Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Zeus infection? Connecting to moonrideryou.ru


  • This topic is locked This topic is locked
18 replies to this topic

#1 mark_pgh

mark_pgh

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 07 March 2010 - 02:56 PM

hi-

I was getting Symantec AV popups saying something similar to "91.212.226.65 - HTTPS Tidserv Request Detected". After some investigation, I found what I believe to be a Zeus infection. I did find the sdra64.exe file and associated *.ds files. Was able to delete them via ProcessExplorer.

This seems to have stopped the SAV notices, but as I was watching for traffic on the wireless (with Ethereal), I noticed an http request to www.moonrideryou.ru (200.63.46.131)/2k8/get.php. Also see one or more connections (CLOSE_WAIT or FIN_WAIT) ON TCPView to 200.63.46.131.

From what I can find, this still seems to be related to the zeus infection, but I'm not sure.

Other symptoms:
Can not log into machine in safe mode, get "windows is unable to log on" or similar.
Explorer no longer starts up automatically on reboot.
Unable to change any settings or run LiveUpdate in Symantec AV (but this may be due to my company's corporate settings?)

moonrideryou.ru seems to be a bad place to connect to, any help in finding/eradicating whatever is causing this much appreciated.
Symantec and Malwarebytes scans report nothing.
Installed Sophos anti-rootkit, reports nothing.

DDS and gmer logs attached.

----------------

DDS (Ver_09-10-13.01) - NTFSx86
Run by mschaefer at 13:54:16.48 on Sun 03/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2863 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\UnHackMe\hackmon.exe
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\UnHackMe\gwebupdate.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mschaefer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
uRun: [@BackupScheduler] c:\program files\online backup\OnlineBackup.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VPN Client.lnk.disabled
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aclaratech.com\mail
Trusted Zone: box.net\www
Trusted Zone: citizensbankonline.com\www2
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238971225436
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aclaratech.webex.com/client/T26L/webex/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mschae~1\applic~1\mozilla\firefox\profiles\3d69tb7z.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_550_12857;Juniper Networks TDI Filter Driver (NEOFLTR_550_12857);c:\windows\system32\drivers\NEOFLTR_550_12857.sys [2008-3-10 64144]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2009-1-6 86552]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2008-9-23 33664]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-27 102448]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-3-7 34760]
S2 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-27 23888]
S3 DCUParse71;STAR DCU Parse 7.2;c:\program files\hexagram\star 7\services\dcu parse 7\DCUParse7.exe [2008-10-10 139264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\65.tmp --> c:\windows\system32\65.tmp [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-9-1 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-9-1 8320]
S3 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-9-1 91392]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-12-1 23936]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-11-17 58240]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2009-1-6 24876]
S3 Star_Routing;STAR Routing;c:\program files\hexagram\star 7\services\routing\RoutingService.exe [2009-1-15 11264]
S3 STARAlarm;STAR Alarm Monitoring Service;c:\program files\hexagram\star 7\services\star alarm processor 7\StarAlarmProcessor.exe [2007-12-5 36864]
S3 STARRouting;STAR Routing 7.1;"c:\program files\hexagram\star 7\services\star routing and redundancy\starrouting.exe" --> c:\program files\hexagram\star 7\services\star routing and redundancy\StarRouting.exe [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-03-07 10:43 2 a--shrot c:\windows\winstart.bat
2010-03-07 10:43 35,040 a------- c:\windows\system32\Partizan.exe
2010-03-07 10:43 34,760 a------- c:\windows\system32\drivers\Partizan.sys
2010-03-07 10:43 12,752 a------- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-03-07 10:43 <DIR> --d----- c:\program files\UnHackMe
2010-03-07 00:46 <DIR> --d----- c:\program files\Sophos
2010-03-06 20:59 77,312 a------- c:\windows\MBR.exe
2010-03-06 13:40 <DIR> --d----- c:\temp\MotoConnectTemp
2010-03-05 10:55 59,088,896 a------- c:\windows\system32\DZKWXUQ
2010-03-01 17:18 26,112 a------- c:\windows\system32\stu2_xx.exe
2010-02-08 15:49 <DIR> --d--r-- C:\Sandbox
2010-02-08 15:49 <DIR> --d----- c:\program files\Sandboxie

==================== Find3M ====================

2010-03-04 17:35 122,167 a------- c:\windows\system32\nvModes.dat
2010-03-01 17:19 19,456 a------- c:\windows\system32\userinit.exe
2010-02-16 13:26 149,768 a------- c:\windows\system32\drivers\wpshelper.sys
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-09 22:54 261,632 a------- c:\windows\PEV.exe

============= FINISH: 13:54:34.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:56 AM

Posted 10 March 2010 - 02:06 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

Edited by syler, 10 March 2010 - 02:07 PM.

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:56 AM

Posted 14 March 2010 - 07:10 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:56 AM

Posted 17 March 2010 - 09:53 AM

Topic reopened at OP request

unite.jpg


#5 mark_pgh

mark_pgh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 17 March 2010 - 02:21 PM

Thanks for reopening, syler!

Requested logs are below.

One item I did change: I found that the c:\windows\system32\userinit.exe file was an odd size, and did not contain any version info. I replaced it with userinit.exe from c:\windows\ServicePackFiles\i386\ (version 5.1.2600.5512) and as far as I can tell, the PC is not making further attempts to contact moonrideryou.ru.

However, re-running gmer still shows the odd geyek* and UAC* key values, which can not be viewed via regedit.

Thanks again for your assistance, logs follow:
----------------------------------------------------
MBAM Log (all entries cleaned successfully, btw)
----------------------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3870
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/15/2010 9:13:41 AM
mbam-log-2010-03-15 (09-13-41).txt

Scan type: Quick Scan
Objects scanned: 153438
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------
info.txt logfile of random's system information tool 1.06 2010-03-15 09:27:28

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {ED2076B8-AB8A-4A7E-AE35-B3E44721B8AB}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ActivePerl 5.10.0 Build 1004-->MsiExec.exe /I{82A27957-45D5-41BC-8593-60249895727B}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Bullzip PDF Printer 6.0.0.728-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Cisco Systems VPN Client 5.0.04.0300-->MsiExec.exe /X{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Ethereal 0.99.0-->"C:\Program Files\Ethereal\uninstall.exe"
Fiddler2-->"C:\Program Files\Fiddler2\uninst.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
GPL Ghostscript Lite 8.63-->"C:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HxD Hex Editor version 1.7.6.4-->"C:\Program Files\HxD\unins000.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Juniper Networks Secure Application Manager-->C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ASP.NET 2.0 AJAX Extensions 1.0-->MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft ASP.NET MVC Beta-->MsiExec.exe /X{A4394612-D02F-11DC-9BFF-D18556D89593}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Standard 2003-->MsiExec.exe /I{90530409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
Microsoft SQL Server 2005 Books Online (English)-->MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Integration Services-->MsiExec.exe /I{E0A41F96-7231-4AE8-A654-EEB34F935462}
Microsoft SQL Server 2005 Notification Services-->MsiExec.exe /I{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}
Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{90032DD0-ABEE-4424-AC1E-B076BDD4E350}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-->MsiExec.exe /I{2373A92B-1C1C-4E71-B494-5CA97F96AA19}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual SourceSafe 2005 - ENU-->"C:\Program Files\Microsoft Visual SourceSafe\Microsoft Visual SourceSafe 2005 - ENU\setup.exe"
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512}
MotoConnect-->MsiExec.exe /I{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}
Motorola Driver Installation 4.2.0-->MsiExec.exe /I{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.45-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MySQL Server 5.1-->MsiExec.exe /I{FC843A65-4030-4D82-B8D9-5A69A20DD2ED}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nissan DataScan II 1.2-->MsiExec.exe /I{514213E3-96CF-49A4-B447-95296AB41A7B}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Online Backup-->C:\Program Files\Online Backup\OnlineBackup.exe UNINSTALL
PANTECH PC Card Software-->C:\Program Files\PANTECH\PANTECH PC Card\PTDCUninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
Redistributable_MM-->MsiExec.exe /I{9D4B411F-42F9-4566-9621-13D3A969F871}
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SonicWALL Global VPN Client 4.0.0.835-->C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe -runfromtemp -l0x0009 -FromCPL -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQLXML4-->MsiExec.exe /I{8C62A94B-4AB6-485F-A111-93056684D340}
STAR 7.3.1-->C:\Program Files\InstallShield Installation Information\{C22E00F3-4796-4614-B875-9AB22EA815B7}\setup.exe -runfromtemp -l0x0409
Symantec Endpoint Protection-->MsiExec.exe /I{2EFCC193-D915-4CCB-9201-31773A27BC06}
Symantec pcAnywhere-->MsiExec.exe /I{F05E8183-866A-11D3-97DF-0000F8D8F2E9}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wpaiper-->MsiExec.exe /I{7E820A0C-8CD6-44A2-9963-A243B224CDB4}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wpaiper-->MsiExec.exe /I{3C391720-EAA2-012B-AE98-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZipGenius 6 (6.0.2.1030A)-->"C:\Program Files\ZipGenius 6\unins000.exe"

======Hosts File======

127.0.0.1 www.moonrider.ru
127.0.0.1 *.ru
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection

======System event log======

Computer Name: MSCHAEFER02
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Record Number: 35120
Source Name: W32Time
Time Written: 20100120150301.000000-300
Event Type: error
User:

Computer Name: MSCHAEFER02
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 120 minutes.

Record Number: 35119
Source Name: W32Time
Time Written: 20100120150301.000000-300
Event Type: warning
User:

Computer Name: MSCHAEFER02
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Record Number: 35114
Source Name: W32Time
Time Written: 20100120140300.000000-300
Event Type: error
User:

Computer Name: MSCHAEFER02
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 60 minutes.

