Author Topic: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups (Read 4050 times)

JerichoX · « **Reply #45 on:** January 11, 2012, 09:28:14 AM »

It says unallocated, so I'm hoping this is good news!

I had trouble with the screenshot so I had to take a digital camera and take the picture. The battery was all but drained (just my luck) so all I had time to do was turn it on and then take a picture right away before the camera died, here's the picture, it's kinda blurry but you get the gist of things with it

1972vet · « **Reply #46 on:** January 11, 2012, 09:31:37 AM »

Unallocated is good. Exit GParted now and boot back to Windows. I will get back to you later on today. This morning now I have some things I have to finish up. See you back here soon. Thanks!

JerichoX · « **Reply #47 on:** January 11, 2012, 09:35:24 AM »

Okay sounds good, thanks for the help!

1972vet · « **Reply #48 on:** January 11, 2012, 01:54:32 PM »

OK, let's clean up a bit and update some software. First, I'd like to point out, with your Internet Suite, and especially in Windows 7, you really have no need to have this on board:
Spybot Search & Destroy
...although it's fine to keep if you want it but I thought I'd mention it's really of no use in your situation. If you choose to keep it, just be certain not to have the TeaTimer feature activated with it because that will cause you some headaches with your setup.

Next, your installed java is out of date...but looking through the list of installed software, you are likely to have others. So, instead of walking you through a java update by itself, I thought you would benefit by running an online scan at Secunia. Secunia's online scanner will scan all installed software on your system and report software that is subject to some vulnerability based upon it's present installed version. You should follow the prompts there to download and install their recommendations to update whatever software is complained of:
Please run the free online scan Here. After clicking the Start scan button, please check the box for the option Enable thorough system inspection, then click the Start button.

Just below the "Scan Options:" section, you'll see the status of what's currently processing. You will also see an in process indicator that looks like this:

...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs complained of during the scan. Copy the results so you can paste them back here on your next reply.

Next, please open a blank Notepad...Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} -
BHO-X64: 0x1 -
BHO-X64: AcroIEHelperStub -
BHO-X64: IEVkbdBHO -
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} -
BHO-X64: link filter bho -
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -

Folder::
c:\program files\Microsoft Security Client

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_USERS\S-1-5-21-726273002-2087228321-560872454-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Registry::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@=-
"LocalizedString"=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=-
"ThreadingModel"=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=-
"ThreadingModel"=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=-
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=-
"Version"=-

JerichoX · « **Reply #49 on:** January 11, 2012, 04:41:03 PM »

Here is the ComboFix log, I have to divide it up into two posts because it says it exceeds the maximum character length

