:10 . 2012-02-16 20:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll + 2012-04-11 11:47 . 2012-04-11 11:47 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2012-02-16 20:10 . 2012-02-16 20:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2012-04-11 11:47 . 2012-04-11 11:47 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2012-02-16 20:10 . 2012-02-16 20:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2012-04-11 11:47 . 2012-04-11 11:47 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2012-04-11 11:47 . 2012-04-11 11:47 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2012-02-16 20:10 . 2012-02-16 20:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-04-11 11:47 . 2012-04-11 11:47 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2012-02-16 20:10 . 2012-02-16 20:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2012-04-11 11:47 . 2012-04-11 11:47 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2012-02-16 20:10 . 2012-02-16 20:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2012-02-16 20:10 . 2012-02-16 20:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll + 2012-04-11 11:47 . 2012-04-11 11:47 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll + 2012-04-11 11:47 . 2012-04-11 11:47 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll - 2012-02-16 20:10 . 2012-02-16 20:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll + 2012-04-11 11:47 . 2012-04-11 11:47 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2012-02-16 20:10 . 2012-02-16 20:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2012-04-11 11:47 . 2012-04-11 11:47 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2012-02-16 20:10 . 2012-02-16 20:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2012-04-11 11:47 . 2012-04-11 11:47 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2012-02-16 20:10 . 2012-02-16 20:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2012-04-11 11:47 . 2012-04-11 11:47 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2012-02-16 20:10 . 2012-02-16 20:10 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2012-02-16 20:10 . 2012-02-16 20:10 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-04-11 11:47 . 2012-04-11 11:47 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-04-11 11:46 . 2012-04-11 11:46 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2012-02-16 20:09 . 2012-02-16 20:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-04-11 11:46 . 2012-04-11 11:46 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2012-02-16 20:09 . 2012-02-16 20:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2011-09-07 18:03 . 2012-04-11 12:10 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-09-07 18:03 . 2012-03-14 01:24 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-09-07 18:03 . 2012-03-14 01:24 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2011-09-07 18:03 . 2012-04-11 12:10 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2011-09-07 18:03 . 2012-04-11 12:10 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2011-09-07 18:03 . 2012-03-14 01:24 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2010-10-20 21:32 . 2010-10-20 21:32 32160 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\SOCIALPROVIDER.DLL + 2010-12-21 05:29 . 2010-12-21 05:29 82848 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\PEOPLEDATAHANDLER.DLL + 2010-10-20 20:04 . 2010-10-20 20:04 15776 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\OMUOPTINPS.DLL + 2010-10-20 20:05 . 2010-10-20 20:05 20880 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MUOPTIN.DLL + 2012-04-11 11:56 . 2012-04-11 11:56 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\987ad3f7a65b6f4671af5b4652ddf4d0\System.Web.DynamicData.Design.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\e7efc73c52a5aeaf1fc83470ed455f4f\System.Web.DynamicData.Design.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\734ecd119d0323070f56e5a66267dda5\System.Web.DynamicData.Design.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3bed44ff5691023a5cad9807226360fa\System.Web.DynamicData.Design.ni.dll - 2012-04-10 13:36 . 2012-04-10 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-12 13:08 . 2012-04-12 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-12 13:08 . 2012-04-12 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-10 13:36 . 2012-04-10 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-02-16 20:22 . 2012-02-16 20:22 231936 c:\windows\SysWOW64\url.dll + 2012-04-11 11:41 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll + 2012-04-11 11:41 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll - 2012-02-16 20:22 . 2012-02-16 20:22 716800 c:\windows\SysWOW64\jscript.dll + 2012-04-11 11:41 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll - 2012-02-16 20:22 . 2012-02-16 20:22 176640 c:\windows\SysWOW64\ieui.dll + 2006-11-02 15:45 . 2012-04-10 22:31 101120 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2012-04-11 11:41 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll - 2012-02-16 20:22 . 2012-02-16 20:22 237056 c:\windows\system32\url.dll + 2006-11-02 12:46 . 2012-04-12 13:13 645624 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-04-10 13:43 645624 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-04-12 13:13 120716 c:\windows\system32\perfc009.dat - 2006-11-02 12:46 . 2012-04-10 13:43 120716 c:\windows\system32\perfc009.dat - 2012-02-16 20:22 . 2012-02-16 20:22 818688 c:\windows\system32\jscript.dll + 2012-04-11 11:41 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll + 2012-04-11 11:41 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll - 2012-02-16 20:22 . 2012-02-16 20:22 248320 c:\windows\system32\ieui.dll + 2012-02-16 20:47 . 2012-04-11 11:59 410112 c:\windows\system32\FNTCACHE.DAT + 2011-03-10 18:47 . 2012-04-12 13:06 422360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll + 2012-04-11 11:32 . 2012-01-26 11:00 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll + 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll + 2012-04-11 11:32 . 