Record Number: 35113
Source Name: W32Time
Time Written: 20100120140300.000000-300
Event Type: warning
User:

Computer Name: MSCHAEFER02
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Record Number: 35109
Source Name: W32Time
Time Written: 20100120133300.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: MSCHAEFER02
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 13555
Source Name: AutoEnrollment
Time Written: 20100220005148.000000-300
Event Type: error
User:

Computer Name: MSCHAEFER02
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 13553
Source Name: AutoEnrollment
Time Written: 20100219165148.000000-300
Event Type: error
User:

Computer Name: MSCHAEFER02
Event Code: 1309
Message: Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 2/19/2010 2:53:52 PM

Event time (UTC): 2/19/2010 7:53:52 PM

Event ID: 9f5ad9ae3bd94727b278b83dff380094

Event sequence: 27

Event occurrence: 5

Event detail code: 0



Application information:

Application domain: /LM/W3SVC/1/Root/STAR/Communications/FWMgmt-3-129110819707343750

Trust level: Full

Application Virtual Path: /STAR/Communications/FWMgmt

Application Path: C:\inetpub\wwwroot\Star\Communications\FWMgmt\

Machine name: MSCHAEFER02



Process information:

Process ID: 4364

Process name: aspnet_wp.exe

Account name: MSCHAEFER02\ASPNET



Exception information:

Exception type: NullReferenceException

Exception message: Object reference not set to an instance of an object.



Request information:

Request URL: http://localhost/STAR/Communications/FWMgm.../GetDetailPaged

Request path: /STAR/Communications/FWMgmt/Search.mvc/GetDetailPaged

User host address: 127.0.0.1

User: RF\mschaefer

Is authenticated: True

Authentication Type:

Thread account name: MSCHAEFER02\ASPNET



Thread information:

Thread ID: 1

Thread account name: MSCHAEFER02\ASPNET

Is impersonating: False

Stack trace: at UnitManagement_MVC.Controllers.SearchController.GetDetail(String SearchWhat, String SearchText)
at UnitManagement_MVC.Controllers.SearchController.GetDetailPaged(String SearchWhat, String SearchText, Int32 PageIWant, Int32 RecordsPerPage)
at lambda_method(ExecutionScope , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(MethodInfo methodInfo, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassc.<InvokeActionMethodWithFilters>b__9()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassc.<>c__DisplayClasse.<InvokeActionMethodWithFilters>b__b()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(MethodInfo methodInfo, IDictionary`2 parameters, IList`1 filters)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContextBase httpContext)
at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContext httpContext)
at System.Web.Mvc.MvcHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext httpContext)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)




Custom event details:



Record Number: 13552
Source Name: ASP.NET 2.0.50727.0
Time Written: 20100219145352.000000-300
Event Type: warning
User:

Computer Name: MSCHAEFER02
Event Code: 1309
Message: Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 2/19/2010 2:47:55 PM

Event time (UTC): 2/19/2010 7:47:55 PM

Event ID: 443104e19a3f4d8383e4dd960634fa82

Event sequence: 23

Event occurrence: 4

Event detail code: 0



Application information:

Application domain: /LM/W3SVC/1/Root/STAR/Communications/FWMgmt-3-129110819707343750

Trust level: Full

Application Virtual Path: /STAR/Communications/FWMgmt

Application Path: C:\inetpub\wwwroot\Star\Communications\FWMgmt\

Machine name: MSCHAEFER02



Process information:

Process ID: 4364

Process name: aspnet_wp.exe

Account name: MSCHAEFER02\ASPNET



Exception information:

Exception type: NullReferenceException

Exception message: Object reference not set to an instance of an object.



Request information:

Request URL: http://localhost/STAR/Communications/FWMgm.../GetDetailPaged

Request path: /STAR/Communications/FWMgmt/Search.mvc/GetDetailPaged

User host address: 127.0.0.1

User: RF\mschaefer

Is authenticated: True

Authentication Type:

Thread account name: MSCHAEFER02\ASPNET



Thread information:

Thread ID: 1

Thread account name: MSCHAEFER02\ASPNET

Is impersonating: False

Stack trace: at UnitManagement_MVC.Controllers.SearchController.GetDetail(String SearchWhat, String SearchText)
at UnitManagement_MVC.Controllers.SearchController.GetDetailPaged(String SearchWhat, String SearchText, Int32 PageIWant, Int32 RecordsPerPage)
at lambda_method(ExecutionScope , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(MethodInfo methodInfo, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassc.<InvokeActionMethodWithFilters>b__9()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassc.<>c__DisplayClasse.<InvokeActionMethodWithFilters>b__b()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(MethodInfo methodInfo, IDictionary`2 parameters, IList`1 filters)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContextBase httpContext)
at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContext httpContext)
at System.Web.Mvc.MvcHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext httpContext)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)




Custom event details:



Record Number: 13551
Source Name: ASP.NET 2.0.50727.0
Time Written: 20100219144755.000000-300
Event Type: warning
User:

Computer Name: MSCHAEFER02
Event Code: 1309
Message: Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 2/19/2010 2:43:34 PM

Event time (UTC): 2/19/2010 7:43:34 PM

Event ID: 1ce534f10aeb47c8979295d4a3c89e0e

Event sequence: 14

Event occurrence: 2

Event detail code: 0



Application information:

Application domain: /LM/W3SVC/1/Root/STAR/Communications/FWMgmt-3-129110819707343750

Trust level: Full

Application Virtual Path: /STAR/Communications/FWMgmt

Application Path: C:\inetpub\wwwroot\Star\Communications\FWMgmt\

Machine name: MSCHAEFER02



Process information:

Process ID: 4364

Process name: aspnet_wp.exe

Account name: MSCHAEFER02\ASPNET



Exception information:

Exception type: NullReferenceException

Exception message: Object reference not set to an instance of an object.



Request information:

Request URL: http://localhost/STAR/Communications/FWMgm.../GetDetailPaged

Request path: /STAR/Communications/FWMgmt/Search.mvc/GetDetailPaged

User host address: 127.0.0.1

User: RF\mschaefer

Is authenticated: True

Authentication Type:

Thread account name: MSCHAEFER02\ASPNET



Thread information:

Thread ID: 1

Thread account name: MSCHAEFER02\ASPNET

Is impersonating: False

Stack trace: at UnitManagement_MVC.Controllers.SearchController.GetDetail(String SearchWhat, String SearchText)
at UnitManagement_MVC.Controllers.SearchController.GetDetailPaged(String SearchWhat, String SearchText, Int32 PageIWant, Int32 RecordsPerPage)
at lambda_method(ExecutionScope , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(MethodInfo methodInfo, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassc.<InvokeActionMethodWithFilters>b__9()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassc.<>c__DisplayClasse.<InvokeActionMethodWithFilters>b__b()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(MethodInfo methodInfo, IDictionary`2 parameters, IList`1 filters)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContextBase httpContext)
at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContext httpContext)
at System.Web.Mvc.MvcHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext httpContext)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)




Custom event details:



Record Number: 13550
Source Name: ASP.NET 2.0.50727.0
Time Written: 20100219144334.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"CSSCRIPT_DIR"=C:\PGE\csscript
"FP_NO_HOST_CHECK"=NO
"lib"=C:\Program Files\SQLXML 4.0\bin\
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;%CSSCRIPT_DIR%\lib;%CSSCRIPT_DIR%;c:\batch;C:\PGE\csscript;C:\Program Files\MySQL\MySQL Server 5.1\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"windir"=%SystemRoot%

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by mschaefer at 2010-03-15 09:27:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 94 GB (62%) free of 153 GB
Total RAM: 3582 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:26 AM, on 3/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Ethereal\ethereal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mschaefer\Desktop\RSIT.exe
C:\Program Files\trend micro\mschaefer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080924
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.microsoft.com/download/1/5...4d/dotnetfx.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238971225436
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aclaratech.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rf.aclaratech.com
O17 - HKLM\Software\..\Telephony: DomainName = rf.aclaratech.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rf.aclaratech.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rf.aclaratech.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rf.aclaratech.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: STAR DCU Parse 7.2 (DCUParse71) - Aclara RF Systems - C:\Program Files\Hexagram\Star 7\Services\DCU Parse 7\DCUParse7.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: STAR Alarm Monitoring Service (STARAlarm) - Hexagram, Inc - C:\Program Files\Hexagram\Star 7\Services\Star Alarm Processor 7\StarAlarmProcessor.exe
O23 - Service: STAR Routing 7.1 (STARRouting) - Unknown owner - C:\Program Files\Hexagram\Star 7\Services\Star Routing and Redundancy\StarRouting.exe (file missing)
O23 - Service: STAR Routing (Star_Routing) - Aclara RF - c:\program files\hexagram\star 7\services\routing\routingservice.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10590 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-04-15 159744]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-31 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-06-29 2220032]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-12-05 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-10-27 115560]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe [2008-02-22 1245184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"@BackupScheduler"=C:\Program Files\Online Backup\OnlineBackup.exe [2008-12-04 611768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk.disabled - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2003-10-31 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoRecentDocsNetHood"=1
"DisablePersonalDirChange"=1
"NoDesktopCleanupWizard"=1
"MemCheckBoxInRunDlg"=1
"Intellimenus"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe"="C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe"="C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

======File associations======

.ini - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"
.txt - open - "C:\Program Files\Notepad++\notepad++.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-15 08:58:13 ----D---- C:\rsit
2010-03-08 16:16:22 ----A---- C:\RootRepeal report 03-08-10 (15-16-22).txt
2010-03-08 12:42:02 ----A---- C:\TDSSKiller.2.2.7.1_08.03.2010_11.42.02_log.txt
2010-03-07 12:16:23 ----SHD---- C:\RECYCLER
2010-03-07 11:43:26 ----RASHOT---- C:\WINDOWS\winstart.bat
2010-03-07 11:43:06 ----D---- C:\Program Files\UnHackMe
2010-03-07 11:21:26 ----A---- C:\TDSSKiller.2.2.7.1_07.03.2010_10.21.26_log.txt
2010-03-07 01:46:01 ----D---- C:\Program Files\Sophos
2010-03-06 22:49:07 ----A---- C:\ComboFix.txt
2010-03-06 21:59:53 ----A---- C:\WINDOWS\MBR.exe
2010-03-01 18:18:59 ----A---- C:\WINDOWS\system32\stu2_xx.exe