ComboFix 12-01-10.02 - Sam 01/11/12 15:11:11.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2812.1692 [GMT -7:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Microsoft Security Client
c:\program files\Microsoft Security Client\Backup\amd64\windows6.0-kb981889-v2.msu
c:\program files\Microsoft Security Client\Backup\amd64\windows6.1-kb981889.msu
c:\program files\Microsoft Security Client\Backup\en-us\amhelp.chm
c:\program files\Microsoft Security Client\Backup\en-us\epploc.cab
c:\program files\Microsoft Security Client\Backup\en-us\eula.rtf
c:\program files\Microsoft Security Client\CleanUpPolicy.xml
c:\program files\Microsoft Security Client\en-us\amhelp.chm
c:\program files\Microsoft Security Client\en-us\eula.rtf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 22:19 . 2012-01-11 22:19   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-11 06:10 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 06:10 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 06:10 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 06:10 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 06:10 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 06:10 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 06:10 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 06:10 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-01-11 06:07 . 2011-11-21 11:40   8822856   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FAE71A31-4A44-4790-83E4-AFC06055D26B}\mpengine.dll
2012-01-11 01:57 . 2012-01-11 10:17   --------   d-----w-   c:\program files (x86)\ImgBurn
2012-01-10 23:11 . 2012-01-10 23:12   309320   ----a-w-   c:\windows\SysWow64\drivers\TrufosAlt.sys
2012-01-09 08:56 . 2012-01-09 08:56   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-09 08:43 . 2012-01-09 08:43   --------   d-----w-   c:\program files (x86)\Kaspersky Lab
2012-01-09 01:19 . 2012-01-11 22:21   --------   d-----w-   c:\programdata\Kaspersky Lab
2012-01-08 21:35 . 2012-01-09 08:18   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-07 23:46 . 2012-01-08 04:01   --------   d--h--w-   c:\programdata\Spybot - Search & Destroy
2012-01-07 17:28 . 2012-01-07 17:28   --------   d-----we   c:\windows\system64
2011-12-24 00:07 . 2011-12-24 00:07   --------   d--h--w-   c:\programdata\regid.1986-12.com.adobe
2011-12-23 23:33 . 2011-12-23 23:33   --------   d--h--w-   c:\users\Sam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-14 06:08 . 2011-10-26 05:21   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 06:07 . 2011-11-24 04:52   3145216   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 06:07 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 06:07 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-12-14 06:06 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-14 06:06 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 20:47 . 2011-05-14 03:57   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 12:54 . 2010-08-19 01:08   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-09_21.34.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-11 10:22 . 2011-11-17 05:28   96768 c:\windows\SysWOW64\sspicli.dll
- 2011-02-23 20:41 . 2010-11-20 12:08   96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-01-11 10:22 . 2011-11-17 05:34   22016 c:\windows\SysWOW64\secur32.dll
- 2011-02-23 20:40 . 2010-11-20 12:21   22016 c:\windows\SysWOW64\secur32.dll
+ 2009-11-05 18:54 . 2012-01-11 22:22   49408 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-11 22:23   47396 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-18 19:31 . 2012-01-11 22:23   15112 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-726273002-2087228321-560872454-1002_UserData.bin
- 2011-02-23 20:43 . 2010-11-20 13:27   29184 c:\windows\system64\sspisrv.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   29184 c:\windows\system64\sspisrv.dll
- 2011-02-23 20:43 . 2010-11-20 13:27   28160 c:\windows\system64\secur32.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   28160 c:\windows\system64\secur32.dll
+ 2012-01-11 06:10 . 2011-11-19 14:58   77312 c:\windows\system64\packager.dll
+ 2012-01-11 10:22 . 2011-11-17 06:33   31232 c:\windows\system64\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39   31232 c:\windows\system64\lsass.exe
+ 2012-01-11 10:22 . 2011-11-17 06:49   95600 c:\windows\system64\drivers\ksecdd.sys
+ 2010-02-21 11:14 . 2012-01-10 13:19   16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-21 11:14 . 2012-01-08 18:52   16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-21 11:14 . 2012-01-08 18:52   32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-21 11:14 . 2012-01-10 13:19   32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-10 13:19   32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-08 18:52   32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-05 18:54 . 2012-01-11 22:22   49408 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-11 22:23   47396 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-18 19:31 . 2012-01-11 22:23   15112 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-726273002-2087228321-560872454-1002_UserData.bin