2012-01-26 11:00 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2012-04-11 11:47 . 2012-04-11 11:47 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2012-02-16 20:10 . 2012-02-16 20:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2012-02-16 20:10 . 2012-02-16 20:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2012-04-11 11:47 . 2012-04-11 11:47 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2012-04-11 11:47 . 2012-04-11 11:47 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2012-02-16 20:10 . 2012-02-16 20:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2012-02-16 20:10 . 2012-02-16 20:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll + 2012-04-11 11:47 . 2012-04-11 11:47 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll + 2012-04-11 11:47 . 2012-04-11 11:47 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2012-02-16 20:10 . 2012-02-16 20:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-04-11 11:47 . 2012-04-11 11:47 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2012-02-16 20:10 . 2012-02-16 20:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2012-04-11 11:47 . 2012-04-11 11:47 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2012-02-16 20:10 . 2012-02-16 20:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2012-04-11 11:47 . 2012-04-11 11:47 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2012-02-16 20:10 . 2012-02-16 20:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll + 2012-04-11 11:47 . 2012-04-11 11:47 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2012-02-16 20:10 . 2012-02-16 20:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2012-04-11 11:47 . 2012-04-11 11:47 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2012-02-16 20:10 . 2012-02-16 20:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2012-02-16 20:10 . 2012-02-16 20:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-04-11 11:47 . 2012-04-11 11:47 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2012-02-16 20:10 . 2012-02-16 20:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2012-04-11 11:47 . 2012-04-11 11:47 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2012-02-16 20:10 . 2012-02-16 20:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-04-11 11:47 . 2012-04-11 11:47 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-04-11 11:47 . 2012-04-11 11:47 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll - 2012-02-16 20:10 . 2012-02-16 20:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2012-04-11 11:47 . 2012-04-11 11:47 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2012-02-16 20:10 . 2012-02-16 20:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll + 2012-04-11 11:47 . 2012-04-11 11:47 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2012-02-16 20:10 . 2012-02-16 20:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-04-11 11:47 . 2012-04-11 11:47 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2012-02-16 20:10 . 2012-02-16 20:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-04-11 11:47 . 2012-04-11 11:47 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2012-04-11 11:47 . 2012-04-11 11:47 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll - 2012-02-16 20:10 . 2012-02-16 20:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2012-04-11 11:47 . 2012-04-11 11:47 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2012-02-16 20:10 . 2012-02-16 20:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2012-04-11 11:47 . 2012-04-11 11:47 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2012-02-16 20:10 . 2012-02-16 20:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2012-04-11 11:47 . 2012-04-11 11:47 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2012-04-11 11:47 . 2012-04-11 11:47 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2012-02-16 20:10 . 2012-02-16 20:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2012-04-11 11:47 . 2012-04-11 11:47 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2012-02-16 20:10 . 2012-02-16 20:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-04-11 11:47 . 2012-04-11 11:47 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-04-11 11:47 . 2012-04-11 11:47 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2012-02-16 20:10 . 2012-02-16 20:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2012-02-16 20:10 . 2012-02-16 20:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-04-11 11:47 . 2012-04-11 11:47 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2012-02-16 20:10 . 2012-02-16 20:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-04-11 11:47 . 2012-04-11 11:47 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2012-04-11 11:47 . 2012-04-11 11:47 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2012-02-16 20:10 . 2012-02-16 20:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2012-02-16 20:10 . 2012-02-16 20:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2012-04-11 11:47 . 2012-04-11 11:47 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll - 2012-02-16 20:10 . 2012-02-16 20:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-04-11 11:47 . 2012-04-11 11:47 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-04-11 11:47 . 2012-04-11 11:47 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll - 2012-02-16 20:10 . 2012-02-16 20:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll - 2012-02-16 20:10 . 2012-02-16 20:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2012-04-11 11:47 . 2012-04-11 11:47 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2012-04-11 11:47 . 2012-04-11 11:47 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2012-02-16 20:10 . 2012-02-16 20:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll + 2012-04-11 11:47 . 2012-04-11 11:47 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-04-11 11:47 . 2012-04-11 11:47 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2012-02-16 20:10 . 2012-02-16 20:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2012-04-11 11:47 . 