======List of files/folders modified in the last 1 months======

2010-03-15 09:27:23 ----D---- C:\Program Files\Trend Micro
2010-03-15 09:22:28 ----D---- C:\WINDOWS\Prefetch
2010-03-15 09:10:42 ----D---- C:\WINDOWS\Temp
2010-03-14 16:38:57 ----SHD---- C:\WINDOWS\Installer
2010-03-14 16:38:57 ----D---- C:\Config.Msi
2010-03-14 16:38:56 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-14 16:37:25 ----RSD---- C:\WINDOWS\assembly
2010-03-14 16:37:25 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-14 16:36:19 ----RSD---- C:\WINDOWS\Fonts
2010-03-14 16:35:08 ----D---- C:\WINDOWS\WinSxS
2010-03-14 16:32:50 ----D---- C:\Program Files\TurboTax
2010-03-11 09:38:40 ----A---- C:\WINDOWS\ModemLog_PANTECH PC Card (UDP).txt
2010-03-09 12:19:15 ----D---- C:\WINDOWS\security
2010-03-09 11:09:54 ----D---- C:\WINDOWS\system32\drivers
2010-03-08 17:38:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-08 16:41:27 ----D---- C:\WINDOWS\system32
2010-03-08 16:41:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-08 16:37:37 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2010-03-08 16:36:23 ----D---- C:\WINDOWS
2010-03-08 16:32:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-08 16:31:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 12:11:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-08 11:42:59 ----D---- C:\Program Files\Mozilla Firefox
2010-03-07 12:31:33 ----D---- C:\Program Files\Sandboxie
2010-03-07 11:43:06 ----RD---- C:\Program Files
2010-03-07 11:42:14 ----D---- C:\Documents and Settings\mschaefer\Application Data\ZipGenius
2010-03-06 22:49:09 ----D---- C:\Qoobox
2010-03-06 22:48:12 ----SD---- C:\WINDOWS\Tasks
2010-03-06 22:44:49 ----A---- C:\WINDOWS\system.ini
2010-03-06 22:36:26 ----D---- C:\WINDOWS\AppPatch
2010-03-06 22:36:21 ----D---- C:\Program Files\Common Files
2010-03-06 22:03:52 ----D---- C:\Program Files\Yahoo!
2010-03-06 22:02:42 ----D---- C:\WINDOWS\system32\config
2010-03-06 22:02:24 ----D---- C:\WINDOWS\ERDNT
2010-03-06 14:40:07 ----D---- C:\Temp
2010-03-06 10:48:13 ----SHD---- C:\WINDOWS\CSC
2010-03-01 18:25:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-01 14:21:11 ----D---- C:\mws
2010-02-25 14:01:40 ----D---- C:\CUSTOMERS
2010-02-19 12:20:48 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-04-21 10901]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NEOFLTR_550_12857;Juniper Networks TDI Filter Driver (NEOFLTR_550_12857); \??\C:\WINDOWS\system32\Drivers\NEOFLTR_550_12857.SYS []
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-10-27 281648]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-10-27 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-10-27 188080]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2008-06-29 33664]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-06-15 12672]
R2 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-04-15 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-18 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-29 1287552]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-11-28 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-06-15 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-06-15 210688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100308.036\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100308.036\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-31 6727136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-05 1222840]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-10-27 26416]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2009-10-27 50064]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-06-15 731264]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-10-22 57800]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-10-22 72520]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\65.tmp []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-10-27 23936]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2009-10-27 23936]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240]
S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-10-27 320560]
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WaveFDE;Wave System Power Monitor Device Driver; C:\WINDOWS\system32\DRIVERS\WaveFDE.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S4 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-10-27 92488]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-10-27 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-10-27 108392]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2008-02-22 475136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-31 163908]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-10-27 1864888]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-12-05 94208]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-27 2477304]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-29 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2003-10-31 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DCUParse71;STAR DCU Parse 7.2; C:\Program Files\Hexagram\Star 7\Services\DCU Parse 7\DCUParse7.exe [2008-10-10 139264]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S3 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2008-03-24 230672]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 Star_Routing;STAR Routing; c:\program files\hexagram\star 7\services\routing\routingservice.exe [2009-01-15 11264]
S3 STARAlarm;STAR Alarm Monitoring Service; C:\Program Files\Hexagram\Star 7\Services\Star Alarm Processor 7\StarAlarmProcessor.exe [2007-12-05 36864]
S3 STARRouting;STAR Routing 7.1; C:\Program Files\Hexagram\Star 7\Services\Star Routing and Redundancy\StarRouting.exe []
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-10-27 341320]
S4 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe []
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:56 AM

Posted 17 March 2010 - 04:37 PM

I don't see much in you logs, we will do a couple more check to make sure your clean though.

I see that you have been running combofix. can you post the log it created at C:\ComboFix.txt.


Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\stu2_xx.exe

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/

unite.jpg


#7 mark_pgh

mark_pgh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 19 March 2010 - 10:16 AM

aha- I had forgotten about running combofix- that is what pointed me to the suspect userinit.exe.

combofix log below. (I have since uninstalled sandboxie, btw)

Also, the stu2_xx.exe file was likely renamed by me; I usually add "_xx" to a filename when trying to prevent it from being invoked by an unknown caller. It was originally stu2.exe.

thanks again for your help!


Virustotal link:
http://www.virustotal.com/analisis/944cd21...f53f-1269010724

-------------------------
ComboFix 10-03-06.03 - mschaefer 03/06/2010 21:32:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2992 [GMT -5:00]
Running from: c:\documents and settings\mschaefer\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.moonrideryou.ru
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 18:40 . 2010-03-06 18:40 -------- d-----w- c:\temp\MotoConnectTemp
2010-03-02 00:46 . 2010-03-02 00:46 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-03-01 22:18 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2_xx.exe
2010-02-28 17:10 . 2010-02-28 17:10 1955624 ----a-w- c:\documents and settings\mschaefer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-08 20:49 . 2010-02-08 20:49 -------- d-----r- C:\Sandbox
2010-02-08 20:49 . 2010-02-08 20:49 -------- d-----w- c:\program files\Sandboxie