- 2011-02-23 20:43 . 2010-11-20 13:27   29184 c:\windows\system32\sspisrv.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   29184 c:\windows\system32\sspisrv.dll
- 2011-02-23 20:43 . 2010-11-20 13:27   28160 c:\windows\system32\secur32.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:20 . 2009-07-14 01:39   31232 c:\windows\system32\lsass.exe
+ 2012-01-11 10:22 . 2011-11-17 06:33   31232 c:\windows\system32\lsass.exe
+ 2012-01-11 10:22 . 2011-11-17 06:49   95600 c:\windows\system32\drivers\ksecdd.sys
- 2010-02-21 11:14 . 2012-01-08 18:52   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-21 11:14 . 2012-01-10 13:19   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-21 11:14 . 2012-01-08 18:52   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-21 11:14 . 2012-01-10 13:19   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-10 13:19   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-08 18:52   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-01-09 08:45   91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-11 13:53   91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-07 19:08 . 2011-12-25 20:40   43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-07 19:08 . 2011-12-25 20:42   31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-11 10:06 . 2012-01-11 10:06   87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 09:04 . 2011-10-13 09:04   12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2012-01-11 22:21 . 2012-01-11 22:21   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-09 21:33 . 2012-01-09 21:33   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 22:21 . 2012-01-11 22:21   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-09 21:33 . 2012-01-09 21:33   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 10:22 . 2011-11-17 05:35   314880 c:\windows\SysWOW64\webio.dll
- 2011-02-23 20:45 . 2010-11-20 12:21   314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-11 10:22 . 2011-11-17 05:34   224768 c:\windows\SysWOW64\schannel.dll
+ 2012-01-11 21:53 . 2011-11-10 12:54   157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-11 21:53 . 2011-11-10 12:54   149280 c:\windows\SysWOW64\javaw.exe
+ 2012-01-11 21:53 . 2011-11-10 12:54   149280 c:\windows\SysWOW64\java.exe
- 2011-02-23 20:46 . 2010-11-20 13:27   395776 c:\windows\system64\webio.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   395776 c:\windows\system64\webio.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   136192 c:\windows\system64\sspicli.dll
- 2011-02-23 20:45 . 2010-11-20 13:27   136192 c:\windows\system64\sspicli.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   340992 c:\windows\system64\schannel.dll
- 2011-02-23 20:46 . 2010-11-20 13:27   340992 c:\windows\system64\schannel.dll
- 2011-02-23 20:43 . 2010-11-20 13:27   366592 c:\windows\system64\qdvd.dll
+ 2012-01-11 06:10 . 2011-10-26 05:25   366592 c:\windows\system64\qdvd.dll
- 2009-07-14 02:36 . 2011-12-01 23:12   633016 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-11 15:23   633016 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2011-12-01 23:12   112970 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-11 15:23   112970 c:\windows\system64\perfc009.dat
+ 2012-01-11 10:22 . 2011-11-17 06:49   152432 c:\windows\system64\drivers\ksecpkg.sys
+ 2012-01-11 10:22 . 2011-11-17 06:44   459232 c:\windows\system64\drivers\cng.sys
+ 2012-01-11 10:22 . 2011-11-17 06:35   395776 c:\windows\system32\webio.dll
- 2011-02-23 20:46 . 2010-11-20 13:27   395776 c:\windows\system32\webio.dll
- 2011-02-23 20:45 . 2010-11-20 13:27   136192 c:\windows\system32\sspicli.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   136192 c:\windows\system32\sspicli.dll
- 2011-02-23 20:46 . 2010-11-20 13:27   340992 c:\windows\system32\schannel.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   340992 c:\windows\system32\schannel.dll
+ 2009-07-14 02:36 . 2012-01-11 15:23   633016 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-01 23:12   633016 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-11 15:23   112970 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-01 23:12   112970 c:\windows\system32\perfc009.dat
+ 2012-01-11 10:22 . 2011-11-17 06:49   152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-11 10:22 . 2011-11-17 06:44   459232 c:\windows\system32\drivers\cng.sys
- 2009-07-14 05:01 . 2012-01-09 21:32   391948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-11 22:20   391948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 12:47 . 2011-12-26 12:47   261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-07 19:08 . 2011-12-25 20:40   746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 11:39 . 2011-12-26 11:39   192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-07 19:08 . 2011-12-25 20:42   437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI

JerichoX · « **Reply #50 on:** January 11, 2012, 04:46:23 PM »

\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 06:10 . 2011-10-29 05:23   465920 c:\windows\ehome\mstvcapn.dll
- 2011-02-23 20:45 . 2010-11-20 13:27   465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-11 10:14 . 2012-01-11 10:14   771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2012-01-11 06:10 . 2011-10-26 05:25   1572864 c:\windows\system64\quartz.dll
+ 2012-01-11 06:10 . 2011-11-17 06:41   1731920 c:\windows\system64\ntdll.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   1447936 c:\windows\system64\lsasrv.dll
- 2011-02-23 20:46 . 2010-11-20 13:26   1447936 c:\windows\system64\lsasrv.dll
- 2011-02-23 20:46 . 2010-11-20 13:26   1447936 c:\windows\system32\lsasrv.dll
+ 2012-01-11 10:22 . 2011-11-17 06:35   1447936 c:\windows\system32\lsasrv.dll
+ 2009-07-14 04:45 . 2012-01-11 10:29   7114111 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-09 08:23   7114111 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-07 19:08 . 2011-12-25 20:40   5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-07 19:08 . 2011-12-25 20:42   5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-11 10:06 . 2012-01-11 10:06   3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 09:05 . 2011-10-13 09:05   3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 09:04 . 2011-10-13 09:04   2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-11 10:05 . 2012-01-11 10:05   2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 13:24 . 2011-12-26 13:24   8835072 c:\windows\Installer\1a4ffa2.msp
+ 2012-01-11 10:43 . 2012-01-11 10:43   1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-11 10:20 . 2012-01-11 10:20   2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-11 10:20 . 2012-01-11 10:20   5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-11 10:19 . 2012-01-11 10:19   3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-11 10:19 . 2012-01-11 10:19   2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-11 10:17 . 2012-01-11 10:17   1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-11 10:40 . 2012-01-11 10:40   1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-11 10:43 . 2012-01-11 10:43   2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-11 10:42 . 2012-01-11 10:42   1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-11 10:42 . 2012-01-11 10:42   7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-11 10:42 . 2012-01-11 10:42   2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-11 10:42 . 2012-01-11 10:42   2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-11 10:40 . 2012-01-11 10:40   8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-11 10:40 . 2012-01-11 10:40   1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-11 10:42 . 2012-01-11 10:42   1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-11 10:16 . 2012-01-11 10:16   1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-11 10:16 . 2012-01-11 10:16   4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-11 10:15 . 2012-01-11 10:15   2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-11 10:15 . 2012-01-11 10:15   1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-11 10:36 . 2012-01-11 10:36   1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-11 10:36 . 2012-01-11 10:36   6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-11 10:37 . 2012-01-11 10:37   1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-11 10:36 . 2012-01-11 10:36   1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-11 10:36 . 2012-01-11 10:36   1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-11 10:36 . 2012-01-11 10:36   6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
- 2011-02-23 20:46 . 2010-11-05 01:53   1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-07 19:08 . 2011-12-25 20:42   1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-07 19:08 . 2011-12-25 20:40   5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-07 19:08 . 2011-12-25 20:42   5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-07-14 02:34 . 2012-01-11 10:24   10747904 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-12-14 10:21   10747904 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2010-08-18 19:47 . 2012-01-11 10:07   54008112 c:\windows\system64\MRT.exe
+ 2009-07-14 02:34 . 2012-01-11 10:24   10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-12-14 10:21   10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-08-18 19:47 . 2012-01-11 10:07   54008112 c:\windows\system32\MRT.exe
+ 2010-10-21 15:17 . 2012-01-11 22:20   12392604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-726273002-2087228321-560872454-1002-12288.dat
+ 2012-01-11 10:18 . 2012-01-11 10:18   15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-11 10:40 . 2012-01-11 10:40   23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-11 10:19 . 2012-01-11 10:19   13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-11 10:41 . 2012-01-11 10:41   25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-11 10:15 . 2012-01-11 10:15   11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-11 10:36 . 2012-01-11 10:36   17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-11 10:15 . 2012-01-11 10:15   10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbssports.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273608100675l04g4z105r44523396
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{38903DAF-F62B-43C6-B371-7634212B0129}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38903DAF-F62B-43C6-B371-7634212B0129}\34245402C41475E4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38903DAF-F62B-43C6-B371-7634212B0129}\345646162702051627B60294E6E6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38903DAF-F62B-43C6-B371-7634212B0129}\3456E6472716C614240527F66656373796F6E6D2261646D276164756771697: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38903DAF-F62B-43C6-B371-7634212B0129}\452554E444E65647635323: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38903DAF-F62B-43C6-B371-7634212B0129}\C696E6B6379737: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\p1bs72kf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
Completion time: 2012-01-11 15:28:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-11 22:28
ComboFix2.txt 2012-01-09 21:56
ComboFix3.txt 2012-01-08 21:28
.
Pre-Run: 50,457,649,152 bytes free
Post-Run: 50,100,027,392 bytes free
.
- - End Of File - - 0DAF441E74B916532A3DA9A7011737FD