2012-04-11 11:47 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2012-04-11 11:47 . 2012-04-11 11:47 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2012-02-16 20:10 . 2012-02-16 20:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2012-04-11 11:47 . 2012-04-11 11:47 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll - 2012-02-16 20:10 . 2012-02-16 20:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2012-04-11 11:47 . 2012-04-11 11:47 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2012-02-16 20:10 . 2012-02-16 20:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2012-04-11 11:47 . 2012-04-11 11:47 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll - 2012-02-16 20:10 . 2012-02-16 20:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2012-04-11 11:47 . 2012-04-11 11:47 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2012-02-16 20:10 . 2012-02-16 20:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2012-02-16 20:10 . 2012-02-16 20:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-04-11 11:47 . 2012-04-11 11:47 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-04-11 11:47 . 2012-04-11 11:47 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2012-02-16 20:10 . 2012-02-16 20:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2012-02-16 20:10 . 2012-02-16 20:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2012-04-11 11:47 . 2012-04-11 11:47 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2012-02-16 20:10 . 2012-02-16 20:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-04-11 11:47 . 2012-04-11 11:47 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-04-11 11:47 . 2012-04-11 11:47 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2012-02-16 20:10 . 2012-02-16 20:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll + 2012-04-11 11:47 . 2012-04-11 11:47 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-02-16 20:10 . 2012-02-16 20:10 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-04-11 11:47 . 2012-04-11 11:47 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2012-02-16 20:10 . 2012-02-16 20:10 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2012-02-16 20:10 . 2012-02-16 20:10 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-04-11 11:47 . 2012-04-11 11:47 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-02-16 20:10 . 2012-02-16 20:10 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-04-11 11:47 . 2012-04-11 11:47 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-02-16 20:10 . 2012-02-16 20:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-04-11 11:47 . 2012-04-11 11:47 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll - 2012-02-16 20:09 . 2012-02-16 20:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-04-11 11:46 . 2012-04-11 11:47 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2012-04-11 11:47 . 2012-04-11 11:47 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2012-02-16 20:09 . 2012-02-16 20:09 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-04-11 11:46 . 2012-04-11 11:46 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-02-16 20:09 . 2012-02-16 20:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-02-16 20:09 . 2012-02-16 20:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-04-11 11:46 . 2012-04-11 11:46 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2012-04-11 11:46 . 2012-04-11 11:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll - 2012-02-16 20:09 . 2012-02-16 20:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\a4bff.msp + 2012-02-09 12:27 . 2012-02-09 12:27 206848 c:\windows\Installer\2d444c1.msp - 2011-09-07 18:03 . 2012-03-14 01:24 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2011-09-07 18:03 . 2012-04-11 12:10 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2011-09-07 18:03 . 2012-04-11 12:10 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-09-07 18:03 . 2012-03-14 01:24 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-09-07 18:03 . 2012-03-14 01:24 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-09-07 18:03 . 2012-04-11 12:10 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe - 2011-09-07 18:03 . 2012-03-14 01:24 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe + 2011-09-07 18:03 . 2012-04-11 12:10 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe + 2011-09-07 18:03 . 2012-04-11 12:10 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2011-09-07 18:03 . 2012-03-14 01:24 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2011-09-07 18:03 . 2012-04-11 12:10 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2011-09-07 18:03 . 2012-03-14 01:24 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2010-12-21 07:58 . 2010-12-21 07:58 294768 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\SHAREPOINTPROVIDER.DLL + 2010-12-21 06:02 . 2010-12-21 06:02 501600 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MSODCW.DLL + 2010-10-20 20:04 . 2010-10-20 20:04 178560 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\IETAG.DLL + 2010-12-21 05:26 . 2010-12-21 05:26 519584 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\DWTRIG20.EXE + 2012-04-12 12:36 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-12-2012\ERDNT.EXE + 2012-04-11 12:17 . 2012-04-11 12:17 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll + 2012-04-11 11:57 . 2012-04-11 11:57 244736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\3baa7121b73af962dc8cd7dd95235a0c\System.Windows.Forms.DataVisualization.Design.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 451072 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\24054b418b6bd8b575b4561d2a0090e3\System.Web.Entity.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 367104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\ec94932881ce0b6abc0c91433a6b69f0\System.Web.Entity.Design.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 973824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\84b0d19714fbc794a1d639706cc60843\System.Web.DynamicData.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 331776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\215f6508fa8f0fd1613c0cbfb7646d98\System.Web.DataVisualization.Design.