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 02:03 . 2009-11-26 17:47 -------- d-----w- c:\program files\Yahoo!
2010-03-06 22:42 . 2008-11-05 17:10 -------- d-----w- c:\documents and settings\mschaefer\Application Data\ZipGenius
2010-03-04 22:35 . 2008-09-24 03:27 122167 ----a-w- c:\windows\system32\nvModes.dat
2010-03-01 22:25 . 2008-12-07 18:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-01 22:19 . 2004-08-11 22:00 19456 ----a-w- c:\windows\system32\userinit.exe
2010-02-16 18:26 . 2009-10-27 20:08 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-12 20:49 . 2008-12-04 14:39 -------- d-----w- c:\documents and settings\mschaefer\Application Data\Online Backup
2010-02-09 19:34 . 2008-11-11 22:21 -------- d-----w- c:\documents and settings\mschaefer\Application Data\CoreFTP
2010-01-19 20:04 . 2010-01-19 20:03 2066432 ----a-w- c:\documents and settings\mschaefer\Application Data\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_RevA.exe
2010-01-19 20:03 . 2008-11-17 16:42 -------- d-----w- c:\documents and settings\mschaefer\Application Data\Smith Micro
2010-01-11 16:23 . 2009-10-15 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 16:23 . 2009-12-11 19:49 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:07 . 2009-10-15 16:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-10-15 16:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[-] 2010-03-01 22:19 . 9E5015B9E2A460144DB69E38F3E3BEAE . 19456 . . [------] . . c:\windows\system32\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-15_18.29.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 02:42 . 2010-03-07 02:42 16384 c:\windows\Temp\Perflib_Perfdata_734.dat
+ 2010-03-07 02:42 . 2010-03-07 02:42 16384 c:\windows\Temp\Perflib_Perfdata_508.dat
+ 2010-03-07 02:29 . 2010-03-07 02:29 16384 c:\windows\Temp\Perflib_Perfdata_464.dat
+ 2008-10-07 13:48 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-10-27 20:43 . 2006-10-26 23:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2009-10-27 20:43 . 2006-10-26 23:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-10-27 20:43 . 2006-10-26 23:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-05-09 18:39 . 2008-10-29 06:21 83091 c:\windows\system32\spool\drivers\w32x86\3\KM322810.DAT
+ 2009-11-06 14:27 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-06 14:27 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-11-05 17:11 . 2009-10-27 20:07 60808 c:\windows\system32\S32EVNT1.DLL
+ 2009-12-03 01:58 . 2009-02-17 16:19 57672 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\ftdibus.sys
+ 2009-12-03 01:38 . 2009-02-17 16:20 51528 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\ftserui2.dll
+ 2009-12-03 01:38 . 2009-02-17 16:17 72520 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\ftser2k.sys
+ 2009-10-27 20:43 . 2006-10-26 23:56 32592 c:\windows\system32\msonpmon.dll
+ 2008-09-24 03:37 . 2010-02-28 17:10 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-10-27 15:33 . 2009-10-27 15:33 87368 c:\windows\system32\FwsVpn.dll
+ 2009-02-17 16:20 . 2009-10-22 20:08 52552 c:\windows\system32\ftserui2.dll
+ 2006-10-26 18:10 . 2006-10-26 18:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2009-12-01 13:43 . 2009-10-27 17:02 23936 c:\windows\system32\DRVSTORE\motport_D1AA7938B5CBE89ABCB9F61590A46C4803290ABE\motport.sys
+ 2009-12-01 13:43 . 2009-10-27 17:06 24960 c:\windows\system32\DRVSTORE\motousbnet_C210EE23FE2A3567436D5DD56F9ED7C5ABAFA489\Motousbnet.sys
+ 2009-12-01 13:43 . 2009-10-27 17:02 23936 c:\windows\system32\DRVSTORE\motmodem_B13E285A455F24E92BE3AFD123D7871340C51428\motmodem.sys
+ 2009-10-27 15:33 . 2009-10-27 15:33 42312 c:\windows\system32\drivers\WPSDRVnt.sys
+ 2009-10-27 15:33 . 2009-10-27 15:33 50064 c:\windows\system32\drivers\Teefer2.sys
+ 2009-10-27 20:07 . 2009-10-27 15:33 92488 c:\windows\system32\drivers\SysPlant.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 26416 c:\windows\system32\drivers\symredrv.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 38448 c:\windows\system32\drivers\symndisv.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 35120 c:\windows\system32\drivers\symndis.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 39856 c:\windows\system32\drivers\symids.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 12720 c:\windows\system32\drivers\symdns.sys
+ 2009-10-27 15:33 . 2009-10-27 15:33 43696 c:\windows\system32\drivers\srtspx.sys
+ 2009-10-28 21:57 . 2009-10-28 21:57 93360 c:\windows\system32\drivers\SBREDrv.sys
+ 2009-12-01 13:43 . 2009-10-27 17:02 23936 c:\windows\system32\drivers\motport.sys
+ 2009-12-01 13:43 . 2009-10-27 17:02 23936 c:\windows\system32\drivers\motmodem.sys
- 2009-02-17 16:17 . 2009-02-17 16:17 72520 c:\windows\system32\drivers\ftser2k.sys
+ 2009-02-17 16:17 . 2009-10-22 20:09 72520 c:\windows\system32\drivers\ftser2k.sys
+ 2009-02-17 16:19 . 2009-10-22 20:11 57800 c:\windows\system32\drivers\ftdibus.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 23888 c:\windows\system32\drivers\COH_Mon.sys
+ 2004-08-11 22:12 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-11 22:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-10-28 12:45 . 2010-03-06 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-07 13:26 . 2009-10-15 16:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-07 13:26 . 2010-03-06 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-07 13:26 . 2009-10-15 16:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-28 12:45 . 2010-03-06 22:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 22:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2009-10-27 15:33 . 2009-10-27 15:33 89600 c:\windows\system32\atl71.dll
+ 2009-10-28 17:14 . 2009-10-28 17:14 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_mpd7dmga.dll
+ 2010-02-19 16:21 . 2010-02-19 16:21 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\aclaratwoway\834e71bc\35060578\App_Web_defaultwsdlhelpgenerator.aspx.cdcab7d2.bhvk-_o8.dll
+ 2009-10-27 20:34 . 2009-10-27 20:34 48128 c:\windows\Installer\87797.msi
+ 2009-10-27 20:43 . 2009-11-06 14:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-27 20:08 . 2009-10-27 20:08 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe
+ 2007-08-24 10:14 . 2007-08-24 10:14 13712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2006-10-27 01:17 . 2006-10-27 01:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-27 00:12 . 2006-10-27 00:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-26 18:04 . 2006-10-26 18:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 01:30 . 2006-10-27 01:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2009-12-09 20:29 . 2009-12-09 20:29 65536 c:\windows\Downloaded Program Files\WebEx\824\wbxcrypt.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 36864 c:\windows\Downloaded Program Files\WebEx\824\raurl.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 77824 c:\windows\Downloaded Program Files\WebEx\824\mticket.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 27136 c:\windows\Downloaded Program Files\WebEx\824\atprint.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 90112 c:\windows\Downloaded Program Files\WebEx\824\atplayim.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 48201 c:\windows\Downloaded Program Files\WebEx\824\atpack.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 73728 c:\windows\Downloaded Program Files\WebEx\824\atnote.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 65536 c:\windows\Downloaded Program Files\WebEx\824\atnetext.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 24576 c:\windows\Downloaded Program Files\WebEx\824\atmemmgr.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 81408 c:\windows\Downloaded Program Files\WebEx\824\atjpeg60.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 45056 c:\windows\Downloaded Program Files\WebEx\824\atdocvu.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 18432 c:\windows\Downloaded Program Files\WebEx\824\atconc.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 53248 c:\windows\Downloaded Program Files\WebEx\824\atcarmcl.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 87448 c:\windows\Downloaded Program Files\WebEx\824\atasnt40.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 18840 c:\windows\Downloaded Program Files\WebEx\824\atasanot.exe
+ 2009-06-10 17:20 . 2009-06-10 17:20 98712 c:\windows\Downloaded Program Files\ieatgpc.dll
+ 2009-12-09 20:28 . 2009-12-09 20:28 27976 c:\windows\Downloaded Program Files\atgpcdec.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 39624 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 72472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 39704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 39712 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 60200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 39728 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 43840 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 11544 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12080 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2009-10-27 19:31 . 2009-10-27 19:31 49152 c:\windows\assembly\GAC\Microsoft.VisualStudio.SourceSafe.Interop\5.2.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.SourceSafe.Interop.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 64288 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 20280 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2009-10-27 20:41 . 2009-10-27 20:41 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2009-12-01 13:43 . 2007-11-02 20:51 6400 c:\windows\system32\DRVSTORE\motousbnet_C210EE23FE2A3567436D5DD56F9ED7C5ABAFA489\motswch.sys
+ 2009-12-01 13:43 . 2009-01-29 22:11 6016 c:\windows\system32\DRVSTORE\motousbnet_C210EE23FE2A3567436D5DD56F9ED7C5ABAFA489\motfilt.sys
+ 2009-12-09 20:29 . 2009-12-09 20:29 9440 c:\windows\Downloaded Program Files\WebEx\824\atpdrvnt.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 5706 c:\windows\Downloaded Program Files\WebEx\824\atkbctl.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-11 22:12 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
+ 2006-10-26 17:45 . 2006-10-26 17:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2009-10-27 15:33 . 2009-10-27 15:33 357704 c:\windows\system32\sysfer.dll
+ 2009-10-27 15:33 . 2009-10-27 15:33 107848 c:\windows\system32\SymVPN.dll
+ 2009-10-27 15:33 . 2009-10-27 15:33 242056 c:\windows\system32\SymRedir.dll
+ 2009-10-27 15:33 . 2009-10-27 15:33 625032 c:\windows\system32\SymNeti.dll
+ 2009-10-27 20:43 . 2006-10-26 23:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-10-27 20:43 . 2006-10-26 23:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2009-05-09 18:39 . 2008-12-02 21:05 552960 c:\windows\system32\spool\drivers\w32x86\3\KMXL50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 360448 c:\windows\system32\spool\drivers\w32x86\3\KMWM50C2.DLL
+ 2009-05-09 18:39 . 2008-11-08 03:33 105472 c:\windows\system32\spool\drivers\w32x86\3\KMSTMVM.EXE
+ 2009-05-09 18:39 . 2008-11-04 21:18 204288 c:\windows\system32\spool\drivers\w32x86\3\KMSTMNW.EXE
+ 2009-05-09 18:39 . 2008-09-25 00:13 560128 c:\windows\system32\spool\drivers\w32x86\3\KMSTMNET.EXE
+ 2009-05-09 18:39 . 2008-12-02 21:05 225280 c:\windows\system32\spool\drivers\w32x86\3\KMRG50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 724992 c:\windows\system32\spool\drivers\w32x86\3\KMPS50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 450560 c:\windows\system32\spool\drivers\w32x86\3\KMPO50C2.DLL
+ 2007-11-21 05:21 . 2007-11-21 05:21 434176 c:\windows\system32\spool\drivers\w32x86\3\KMPLSW01.DLL
+ 2006-07-08 03:01 . 2006-07-08 03:01 155648 c:\windows\system32\spool\drivers\w32x86\3\KMPLID01.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 507904 c:\windows\system32\spool\drivers\w32x86\3\KMPF50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 155648 c:\windows\system32\spool\drivers\w32x86\3\KMPE50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 659456 c:\windows\system32\spool\drivers\w32x86\3\KMPD50C2.DLL
+ 2006-08-22 23:53 . 2006-08-22 23:53 487424 c:\windows\system32\spool\drivers\w32x86\3\KMIEDITRES.DLL
+ 2006-08-22 23:53 . 2006-08-22 23:53 245760 c:\windows\system32\spool\drivers\w32x86\3\KMIEDIT.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 303104 c:\windows\system32\spool\drivers\w32x86\3\KMCO50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 520192 c:\windows\system32\spool\drivers\w32x86\3\KM5E50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 557056 c:\windows\system32\spool\drivers\w32x86\3\KM5C50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 135168 c:\windows\system32\spool\drivers\w32x86\3\KM3D50C2.DLL
+ 2009-05-09 18:39 . 2008-10-21 04:48 142336 c:\windows\system32\spool\drivers\w32x86\3\KcMV3Da.DLL
+ 2009-05-05 14:10 . 2007-10-01 18:02 561152 c:\windows\system32\spool\drivers\w32x86\3\KACT2.EXE
+ 2009-12-03 01:58 . 2009-02-17 14:22 189760 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\FTLang.dll
+ 2009-12-03 01:58 . 2009-02-17 14:23 206144 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\ftd2xx.dll
+ 2009-12-03 01:58 . 2009-02-17 14:22 120136 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\ftbusui.dll
+ 2004-08-11 22:00 . 2010-03-07 02:46 576322 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2010-03-07 02:46 115526 c:\windows\system32\perfc009.dat
- 2006-08-14 16:02 . 2006-08-14 16:02 348160 c:\windows\system32\msvcr71.dll
+ 2006-08-14 16:02 . 2007-03-22 00:33 348160 c:\windows\system32\MSVCR71.DLL
+ 2006-08-14 16:02 . 2007-03-22 00:33 503808 c:\windows\system32\MSVCP71.DLL
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2006-10-26 17:45 . 2006-10-26 17:45 207360 c:\windows\system32\INKED.DLL
+ 2008-11-06 19:53 . 2010-03-07 02:42 270527 c:\windows\system32\inetsrv\MetaBase.bin
- 2008-11-06 19:53 . 2009-10-15 18:22 270527 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-17 14:22 . 2009-10-22 20:16 197952 c:\windows\system32\FTLang.dll
+ 2009-02-17 14:23 . 2009-10-22 20:17 206144 c:\windows\system32\ftd2xx.dll
- 2009-02-17 14:23 . 2009-02-17 14:23 206144 c:\windows\system32\ftd2xx.dll
+ 2009-02-17 14:22 . 2009-10-22 20:17 120136 c:\windows\system32\ftbusui.dll
- 2009-02-17 14:22 . 2009-02-17 14:22 120136 c:\windows\system32\ftbusui.dll
+ 2004-08-11 22:06 . 2009-11-06 14:52 284520 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-27 15:32 . 2009-10-27 15:32 188080 c:\windows\system32\drivers\symtdi.sys
+ 2009-10-27 15:32 . 2009-10-27 15:32 145968 c:\windows\system32\drivers\symfw.sys
+ 2008-11-05 17:11 . 2009-10-27 20:07 124976 c:\windows\system32\drivers\SYMEVENT.SYS
+ 2009-10-27 15:33 . 2009-10-27 15:33 320560 c:\windows\system32\drivers\srtspl.sys
+ 2009-10-27 15:33 . 2009-10-27 15:33 281648 c:\windows\system32\drivers\srtsp.sys
+ 2004-08-11 22:12 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-11 22:12 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-14 19:06 . 2010-03-06 22:05 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-14 19:06 . 2009-10-15 16:35 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-27 20:06 . 2007-08-12 00:05 511328 c:\windows\system32\capicom.dll
+ 2009-10-28 17:14 . 2009-10-28 17:14 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_hjxoaa0f.dll