JerichoX · « **Reply #51 on:** January 11, 2012, 04:49:05 PM »

I'm running the online scan now, quite a few things are coming up to be updated so thanks for that.

Also, I was checking my startup tab on msconfig and theres a Microsoft Windows Operating System check marked at the top with the location C:/Program Files/Windows Sidebar\sidebar.exe /autorun I've never seen this before today, any idea what it is?

1972vet · « **Reply #52 on:** January 11, 2012, 05:41:12 PM »

Yes. That's your Windows 7 side bar which offers you options that you can take for having certain items open on startup. It's up to you whether you want to use it or not, but preventing it from starting by using msconfig is not the best plan. If I were you, I would restore the item and allow it to start. You can select items to start in the side bar such as a calendar, clock, CPU meter, news feeds, weather...there's quite a few to choose from.

If you decide later that you don't want it, just right-click the side bar and select "close".

JerichoX · « **Reply #53 on:** January 11, 2012, 05:50:09 PM »

Okay thanks for the info. What should I do after installing all of these updates? Am I in the clear or is there still some work to do?

1972vet · « **Reply #54 on:** January 11, 2012, 05:58:22 PM »

We have just a bit more to do. There's a driver file left behind from the failed BDRT that we need to remove. We can either use a cfscript to remove it or I can walk you through a removal via the device manager. Let me know which and I will prepare the instructions when you finish your scan that you're waiting on now.

JerichoX · « **Reply #55 on:** January 11, 2012, 06:12:54 PM »

Which process would you recommend? I'm not familiar with the process removal so whichever you think is the safest, easiest and most effective way is the way I think we should go.

1972vet · « **Reply #56 on:** January 11, 2012, 06:24:37 PM »

OK, we'll use combofix. The other option, I would have had to write a script too, but this way is faster. Also, note, the file we're removing isn't another rootkit file as you may suspect from just reading the script. It is however, a driver from the BitDefender removal tool designed to remove the rootkit TDL4. So, using a rootkit:: command is the better plan for that.

Please do this when your scan is completed:
Please open a blank another blank Notepad and copy the below text in Bold.

Paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe as before.

Combofix will run again automatically. Please post back the new log that will be generated and advise on the results from your full system scan. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

Driver::
TrufosAlt

Rootkit::
c:\windows\SysWow64\drivers\TrufosAlt.sys

JerichoX · « **Reply #57 on:** January 12, 2012, 10:54:22 AM »

Hey 1972vet. Any idea how this long this online scan is supposed to take? It's been running for 18 hours now so I'm not sure if this automatically stops or not.

1972vet · « **Reply #58 on:** January 12, 2012, 11:46:37 AM »

It may be there is some sort of issue on their web site causing it because it's not common. I'd say shut it down and install the on board version. That way, it always runs in the background and will alert you whenever it finds something on board that's out dated and exploited. How many application's has it already reported, and have you done anything yet about those?

JerichoX · « **Reply #59 on:** January 12, 2012, 12:56:05 PM »

I just reran the scan and it finished in 25 minutes, I need to update winamp, adobe reader and adobe flash player

I'm anticipating that if all goes well I should be able to post the combofix log within the hour, thanks!

News:

Author Topic: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups (Read 4050 times)

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

1972vet

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

1972vet

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

1972vet

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

1972vet

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

1972vet

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

1972vet

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups

JerichoX

Re: [Resolved] Started as Win 7 virus, morphed to redirects and desktop pop ups