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\cb799cb414d94fdd0d6d0e73fb0c7032\System.Drawing.Design.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 232960 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c38c85ad0a6ea744ee4ca440adfebc4e\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 864768 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\67278ab733f1baf4132ca4bf85cd5b60\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b6c591378ae5158071d63be3fb88ef37\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e124e073bbf4e06cb775df9d6b8b7979\Microsoft.Office.Tools.Excel.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\952e3b13d0001f027a1c3f96e33d5c77\Microsoft.Office.Tools.Outlook.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\94906ec077cf7897d25d2c3659bc7dfe\Microsoft.Office.Tools.Common.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 408576 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\47ee9bcfcf7b3476231830a1d241fd9f\Microsoft.Office.Tools.Outlook.Implementation.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\76a205e2eeeafe760194d69c2513c1aa\System.Windows.Forms.DataVisualization.Design.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\ccc79ac02cc9747798c7cc689e90899e\System.Web.Extensions.Design.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\95b92fa75d2427a7cb496fddb3f394da\System.Web.Entity.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\504b4901d1f1039264d31d77fcd6e3f2\System.Web.Entity.Design.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\5283aa252d0efa81f23d2823615dd31b\System.Web.DynamicData.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a6fbeebf631e147104fbde01bcc6602c\System.Web.DataVisualization.Design.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\7f51b59dc6c39bbc00776c9204d7525d\System.Drawing.Design.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 708608 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bea3115c4fb01ef5636cc104793d85c9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\95cc6c6d8a6966379f51dbc022bdeef6\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e070443fc6be8a8f34f68fb6c9674494\Microsoft.Office.Tools.Outlook.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ce50979942c411efd3323472dc2e6254\Microsoft.Office.Tools.Common.Implementation.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\cd38bbc2e82123234ae8fb6c05999af7\Microsoft.Office.Tools.Word.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\92d8765edfd33f34e12da0b65c49f9c0\Microsoft.Office.Tools.Excel.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\59026dafb681def4fa70a4996bb79244\Microsoft.Office.Tools.Common.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\3699a05da8ac736ad3ffbc9e490dc611\Microsoft.Office.Tools.Outlook.Implementation.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\2965fcd151e21543887df9006519ed58\AspNetMMCExt.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\a0194fd262a2fa780c61bbe5cec1f6cb\WindowsFormsIntegration.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\5a4e5cb4bac42e78e88196d1c19f2d8f\VistaBridgeLibrary.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 736256 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\f14d298dee8f12d15d8b3a69207e46d4\VDialog.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\c340fd12b213d5fa18e96b85c4ae1962\TaskScheduler.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\eebb44b65170b9c2446cb0d09d98f8be\System.Web.Routing.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b5739e3094e0bcaa09115cbb0b9001bc\System.Web.Entity.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\ae8879812815fcfc4f51c6f1a86c5cb8\System.Web.Entity.Design.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\b07cff988c6c0e56b32466f25a45b3e4\System.Web.DynamicData.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\b63e79793d863860d9007c0a16cc8dbc\System.Web.Abstractions.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\0688f427c609f2f8fb4fbe184f37976c\System.ServiceProcess.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\57fee0f920d53a1e5a98d46bf0a49d29\System.Messaging.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\89ed7e360f5e31a6e09b42062d8fa2e2\System.Drawing.Design.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\85cd7ed4c7fbdc2b37f4e96220ec8a22\napsnap.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\35b6a08fbf735a04cbc7fe4c4c8d5dbf\napinit.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 388608 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\73643cf8fd225267271415a34111f303\MyDock.Util.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\200db400ab0c0f24867eb4dd230cd67d\MMCFxCommon.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 225792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bc00733e5b6f9e0eb8d3cf900d5430df\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\ba7b816604702931870ff6b72d470ddd\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 772608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\ad9ac2c0224f40ac8afee42954ad3792\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll + 2012-04-11 12:13 . 2012-04-11 12:13 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7a61fff6c5ccf793b95cfeae1e1189cc\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll + 2012-04-11 12:13 . 2012-04-11 12:13 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1872146d9bc7456c174bcbe1e964d4a7\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\0699e6040c0de5760de86fdd901bba00\Microsoft.Office.Tools.Outlook.v9.0.ni.dll + 2012-04-11 12:13 . 2012-04-11 12:13 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\02430d3e037905dd9983fa2a8c8158ec\Microsoft.Office.Tools.v9.0.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3644b25c2eaa4d8bb8ff23557c9451cc\Microsoft.MediaCenter.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\799264d8a816bb8ba51330a1c237c1f1\Microsoft.ManagementConsole.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\9fa76c6b5d780d6eeaadfe0aa226fb19\EventViewer.