+ 2010-02-08 20:49 . 2010-02-08 20:48 670320 c:\windows\Installer\SandboxieInstall32.exe
+ 2010-02-21 15:34 . 2010-02-21 15:34 796672 c:\windows\Installer\a9461519.msi
+ 2009-10-27 20:35 . 2009-10-27 20:35 501248 c:\windows\Installer\877d1.msi
+ 2009-10-27 20:35 . 2009-10-27 20:35 501248 c:\windows\Installer\877bd.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 506880 c:\windows\Installer\877b8.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 516608 c:\windows\Installer\877b1.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 513024 c:\windows\Installer\877ab.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 501248 c:\windows\Installer\877a1.msi
+ 2009-10-27 20:33 . 2009-10-27 20:33 501248 c:\windows\Installer\8777d.msi
+ 2009-12-01 13:43 . 2009-12-01 13:43 363520 c:\windows\Installer\807f458b.msi
+ 2007-10-15 04:44 . 2007-10-15 04:44 324608 c:\windows\Installer\323bf2e3.msp
+ 2007-10-15 04:46 . 2007-10-15 04:46 324608 c:\windows\Installer\323bf2dd.msp
+ 2009-11-06 14:49 . 2009-11-06 14:49 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.DD6CC3A9.6762.4279.A9EA.73BC8C734F59.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.884A0563.2C9A.499E.8765.D5F66B6B71D5.exe
+ 2007-08-29 04:16 . 2007-08-29 04:16 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-08-24 08:43 . 2007-08-24 08:43 593296 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-29 04:39 . 2007-08-29 04:39 625560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 08:43 . 2007-08-24 08:43 138648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2009-11-06 14:39 . 2009-11-06 14:39 251272 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-29 04:06 . 2007-08-29 04:06 467840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-29 04:38 . 2007-08-29 04:38 500648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2009-10-27 20:40 . 2009-10-27 20:40 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 19:23 . 2006-10-27 19:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 18:05 . 2006-10-26 18:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 19:21 . 2006-07-28 19:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 00:13 . 2006-10-27 00:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-27 00:09 . 2006-10-27 00:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2009-10-27 20:40 . 2009-10-27 20:40 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 01:30 . 2006-10-27 01:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-26 22:53 . 2006-07-26 22:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 00:23 . 2006-10-27 00:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 19:39 . 2006-10-27 19:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 00:32 . 2006-10-27 00:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 00:06 . 2006-10-27 00:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:56 . 2006-10-26 17:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 23:50 . 2006-10-26 23:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 17:56 . 2006-10-26 17:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 18:59 . 2006-10-27 18:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2009-10-27 20:41 . 2009-10-27 20:41 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2009-10-27 20:41 . 2009-10-27 20:41 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 19:09 . 2006-10-27 19:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 00:12 . 2006-10-27 00:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 19:41 . 2006-10-27 19:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 23:49 . 2006-10-26 23:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2009-12-09 20:29 . 2009-12-09 20:29 619520 c:\windows\Downloaded Program Files\WebEx\824\unires.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 197120 c:\windows\Downloaded Program Files\WebEx\824\unidrvui.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 239104 c:\windows\Downloaded Program Files\WebEx\824\unidrv.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 110592 c:\windows\Downloaded Program Files\WebEx\824\uilibres.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 708608 c:\windows\Downloaded Program Files\WebEx\824\pfwres.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 364544 c:\windows\Downloaded Program Files\WebEx\824\mvc.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 585728 c:\windows\Downloaded Program Files\WebEx\824\mutiltpd.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 188416 c:\windows\Downloaded Program Files\WebEx\824\msess.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 548864 c:\windows\Downloaded Program Files\WebEx\824\mmssl32.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 323584 c:\windows\Downloaded Program Files\WebEx\824\mcres.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 221254 c:\windows\Downloaded Program Files\WebEx\824\h264enc.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 294989 c:\windows\Downloaded Program Files\WebEx\824\h264dec.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 118784 c:\windows\Downloaded Program Files\WebEx\824\flvstrm.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 315392 c:\windows\Downloaded Program Files\WebEx\824\atwbxui6.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 102400 c:\windows\Downloaded Program Files\WebEx\824\atucfobj.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 135168 c:\windows\Downloaded Program Files\WebEx\824\attp.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 294912 c:\windows\Downloaded Program Files\WebEx\824\atpollk2.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 135168 c:\windows\Downloaded Program Files\WebEx\824\atpng12.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 339968 c:\windows\Downloaded Program Files\WebEx\824\atlchat.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 119883 c:\windows\Downloaded Program Files\WebEx\824\atdl2006.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 405912 c:\windows\Downloaded Program Files\WebEx\824\atasctrl.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 105545 c:\windows\Downloaded Program Files\WebEx\824\atas32.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 274432 c:\windows\Downloaded Program Files\WebEx\824\atarm.dll
+ 2009-12-09 20:28 . 2009-12-09 20:28 126360 c:\windows\Downloaded Program Files\atgpcext.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 214344 c:\windows\Downloaded Program Files\atcliun.exe
+ 2009-10-27 20:41 . 2009-10-27 20:41 330520 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 105248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 211736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2009-11-06 14:39 . 2009-11-06 14:39 611392 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 367400 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2009-11-06 14:39 . 2009-11-06 14:39 120408 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 416544 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-10-27 20:40 . 2009-10-27 20:40 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-11-06 14:38 . 2009-11-06 14:38 783744 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2009-11-06 14:44 . 2009-11-06 14:44 250928 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 150320 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2004-08-11 22:12 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-05-09 18:39 . 2008-12-08 15:41 1064960 c:\windows\system32\spool\drivers\w32x86\3\KMUU50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 1069056 c:\windows\system32\spool\drivers\w32x86\3\KMUC50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 2048000 c:\windows\system32\spool\drivers\w32x86\3\KMSP50C2.DLL
+ 2009-05-09 18:39 . 2008-12-08 19:09 6070272 c:\windows\system32\spool\drivers\w32x86\3\KMRC50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 2355200 c:\windows\system32\spool\drivers\w32x86\3\KMFS50C2.DLL
+ 2009-05-09 18:39 . 2008-12-02 21:05 1310720 c:\windows\system32\spool\drivers\w32x86\3\KM3M50C2.DLL
+ 2009-10-27 20:06 . 2007-03-22 00:39 1060864 c:\windows\system32\MFC71.DLL
- 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\system32\FM20.DLL
+ 2007-08-23 06:03 . 2007-08-23 06:03 1195888 c:\windows\system32\FM20.DLL
+ 2009-12-01 13:43 . 2008-03-27 22:49 1112288 c:\windows\system32\DRVSTORE\motport_D1AA7938B5CBE89ABCB9F61590A46C4803290ABE\wdfcoinstaller01007.dll
+ 2009-12-01 13:43 . 2008-03-27 22:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_C210EE23FE2A3567436D5DD56F9ED7C5ABAFA489\wdfcoinstaller01007.dll
+ 2009-12-01 13:43 . 2008-03-27 22:49 1112288 c:\windows\system32\DRVSTORE\motmodem_B13E285A455F24E92BE3AFD123D7871340C51428\wdfcoinstaller01007.dll
+ 2004-08-11 22:12 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-10-12 15:19 . 2009-10-12 15:19 9287680 c:\windows\Installer\88509.msp
+ 2009-10-27 20:35 . 2009-10-27 20:35 1640960 c:\windows\Installer\877d6.msi
+ 2009-10-27 20:35 . 2009-10-27 20:35 1652736 c:\windows\Installer\877cc.msi
+ 2009-10-27 20:35 . 2009-10-27 20:35 1652736 c:\windows\Installer\877c7.msi
+ 2009-10-27 20:35 . 2009-10-27 20:35 1652736 c:\windows\Installer\877c2.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 2319872 c:\windows\Installer\877a6.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 1647616 c:\windows\Installer\8779c.msi
+ 2009-10-27 20:34 . 2009-10-27 20:34 1640960 c:\windows\Installer\8778e.msi
+ 2009-10-27 20:33 . 2009-10-27 20:33 2022912 c:\windows\Installer\87789.msi
+ 2009-10-27 20:33 . 2009-10-27 20:33 1713152 c:\windows\Installer\87783.msi
+ 2009-10-27 20:33 . 2009-10-27 20:33 2397184 c:\windows\Installer\87778.msi
+ 2008-02-15 13:54 . 2008-02-15 13:54 9736192 c:\windows\Installer\323bf3fa.msp
+ 2008-11-13 07:54 . 2008-11-13 07:54 9576960 c:\windows\Installer\323bf3da.msp
+ 2008-10-10 11:52 . 2008-10-10 11:52 5195264 c:\windows\Installer\323bf3d2.msp
+ 2008-10-10 11:39 . 2008-10-10 11:39 1926144 c:\windows\Installer\323bf391.msp
+ 2008-04-11 23:08 . 2008-04-11 23:08 6302720 c:\windows\Installer\323bf374.msp
+ 2008-04-11 23:48 . 2008-04-11 23:48 6774272 c:\windows\Installer\323bf31f.msp
+ 2009-09-18 14:30 . 2009-09-18 14:30 5016576 c:\windows\Installer\323bf2fc.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 5749760 c:\windows\Installer\323bf2bd.msp
+ 2008-05-21 05:45 . 2008-05-21 05:45 5246976 c:\windows\Installer\323bf1be.msp
+ 2008-10-10 11:48 . 2008-10-10 11:48 9688064 c:\windows\Installer\323bf15f.msp
+ 2008-11-13 07:55 . 2008-11-13 07:55 1306624 c:\windows\Installer\323bf139.msp
+ 2009-10-27 19:31 . 2009-10-27 19:31 1639936 c:\windows\Installer\2c72dc.msi
+ 2009-10-27 20:43 . 2009-11-06 14:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.D850DF0F.A510.4A69.8317.7DA6A34179BC.exe
+ 2009-10-27 20:43 . 2009-11-06 14:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-05-09 22:19 . 2007-05-09 22:19 2585936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-29 04:06 . 2007-08-29 04:06 7990144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-10-03 00:51 . 2007-10-03 00:51 8436776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-29 04:38 . 2007-08-29 04:38 9584512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2006-10-26 18:05 . 2006-10-26 18:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-27 18:57 . 2006-10-27 18:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 19:04 . 2006-10-27 19:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 20:25 . 2006-09-15 20:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 00:07 . 2006-10-27 00:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 19:03 . 2006-10-27 19:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 19:03 . 2006-10-27 19:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 19:16 . 2006-10-27 19:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 00:14 . 2006-10-27 00:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 00:00 . 2006-10-27 00:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 00:02 . 2006-10-27 00:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 23:21 . 2006-10-26 23:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 23:49 . 2006-10-26 23:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2009-12-09 20:29 . 2009-12-09 20:29 1336648 c:\windows\Downloaded Program Files\WebEx\824\webexmgr.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 2195456 c:\windows\Downloaded Program Files\WebEx\824\atres.dll
+ 2009-12-09 20:29 . 2009-12-09 20:29 1884160 c:\windows\Downloaded Program Files\WebEx\824\atpdmod.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 1276720 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-10-27 20:40 . 2009-10-27 20:40 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2009-10-27 20:41 . 2009-10-27 20:41 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2009-10-27 20:43 . 2009-10-27 20:43 18181632 c:\windows\Installer\88508.msi
+ 2009-10-27 20:07 . 2009-10-27 20:07 15517184 c:\windows\Installer\4bb752.msi
+ 2009-10-27 15:33 . 2009-10-27 15:33 15517184 c:\windows\Installer\4bb74d.msi
+ 2008-10-10 11:51 . 2008-10-10 11:51 14699520 c:\windows\Installer\323bf3e2.msp
+ 2008-10-10 11:45 . 2008-10-10 11:45 12962816 c:\windows\Installer\323bf3ca.msp
+ 2008-10-20 15:16 . 2008-10-20 15:16 13211648 c:\windows\Installer\323bf3ac.msp
+ 2008-10-10 11:30 . 2008-10-10 11:30 19258880 c:\windows\Installer\323bf357.msp
+ 2009-02-26 00:05 . 2009-02-26 00:05 11840000 c:\windows\Installer\323bf339.msp
+ 2008-10-10 11:31 . 2008-10-10 11:31 18447872 c:\windows\Installer\323bf304.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 12743168 c:\windows\Installer\323bf2ce.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 21981184 c:\windows\Installer\323bf281.msp
+ 2008-05-21 06:30 . 2008-05-21 06:30 14308864 c:\windows\Installer\323bf1a0.msp
+ 2008-10-10 11:39 . 2008-10-10 11:39 18344960 c:\windows\Installer\323bf157.msp
+ 2007-09-06 22:56 . 2007-09-06 22:56 17490800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-06 01:37 . 2007-10-06 01:37 17927192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2006-10-27 19:23 . 2006-10-27 19:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 19:14 . 2006-10-27 19:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 19:01 . 2006-10-27 19:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 19:07 . 2006-10-27 19:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2007-10-15 04:43 . 2007-10-15 04:43 229852160 c:\windows\Installer\323bf27a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@BackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2008-12-04 611768]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-27 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk.disabled [2009-5-27 2447]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 16:01 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1027974840-963139602-2724130292-1273\Scripts\Logoff\0\0]
"Script"=logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1027974840-963139602-2724130292-1273\Scripts\Logon\0\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1027974840-963139602-2724130292-1273\Scripts\Logon\1\0]
"Script"=mapdrive_all.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 15:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=