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5948e5ea66df2126ae60c8472b7f11cd\ehExtHost.ni.exe + 2012-04-11 12:20 . 2012-04-11 12:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03720d4ccc7abcf2145cf3c01e94ddb9\WindowsFormsIntegration.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\21c7a82e5643ce1763a012819d73b7f5\TaskScheduler.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0cda53d7f51becc2913936cbedac4aca\System.Web.Routing.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\57a9c71595d5fc42bf53f8f9091746b3\System.Web.Extensions.Design.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\345afc0af157416461f3abc9a3a5777e\System.Web.Entity.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ec994df9bd6541dcca9fdae662cd7754\System.Web.Entity.Design.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\388c48fbcdf826b8a686e6b671e82186\System.Web.DynamicData.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\cb3d1fe2e0246f4626550f98d0fde708\System.Web.Abstractions.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8e6e0fe015ea55ed5330966b933f555f\System.Messaging.ni.dll + 2012-04-11 12:02 . 2012-04-11 12:02 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\432d1ffd47eacf9c960fe32538d8ca98\System.Drawing.Design.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\0952c477af5c422261e93b528080c448\napsnap.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\fc3c634abd9b4fc0ea0b592ecaf8e456\napinit.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\5d95c081942865b3fef2165201c51570\MMCFxCommon.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f9e579f09ffa6d4e85134a26a77044f2\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\80a9fb5853ade793c05bfee303920c62\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3d35fb24d1655059e4bc5178010985b8\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1d8a315c446c5cfd14dd7c9bf1bcaef6\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0299579f2a14b8038201822793cae17c\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\6a7e7fd5aa3c57753d9b5f01a125ea31\Microsoft.Office.Tools.Outlook.v9.0.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\63b3b7299a20a19feaa7add1ec6028ea\Microsoft.Office.Tools.Word.v9.0.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\191c31c498f9b843b2c8817793717e40\Microsoft.Office.Tools.v9.0.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\2caa8bf0916affe52e26d4b04b1363e9\Microsoft.MediaCenter.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\def5a02080269278b38e733b9fcceab8\Microsoft.ManagementConsole.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\e44e02fc45dcc005b29f0ef5209a20ac\EventViewer.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\933d7d1b97c7d93b57906855bf3d88a7\ehExtHost32.ni.exe + 2012-04-11 11:32 . 2012-01-26 11:00 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2012-02-16 20:22 . 2012-02-16 20:22 1127424 c:\windows\SysWOW64\wininet.dll + 2012-04-11 11:41 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll - 2012-02-16 20:22 . 2012-02-16 20:22 1103360 c:\windows\SysWOW64\urlmon.dll + 2012-04-11 11:41 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll + 2012-04-11 11:41 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll - 2012-02-16 20:22 . 2012-02-16 20:22 1792000 c:\windows\SysWOW64\iertutil.dll + 2012-04-11 11:41 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll + 2012-04-11 11:41 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll - 2012-02-16 20:22 . 2012-02-16 20:22 1390080 c:\windows\system32\wininet.dll + 2012-04-11 11:41 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll + 2012-04-11 11:41 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll - 2012-02-16 20:22 . 2012-02-16 20:22 1345536 c:\windows\system32\urlmon.dll + 2012-04-11 11:41 . 2012-03-06 06:44 4699520 c:\windows\system32\ntoskrnl.exe + 2012-04-11 11:41 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll + 2012-04-11 11:41 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll - 2012-02-16 20:22 . 2012-02-16 20:22 2144256 c:\windows\system32\iertutil.dll + 2011-10-26 02:50 . 2012-04-12 13:06 2167168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2707694908-3892883027-3287269716-1005-12288.dat + 2011-03-17 16:02 . 2012-04-12 13:06 5636128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2707694908-3892883027-3287269716-1000-12288.dat - 2012-02-16 20:10 . 2012-02-16 20:10 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2012-04-11 11:47 . 2012-04-11 11:47 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2012-04-11 11:47 . 2012-04-11 11:47 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2012-02-16 20:10 . 2012-02-16 20:10 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2012-02-16 20:10 . 2012-02-16 20:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-04-11 11:47 . 2012-04-11 11:47 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-04-11 11:47 . 2012-04-11 11:47 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2012-02-16 20:10 . 2012-02-16 20:10 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-04-11 11:47 . 2012-04-11 11:47 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2012-02-16 20:10 . 2012-02-16 20:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll + 2012-04-11 11:47 . 2012-04-11 11:47 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll - 2012-02-16 20:10 . 2012-02-16 20:10 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2012-04-11 11:47 . 2012-04-11 11:47 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2012-02-16 20:10 . 2012-02-16 20:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2012-02-16 20:10 . 2012-02-16 20:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll + 2012-04-11 11:47 . 2012-04-11 11:47 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2012-02-16 20:10 . 2012-02-16 20:10 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll + 2012-04-11 11:47 . 2012-04-11 11:47 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll + 2012-04-11 11:47 . 2012-04-11 11:47 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll - 2012-02-16 20:10 . 2012-02-16 20:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll - 2012-02-16 20:10 . 2012-02-16 20:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll + 2012-04-11 11:47 . 2012-04-11 11:47 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2012-02-16 20:10 . 2012-02-16 20:10 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-04-11 11:47 . 2012-04-11 11:47 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-04-11 11:47 . 2012-04-11 11:47 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2012-02-16 20:10 . 2012-02-16 20:10 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2012-02-16 20:10 . 2012-02-16 20:10 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-04-11 11:47 . 2012-04-11 11:47 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2012-02-16 20:10 . 2012-02-16 20:10 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-04-11 11:47 . 2012-04-11 11:47 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-02-16 20:10 . 2012-02-16 20:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-04-11 11:47 . 2012-04-11 11:47 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll - 2012-02-16 20:09 . 2012-02-16 20:09 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-04-11 11:46 . 2012-04-11 11:46 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2012-02-16 20:09 . 2012-02-16 20:09 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-04-11 11:47 . 2012-04-11 11:47 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2012-04-11 11:46 . 2012-04-11 11:46 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-02-16 20:09 . 2012-02-16 20:09 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-02-16 20:09 . 2012-02-16 20:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-04-11 11:46 . 2012-04-11 11:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\a4bf6.msp + 2012-01-22 15:20 . 2012-01-22 15:20 1707520 c:\windows\Installer\2d444cc.msp + 2012-03-07 20:01 . 2012-03-07 20:01 1907712 c:\windows\Installer\2d444a8.msp + 2012-04-01 21:27 . 2012-04-01 21:27 3463168 c:\windows\Installer\2d4447e.msp + 2012-02-17 08:50 . 2012-02-17 08:50 1236480 c:\windows\Installer\2d44465.msp + 2011-09-07 18:03 . 2012-04-11 12:10 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2011-09-07 18:03 . 2012-03-14 01:23 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2011-09-07 18:03 . 2012-03-14 01:24 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2011-09-07 18:03 . 2012-04-11 12:10 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2012-03-14 01:24 . 2012-04-11 12:10 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2012-03-14 01:24 . 2012-03-14 01:24 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2011-09-07 18:03 . 2012-03-14 01:24 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-09-07 18:03 . 2012-04-11 12:10 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-03-02 13:43 . 2011-03-02 13:43 7278976 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\OFFOWC.DLL + 2012-04-12 12:36 . 2012-04-12 12:36 7565312 c:\windows\ERDNT\AutoBackup\4-12-2012\Users\00000002\UsrClass.dat + 2012-04-12 12:36 . 2012-04-12 12:36 4415488 c:\windows\ERDNT\AutoBackup\4-12-2012\Users\00000001\ntuser.dat + 2012-04-11 11:51 . 2012-04-11 11:51 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll + 2012-04-11 12:17 . 2012-04-11 12:17 1602560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\ba60dbd16ea036209a8601449b0a4cc1\System.WorkflowServices.ni.dll + 2012-04-11 12:17 . 2012-04-11 12:17 5922304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\4f35e62df9517229ed11972a4561387f\System.Workflow.ComponentModel.ni.dll + 2012-04-11 11:57 . 2012-04-11 11:57 3744768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\b9e2ffb187489a72bf92f054967824f2\System.Workflow.Activities.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 2964992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\2e491e13b4858e33488246db1f95c678\System.Web.Mobile.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 3805184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\5d29b4be05d79291f850ba4dd3cbdd78\System.Web.Extensions.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 1101312 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\51286ccbca7acb595da250f5de095a04\System.Web.Extensions.Design.ni.dll + 2012-04-11 11:56 . 2012-04-11 11:56 5618688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\ac4541a6eb47813c114a01bbc7572977\System.Web.DataVisualization.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll + 2012-04-11 11:53 . 2012-04-11 11:53 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll + 2012-04-11 11:53 . 2012-04-11 11:53 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6845c178054282fe6476fdfb0e9a9e6a\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 2035200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\fe7aae645b510db5f93a3a57427ec4fc\Microsoft.Office.Tools.Excel.Implementation.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\c150fed3322f12c441a432f33b2a3f5a\Microsoft.Office.Tools.Word.Implementation.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 1118208 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7d90df7bfd78e9d1e51d90fb30f8c773\Microsoft.Office.Tools.Common.Implementation.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\363aac28351f0e2d17dca84f7532d8b1\Microsoft.Office.Tools.Word.ni.dll + 2012-04-11 11:55 . 2012-04-11 11:55 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9f1c45888c7f1f15d04f30c9437f8bf2\Microsoft.Build.Tasks.v4.0.ni.dll + 2012-04-11 11:51 . 2012-04-11 11:51 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\becc41859bd5d01b57cacff13fd51787\AspNetMMCExt.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\abfe51993df8d3de6f000297de7ead9d\System.WorkflowServices.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\03a20bf18f39c7d1a98769c6bcb46830\System.Workflow.ComponentModel.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\533c90d6e55e0529feb68df7f0dad47b\System.Workflow.Activities.