R1 NEOFLTR_550_12857;Juniper Networks TDI Filter Driver (NEOFLTR_550_12857);c:\windows\system32\drivers\NEOFLTR_550_12857.sys [3/10/2008 11:07 PM 64144]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [1/6/2009 12:04 PM 86552]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 3:45 AM 199384]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/27/2009 3:18 PM 102448]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2/3/2010 5:40 AM 115432]
S2 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/27/2009 10:32 AM 23888]
S3 DCUParse71;STAR DCU Parse 7.2;c:\program files\Hexagram\Star 7\Services\DCU Parse 7\DCUParse7.exe [10/10/2008 11:58 AM 139264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/1/2009 11:11 AM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/1/2009 11:11 AM 8320]
S3 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [9/1/2009 11:11 AM 91392]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/1/2009 8:43 AM 23936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [11/17/2008 11:39 AM 58240]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [1/6/2009 12:03 PM 24876]
S3 Star_Routing;STAR Routing;c:\program files\Hexagram\Star 7\Services\Routing\RoutingService.exe [1/15/2009 2:57 PM 11264]
S3 STARAlarm;STAR Alarm Monitoring Service;c:\program files\Hexagram\Star 7\Services\Star Alarm Processor 7\StarAlarmProcessor.exe [12/5/2007 3:11 PM 36864]
S3 STARRouting;STAR Routing 7.1;"c:\program files\Hexagram\Star 7\Services\Star Routing and Redundancy\StarRouting.exe" --> c:\program files\Hexagram\Star 7\Services\Star Routing and Redundancy\StarRouting.exe [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aclaratech.com\mail
Trusted Zone: box.net\www
Trusted Zone: citizensbankonline.com\www2
FF - ProfilePath - c:\documents and settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 21:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1840)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\StacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-03-06 21:49:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-07 02:49
ComboFix2.txt 2009-10-15 18:30

Pre-Run: 99,467,284,480 bytes free
Post-Run: 99,507,511,296 bytes free

- - End Of File - - C6413975031BCC5EEA29BF931BC93DCF


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:56 AM

Posted 19 March 2010 - 01:45 PM

You appear to have posted the virustotal results for userinit, not to worry though, I can see that file is bad now I know it's real
name smile.gif

QUOTE
combofix log below. (I have since uninstalled sandboxie, btw)


How come you have done that did you not like it? I think it's a very good program.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/300990/possible-zeus-infection-connecting-to-moonrideryouru/

Collect::
c:\windows\system32\stu2_xx.exe
FCopy::
c:\windows\ERDNT\cache\userinit.exe  c:\windows\system32\userinit.exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#9 mark_pgh

mark_pgh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 23 March 2010 - 10:44 AM

QUOTE(syler @ Mar 19 2010, 01:45 PM) View Post
How come you have done that did you not like it? I think it's a very good program.


It seemed that my problems started around the same time that I installed sandboxie, so I deleted it. I will probably reinstall soon as it was likely a coincidence.

Note that I am unable to disable (!) Symantec AV- it is a corporate install that will not allow me to disable it.

Combofix log below, thanks for your help!!

---------------
ComboFix 10-03-22.03 - mschaefer 03/23/2010 11:27:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2135 [GMT -4:00]
Running from: c:\documents and settings\mschaefer\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\mschaefer\Desktop\cfscript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

file zipped: c:\windows\system32\stu2_xx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\stu2_xx.exe