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\cfd26c0116fafc3f71408fb255ff824a\System.Web.Mobile.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 3127296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\d526d6e7d41aa2a5b3e5871cdb6597f1\System.Web.Extensions.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ff3ad02fb7f572ec84afc681fda661fc\System.Web.DataVisualization.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll + 2012-04-11 12:21 . 2012-04-11 12:21 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7511c9da502ed9c4e630a902d462cdef\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\c80b12e833fd2f431768b98196524d01\Microsoft.Office.Tools.Word.Implementation.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\59a75749329d8e8704f72c0f372f9803\Microsoft.Office.Tools.Excel.Implementation.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\98d8d80f4b2d74cb4c5dc31483793bfb\Microsoft.Build.Tasks.v4.0.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\40533804307cf5067766df17f9e035c2\System.WorkflowServices.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 5956096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\e581c4dcec6df06cc7cf206b916bef69\System.Workflow.ComponentModel.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\ebbde7b2c8f03dbf9b5f2a1894587304\System.Workflow.Activities.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\9070c3141a9714a728f65fdf0b7e003e\System.Web.Mobile.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\88d1539b67dc8eab4978a0f600db350c\System.Web.Extensions.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\874b9ab77e471ea89c03905ee9ec7fad\System.Web.Extensions.Design.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\8fd8b469c5c1111345dacc2d3df25c2d\System.Printing.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\2270f66879534e2f31b37704c896082c\System.Drawing.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\53f24235c44e6cdb87b0ac79f73fccba\System.Deployment.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\89a57a341df659ae0fd010754f6ba6fe\ReachFramework.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\6aaa8e47426769f7023fd83d6123d447\PresentationUI.ni.dll + 2012-04-11 12:16 . 2012-04-11 12:16 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\f17829432d247e9c8331c2e30f91af9c\Narrator.ni.exe + 2012-04-11 12:16 . 2012-04-11 12:16 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\254b401dc2e6cb6ae4af6b44b3fbfa8d\MMCEx.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\f9e5ab46ad35667f04518d9417c97a8c\MIGUIControls.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\984c9ae686f1367c0b7bc7a0c4b42ff5\Microsoft.VisualBasic.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 1093120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\6b6a38a0c5908d7bd44cb7b679683aa1\Microsoft.Office.Tools.Common.v9.0.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\62baf36fd2df7995468fda55a9321711\Microsoft.Office.Tools.Excel.v9.0.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\579646e7f1659f3f3ed59ae7079a0dee\Microsoft.Office.Tools.Word.v9.0.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c20fea2b87d6ba74a0710b510df47c2f\Microsoft.MediaCenter.UI.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\1c75870c99f90783ddf860f2c9019de8\Microsoft.Ink.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\eb7e4f8eb5e0ce8848730dd2706c97ed\Microsoft.Build.Tasks.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\42f8c14613fb56339e08acede23073cf\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 3288064 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\60fa43779fe884033255995af98bfab2\DellDock.ni.exe + 2012-04-11 12:20 . 2012-04-11 12:20 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\351ab1d2d9026aa5f584fe0d130f104c\System.WorkflowServices.ni.dll + 2012-04-11 12:03 . 2012-04-11 12:03 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9ff07818c03668562eeb6b60115ebfdc\System.Workflow.ComponentModel.ni.dll + 2012-04-11 12:03 . 2012-04-11 12:03 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\09ad10fedbf119fdacd85383afb8bcce\System.Workflow.Activities.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\48f65bdcb069e6625e814ae8aeb0b9db\System.Web.Mobile.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5775947bb39783d8af4b0cb1547fc69f\System.Web.Extensions.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\353fb17f58175c7265c1c142e90a3268\System.Printing.ni.dll + 2012-04-11 12:02 . 2012-04-11 12:02 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\921c773e60aaf0bbd2154edb0801d305\System.Deployment.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\62cd03a67aa3424f1c9fa2f2bc178fa4\ReachFramework.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bfee363089c1a5582d400496be806d43\PresentationUI.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\abf12ca81c916496c4d58c6bcd4ee572\Narrator.ni.exe + 2012-04-11 12:19 . 2012-04-11 12:19 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e6fa1f1d2fc55ba879975820a0b7480a\MMCEx.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\b455be9842b2c4686456d61a95ec7ad1\MIGUIControls.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1671f615c43f023007af09562cf24be2\Microsoft.VisualBasic.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\c82c1dcc75fee789f2797d943a02e8c8\Microsoft.Office.Tools.Excel.v9.0.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1007a7ea0d4659b9d98be747c1f6a85d\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 2091008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\a562d455fd6b2a257cc1123baea2bf21\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll + 2012-04-11 12:19 . 2012-04-11 12:19 4751872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\7a739402b1f952cbabc857e6ca4706ae\Microsoft.Office.BusinessApplications.SyncServices.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ccf10469318a4078bda8bc37606de731\Microsoft.MediaCenter.UI.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\86c377c8c52778b1ea7ed63a6f397834\Microsoft.Ink.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ca32682e844d4044353da083af95e55a\Microsoft.Build.Tasks.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c19cdfb6085287063adc2d242285a387\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-04-11 11:41 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll + 2006-11-02 12:33 . 2012-04-12 13:07 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat - 2006-11-02 12:33 . 2012-03-15 01:31 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat + 2012-04-11 11:41 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll + 2006-11-02 12:35 . 2012-04-11 11:34 57249312 c:\windows\system32\mrt.exe + 2012-04-11 11:41 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll + 2012-03-07 20:03 . 2012-03-07 20:03 23710208 c:\windows\Installer\2d4449d.msp + 2012-04-12 12:46 . 2012-04-12 12:46 10907648 c:\windows\ERDNT\Hiv-backup\schema.dat + 2012-04-12 12:36 . 2012-04-12 12:36 10907648 c:\windows\ERDNT\AutoBackup\4-12-2012\schema.dat + 2012-04-11 11:55 . 2012-04-11 11:55 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll + 2012-04-11 11:54 . 2012-04-11 11:54 15762432 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\bf66e2b2a4dfefe1064dc172723b2cdd\System.Web.ni.dll + 2012-04-11 11:54 . 2012-04-11 11:54 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\8d8f7d5ddfee1cd87ca1396946aa18f7\System.Design.ni.dll + 2012-04-11 11:53 . 2012-04-11 11:53 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll + 2012-04-11 11:52 . 2012-04-11 11:52 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll + 2012-04-11 12:20 . 2012-04-11 12:20 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0fb4bd3ae9ce574167ae3a79b7a1aa5\System.Web.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\cd7e0c408cc063860fbccce73bbc9c8d\System.Design.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll + 2012-04-11 11:48 . 2012-04-11 11:48 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\973c778b06d912bd6708317798df3fdb\System.Windows.Forms.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\20241f248fc0605fb322fe0a7e7ca00e\System.Web.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 13718016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\61bc742b023b410021f5289b5179e897\System.Design.ni.dll + 2012-04-11 12:01 . 2012-04-11 12:01 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\8362f388d4b5327027815a0a033ae81e\PresentationFramework.ni.dll + 2012-04-11 12:00 . 2012-04-11 12:00 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3b290c6b7ab8291287ac0739f8c57781\PresentationCore.ni.dll + 2012-04-11 12:14 . 2012-04-11 12:14 22170624 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\f43b8330fc6d6f66393c2433bd4e2d69\MenuSkinning.ni.dll + 2012-04-11 12:15 . 2012-04-11 12:15 13370880 c:\windows\assembly\NativeImages_v2.0.50727_64\ComponentFactory.Kr#\252d8ba6acc9fb0c5f0321d2b7385812\ComponentFactory.Krypton.Toolkit.ni.dll + 2012-04-11 12:03 . 2012-04-11 12:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll + 2012-04-11 12:18 . 2012-04-11 12:18 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll + 2012-04-11 12:02 . 2012-04-11 12:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8aecbf36fdca99c85361b43e565f2604\System.Design.ni.dll + 2012-04-11 12:02 . 2012-04-11 12:02 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll + 2012-04-11 12:02 . 2012-04-11 12:02 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-09 4785536] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Bricks4Kidz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\users\kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Stoic Joker's T-Clock x64.lnk - c:\program files (x86)\Tclock\tclock-x64\Clock.exe [2009-5-4 156160] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 253600] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-17 140672] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:50] . 2012-04-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8b753a4f-7f81-44f0-93e1-52469fd63d88.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-03 22:03] . 2012-04-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a00d761c-5b80-4a6f-8e41-11857ef8a885.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-03 22:03] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.nickjr.com uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 69.1.30.43 69.1.30.42 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Bricks4Kidz\AppData\Roaming\Mozilla\Firefox\Profiles\c0iibkez.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="04F0D21-79D8-7A25-D702-433F" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe c:\program files\Dell\DellDock\DockLogin.exe c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe . ************************************************************************** . Completion time: 2012-04-12 08:26:23 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-12 13:26 ComboFix2.txt 2012-04-10 21:49 . Pre-Run: 338,493,132,800 bytes free Post-Run: 337,441,067,008 bytes free . - - End Of File - - DDE98D95009DCC7B43520167E6A5C45F

#43 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 13 April 2012 - 12:53 PM

Hi, Since it has been a little bit since the last post...could you explain to me exactly what remaining problems you are having with your system. :)

#44 kevin_czarnota

kevin_czarnota

    Authentic Member

  • Authentic Member
  • PipPip
  • 46 posts

Posted 13 April 2012 - 04:04 PM

it does seem to run faster but occasionally will hang and I get a spinning wheel. The activity light on my computer seems to be running all the time. and now, When I clicked on Firefox, it launched then went away and I had to download firefox to get it to run, it was like the .exe file was wiped away.

#45 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,660 posts
  • MVP

Posted 14 April 2012 - 07:59 AM

Hi, Run one more scan with Malwarebytes and ESET online scan and post both logs to your next reply. :)

Advertisement

    Register to Remove




Similar Topics: System hangs and continual activity light flashing [Closed] [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users