----- BITS: Possible infected sites -----

hxxp://rf-iis01:8530
.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-17 20:07 . 2010-03-17 20:07 -------- d-----w- c:\windows\system32\winrm
2010-03-17 20:07 . 2010-03-17 20:07 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-03-17 20:06 . 2010-03-17 20:06 -------- d-----w- c:\windows\ie8updates
2010-03-15 15:05 . 2010-03-15 15:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ethereal
2010-03-15 14:37 . 2010-03-15 14:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-15 14:37 . 2010-03-15 14:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-15 14:05 . 2010-03-17 20:23 3095072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-15 12:58 . 2010-03-15 13:27 -------- d-----w- C:\rsit
2010-03-14 20:33 . 2010-03-14 20:33 -------- d-----w- c:\documents and settings\mschaefer\Local Settings\Application Data\IsolatedStorage
2010-03-09 16:55 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-09 16:55 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-09 16:50 . 2009-12-14 07:08 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-03-09 16:50 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-03-09 16:43 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-09 16:43 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-03-09 16:43 . 2009-11-27 16:07 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-03-09 16:43 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-09 16:43 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-03-09 16:43 . 2009-12-16 18:43 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-03-07 15:43 . 2010-03-08 15:41 2 --shatr- c:\windows\winstart.bat
2010-03-07 15:43 . 2010-03-08 16:32 -------- d-----w- c:\program files\UnHackMe
2010-03-07 05:46 . 2010-03-07 05:46 -------- d-----w- c:\program files\Sophos
2010-03-06 18:40 . 2010-03-06 18:40 -------- d-----w- c:\temp\MotoConnectTemp
2010-03-02 00:46 . 2010-03-02 00:46 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-02-28 17:10 . 2010-02-28 17:10 1955624 ----a-w- c:\documents and settings\mschaefer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 18:18 . 2008-11-05 17:10 -------- d-----w- c:\documents and settings\mschaefer\Application Data\ZipGenius
2010-03-17 20:17 . 2008-11-06 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-17 19:43 . 2008-11-05 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 13:27 . 2009-10-14 19:55 -------- d-----w- c:\program files\Trend Micro
2010-03-14 20:32 . 2009-04-10 20:00 -------- d-----w- c:\program files\TurboTax
2010-03-09 15:34 . 2009-10-27 20:08 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-03-07 16:31 . 2010-02-08 20:49 -------- d-----w- c:\program files\Sandboxie
2010-03-07 02:03 . 2009-11-26 17:47 -------- d-----w- c:\program files\Yahoo!
2010-03-04 22:35 . 2008-09-24 03:27 122167 ----a-w- c:\windows\system32\nvModes.dat
2010-03-01 22:25 . 2008-12-07 18:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 20:49 . 2008-12-04 14:39 -------- d-----w- c:\documents and settings\mschaefer\Application Data\Online Backup
2010-02-09 19:34 . 2008-11-11 22:21 -------- d-----w- c:\documents and settings\mschaefer\Application Data\CoreFTP
2010-02-08 18:29 . 2010-02-08 18:29 6 ----a-w- c:\windows\Fonts\wfonts.key
2010-01-19 20:04 . 2010-01-19 20:03 2066432 ----a-w- c:\documents and settings\mschaefer\Application Data\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_RevA.exe
2010-01-11 16:23 . 2009-12-11 19:49 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:07 . 2009-10-15 16:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-10-15 16:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-11 22:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-03-07_02.44.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 20:35 . 2010-03-14 20:35 45344 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2010-03-14 20:35 . 2010-03-14 20:35 40224 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2010-03-21 14:49 . 2010-03-21 14:49 16384 c:\windows\Temp\Perflib_Perfdata_b4c.dat
+ 2010-03-19 12:32 . 2010-03-19 12:32 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2010-03-19 12:31 . 2010-03-19 12:31 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
+ 2009-10-09 19:56 . 2009-10-09 19:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 19:56 . 2009-10-09 19:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 12800 c:\windows\system32\wksprtPS.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-09 21:22 . 2009-10-09 21:22 69632 c:\windows\system32\winrs.exe
+ 2009-10-09 19:56 . 2009-10-09 19:56 25088 c:\windows\system32\winrmprov.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 24064 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2004-08-11 22:00 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
+ 2008-09-24 03:40 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-10-19 18:06 . 2009-10-19 18:06 46080 c:\windows\system32\TSWbPrxy.exe
+ 2008-11-05 15:07 . 2009-10-19 18:06 36864 c:\windows\system32\tsgQec.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-11 22:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2008-09-24 04:02 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-09-24 04:02 . 2009-06-16 14:58 26144 c:\windows\system32\spupdsvc.exe
+ 2009-02-10 17:20 . 2009-06-16 14:58 16928 c:\windows\system32\spmsg.dll
- 2009-02-10 17:20 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-11 22:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2009-10-09 21:22 . 2009-10-09 21:22 42496 c:\windows\system32\pwrshplugin.dll
+ 2004-08-04 05:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2004-08-11 22:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-11 22:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 44544 c:\windows\system32\MsRdpWebAccess.dll
- 2007-08-13 22:54 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2004-08-11 22:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 05:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2004-08-11 22:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
- 2004-08-11 22:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2004-08-11 22:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 12800 c:\windows\system32\dllcache\wksprtPS.dll
+ 2004-08-11 22:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\userinit.exe
+ 2009-10-19 18:06 . 2009-10-19 18:06 46080 c:\windows\system32\dllcache\TSWbPrxy.exe
+ 2009-10-19 18:06 . 2009-10-19 18:06 36864 c:\windows\system32\dllcache\tsgQec.dll
+ 2009-12-11 16:41 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-12-11 16:41 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 44544 c:\windows\system32\dllcache\MsRdpWebAccess.dll
+ 2008-10-07 14:16 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-10-07 14:16 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-11-06 14:32 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2008-09-24 03:37 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-09-24 03:37 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-11 16:41 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-11 22:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
- 2008-10-07 13:26 . 2010-03-06 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-07 13:26 . 2010-03-23 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-28 12:45 . 2010-03-06 22:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-09 01:02 . 2010-03-23 00:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 22:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2010-03-19 17:46 . 2010-03-19 17:46 55808 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\ff8a1769\00f8698b_38e3c701\StarXmitStatistics.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 55808 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\ff8a1769\00f8698b_38e3c701\StarXmitStatistics.DLL
+ 2010-03-19 17:46 . 2010-03-19 17:46 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\d8a457c2\009cf7eb_6b0ac701\StarCommunicationServices.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\d8a457c2\009cf7eb_6b0ac701\StarCommunicationServices.DLL
+ 2010-03-19 17:46 . 2010-03-19 17:46 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\b6e74f9a\001ba9ca_b171c901\StarHHData.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\b6e74f9a\001ba9ca_b171c901\StarHHData.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\7a5cabd0\008e5bbc_d726c801\StarSettings.DLL
+ 2010-03-19 17:46 . 2010-03-19 17:46 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\7a5cabd0\008e5bbc_d726c801\StarSettings.DLL
+ 2010-03-19 17:46 . 2010-03-19 17:46 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_WebReferences.jdn_sjrq.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_pd7lrz0a.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_mpwcgmmx.dll
+ 2010-03-19 18:10 . 2010-03-19 18:10 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_kn4bpho3.dll
+ 2010-03-19 18:10 . 2010-03-19 18:10 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_gigsxfvo.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_default.aspx.cdcab7d2.rf-g1zhj.dll
+ 2010-03-19 17:46 . 2010-03-19 17:46 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Code.rzn1mfy6.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-14 20:38 . 2010-03-14 20:38 26112 c:\windows\Installer\1ee495f2.msi
+ 2010-03-14 20:35 . 2010-03-14 20:35 62976 c:\windows\Installer\1ee494fd.msi
+ 2010-03-14 20:33 . 2010-03-14 20:33 23040 c:\windows\Installer\1ee494ef.msi
+ 2010-03-17 20:06 . 2010-03-17 20:06 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2008-11-05 17:19 . 2010-03-17 20:16 12288 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-05 17:19 . 2009-03-24 16:24 12288 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-17 20:15 . 2010-03-17 20:15 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-07-17 17:13 . 2009-07-17 17:13 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 02:13 . 2006-10-27 02:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2010-03-17 20:22 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-03-17 20:22 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-03-17 20:22 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-03-09 16:50 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-03-09 16:43 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_62ee5dcf\System.Drawing.Design.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b740f46d\CustomMarshalers.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\d5571c7e999e9d8e39942e8536ae1fc8\VSLangProj.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\94ff1a551da2dbcc2ad21b0db491e74e\VSLangProj.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\c954f3e54c8ea28e46b0ccc69c3d7a67\VjsWfcBrowserStubLib.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 49664 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\8f64febbb53b074b7d6fe3af2ceaebab\vjsvwaux.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\0292461f4f6d6afac3cabfb63c2f768a\vjslibcw.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\5b3b096a86d13e6d53b2028b96f0c901\vjsjbc.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\68100b90f02ed0bdbb47d46d1c12ebb8\vjscor.ni.dll
+ 2010-03-17 22:06 . 2010-03-17 22:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\fb599084ed309e5eb11a86784aa2d81b\TVM.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\150bc49d6eef15cb0f2a642b566a081a\TVM.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d5508d1d8577e42bcff02286c9a182b4\stdole.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 83456 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\e4d5017b0891523fe0eac6b9fda6a165\SqlWorkbench.Interfaces.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 40448 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlToolsMailUtiliti#\4c23e87fd1a97e21641edef946384d57\SqlToolsMailUtilities.ni.dll
+ 2010-03-17 20:22 . 2010-03-17 20:22 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-03-17 20:22 . 2010-03-17 20:22 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\PerformanceCounter\001b84e7fc5a8cf8b80543292b2110db\PerformanceCounter.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\NetShareEnum\b54bcc9e9527f677d482605211e377e3\NetShareEnum.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\msddslmp\46239e5bf2e82c317017df63f4d9a8fe\msddslmp.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 13312 c:\windows\assembly\NativeImages_v2.0.50727_32\MSDATASRC\78ea5870e0da85d60cdcea352eaf1fd2\MSDATASRC.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\2f6d26933767848fd267b84b8b3b0cb3\Microsoft.WSMan.Runtime.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\fa5d088b15e4d4f0b8173008fbad39ea\Microsoft.WSMan.Management.resources.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 13312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\aa2ac1e61fdc98b952843accb2caf232\Microsoft.VisualStudio.ProjectAggregator.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8bf7977c9827c97857dd9b3473f918b7\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8172dd5ea033a5f2cf63516d5ff976da\Microsoft.VisualStudio.DataTools.Interop.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\62f35eb355b572e3f77be69b7c449a8a\Microsoft.VisualStudio.vspSqlTDiagM.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 64000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5e886f146f28cac1399d25d7779a529a\Microsoft.VisualStudio.vspWmiEnum.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 59392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5d8127a6b03423f3f190ed021010ab66\Microsoft.VisualStudio.Data.Interop.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3b4691aa8c743654a3f84f911bfc1c1d\Microsoft.VisualStudio.vspServiceBrokerEnum.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2a78575eee4699ddf72eb260bcf077ad\Microsoft.VisualStudio.VSHelp.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\06bbb13c7b73734ccb6663d7d3987c6e\Microsoft.VisualStudio.VSHelp80.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 82432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fd440d1ae6aeb5c66d4cb6a1e322505d\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fb5c842843666193e679d582b92b9dec\Microsoft.SqlServer.DtsMigration.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 83968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fa5d200dc05b4bfdbd0aa47456866f21\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 45056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f3e949776ad312517afcc045c7ef2dd8\Microsoft.SqlServer.DTS8HelperUtility.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 83968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\efeef5ad3cbecf2e17393bc182fb7e02\Microsoft.SqlServer.FtpTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e5815f9169931779fe5de8daba808884\Microsoft.SqlServer.ForEachFileEnumeratorWrap.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e05a9487453749629babc4565e9f2780\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e02612a08a2b68504a7453337ab9aa8c\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 72192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\de360fe1fa092a4f6c53eaa2caf28826\Microsoft.SqlServer.SendMailTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dcae7624804d9fa5579e0f9c797415aa\Microsoft.SqlServer.DTS9HelperUtility.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 64512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d5dae7de77858ff464a8eb5e6fa862a8\Microsoft.SqlServer.DataReaderDest.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 37376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d1bee7fb17b218fbedce850debfe75a1\Microsoft.SqlServer.CDWTasks.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cf82600f3edc005e5bb9d2d64e71ecd8\Microsoft.SqlServer.SString.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 63488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c5fc8ecd41373a0e1fb663a2bf1d83dd\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c2e1a2c4124dfd914c5e0284de9d0f9a\Microsoft.SqlServer.DTEnum.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c1d496b0bc54489c764cb9fb1442b9ae\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 29184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b89912e8f4b88e4f068532b53875afe6\Microsoft.SqlServer.ConnectionsMigrationModule.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a8ec5aba5341c8d38430959946eee05c\Microsoft.SqlServer.Instapi.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a2f368b12411da24d131204c232aee7a\Microsoft.SqlServer.VariablesMigrationModule.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\976c774feab7850ae23c284155a354b8\Microsoft.SqlServer.SQLTaskConnectionsWrap.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 56832 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\92f744db9fe00baefbb0dc91d1cff9c6\Microsoft.SqlServer.VSAHosting.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9166878238b36fb4d1efa317e49c9d2f\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 69632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8aa2aa2f5b77b78ff7b50f16567935d3\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\88a4bdecfe7b92a8ba21cde08ae4e8ce\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8081c9694dc934ae86e71037c45b4b56\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7fbf683182e27f684fb539b9ddd86323\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7be42c6eeec84ae5939069fecc0f9be4\Microsoft.SqlServer.TableTransferGeneratorTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6c56ab2ed8e1257c130c0b5251664b92\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 40960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6c5653fd501e31ab66f0746b647dffd8\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 55808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\673c00829859d1c7fc36e0bf96b10cb2\Microsoft.SqlServer.DTSCustTasks.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5cb63cdcb5d236a2ba65c1d13a9157ed\Microsoft.SqlServer.DlgGrid.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 69632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\549ef1daf410519884a873e3475bfb98\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5454bfee6278a6e6ef11e5624b1d1038\Microsoft.SqlServer.DTS8HelperObjectModel.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4f8c70f320c4fec43ec0faeee743a482\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 22528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\458808d5ede0a8965aa70ec5e58e7296\Microsoft.SqlServer.DtsServer.Interop.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\43c1e949ee9a1ad6905cad5e715a734a\Microsoft.SqlServer.VSAHostingDT.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 69120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\42e45af07e1f048b9e2a8f28dfe50cc1\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3a8b1d10ee9abcb3b5249175b5fd047b\Microsoft.SqlServer.PackageFormatUpdate.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\35419fe6d4aab26c8a05d171f04b06d1\Microsoft.SqlServer.DTSUtilities.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 93184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\327c137c15830612ba4b2b922e2b612b\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3188b0d564df3d2f06dea7ed5e137450\Microsoft.SqlServer.ScriptTaskUI.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\30d039deb42de1baf8597a9e03172fb3\Microsoft.SqlServer.Edition.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2bcc031f315c416e85d25b818def0211\Microsoft.SqlServer.WorkFlowMigrationModule.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\24700e2b1e39c0ae7e7ca8c6acb2891c\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\21c99786991fffb4dd7b2a55d869aca7\Microsoft.SqlServer.ASTasks.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1b0bf5335117c85de7c57202e393104e\Microsoft.SqlServer.Dts.DtsClient.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\12da6fb6b37271676a9950e5b456a43b\Microsoft.SqlServer.HelperUtility.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\10e6006197e2b6650366a5e044d0c188\Microsoft.SqlServer.ForEachFromVarEnumerator.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0eb8b21f620426b01b5d85a3870928a0\Microsoft.SqlServer.ExecPackageTaskWrap.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 62464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0adcb50792d4d706a912152666a2dad0\Microsoft.SqlServer.ExecProcTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\07396467d355e13b08f478a9d52801b8\Microsoft.SqlServer.ActiveXScriptTask.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 33280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\01e462ede991bc80c73f4fb7537495f3\Microsoft.SqlServer.Dts.Design.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 93184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\01b697cad858dee14f063cc38f23ae05\Microsoft.SqlServer.OlapEnum.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\b695e67f3b8a96ef629a51ea48ca3902\Microsoft.ReportingServices.Interfaces.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bf5726c79172ad8a45a7114f1b8f3f7e\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9b2a698e603d1cf0d19c083dc39d1d7b\Microsoft.PowerShell.Editor.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\735a4719bea85fe8b3a54207a95bfcf5\Microsoft.PowerShell.Commands.Diagnostics.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3299617d786b1277c3664ad5ae0d2a42\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f71f3e6224fe2adf9dd89efc712e4a4\Microsoft.PowerShell.GPowerShell.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\28aad9ce73d578cbd57efb27966ac255\Microsoft.PowerShell.GraphicalHost.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2601faa66db9e2db95ca019fd9e4000e\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\206fb781bef989ee10d70a16f69b0d95\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 59904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\9cf88243166f4680c7adbfabc3eb12a8\Microsoft.DataWarehouse.Layout.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 91136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\6bd71f6dba85796ae2e9756ad203294f\Microsoft.DataWarehouse.SQM.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\0bdf01a2a192eaa99b297a5dd74bf84f\Microsoft.DataWarehouse.Interfaces.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\b2ef5a42c0fb5abd5ca8c01b3b31f6f3\Microsoft.DataTransformationServices.Interfaces.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Data.Conn#\ade2095ee9266702183642c79141b4a2\Microsoft.Data.ConnectionUI.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\84511052318cb515e2939c9f18160ad3\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\6646d2130f7d86a7183a55745dfaf1cb\Microsoft.BackgroundIntelligentTransfer.Management.resources.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 83456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\9c0cc28a1edbbd61ee6176c52a123af7\Microsoft.AnalysisServices.OleDbDM.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 59904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\51ae573eeca4cc8eba43d34c6a4805a1\Microsoft.AnalysisServices.Normalizer.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\MFCMIFC80\9390545cf3d3c7a121d0ca7d2fcef155\MFCMIFC80.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\MFCMIFC80\07f5aae8f5a17413fdd787735fbe8ab9\MFCMIFC80.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\ff1a31e6c38f4ceb32b39adfd8d960da\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\c3f4957afcbd146ce43c95634dd579a4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\interop.msdasc\f2e9a4c00a1346b978fe843274b55641\interop.msdasc.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\dtattach\e3111b9953e99d9307ff182d0f072049\dtattach.ni.exe
+ 2010-03-17 22:37 . 2010-03-17 22:37 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-03-17 22:33 . 2010-03-17 22:33 75264 c:\windows\assembly\NativeImages_v2.0.50727_32\DdsShapesLib\d7e7fdbcc1b0c982822b54ac17b6b333\DdsShapesLib.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 16384 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 43520 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.XmlSerializers.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 73728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 18720 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 46880 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 23840 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
- 2009-04-10 20:03 . 2009-04-10 20:03 23840 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
- 2009-04-10 20:03 . 2009-04-10 20:03 12064 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 12064 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 45344 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2010-03-14 20:35 . 2010-03-14 20:35 40224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2010-03-14 20:35 . 2010-03-14 20:35 54560 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2010-03-14 20:34 . 2010-03-14 20:34 70432 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-09 19:57 . 2009-10-09 19:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2010-03-17 20:20 . 2010-03-17 20:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 2048 c:\windows\system32\winrsmgr.dll
+ 2009-10-09 21:23 . 2009-10-09 21:23 4608 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2009-10-09 21:23 . 2009-10-09 21:23 4096 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.resources.dll
+ 2001-08-18 03:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2010-03-19 17:46 . 2010-03-19 17:46 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\39ed1f75\00c5b9f5_4561c901\StarControls.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\39ed1f75\00c5b9f5_4561c901\StarControls.DLL
+ 2010-03-19 17:46 . 2010-03-19 17:46 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_global.asax.sesdkfgo.dll
+ 2008-11-05 17:19 . 2010-03-17 20:16 4096 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-05 17:19 . 2009-03-24 16:24 4096 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-05 17:17 . 2010-03-17 20:16 4096 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-05 17:17 . 2008-12-28 18:04 4096 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-03-09 16:43 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-02-10 17:16 . 2009-02-10 17:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
+ 2010-03-17 20:20 . 2010-03-17 20:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-06-05 19:14 . 2006-06-05 19:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
- 2006-06-05 19:14 . 2006-06-05 19:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 19:14 . 2006-06-05 19:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 209408 c:\windows\system32\WsmWmiPl.dll
+ 2009-10-09 21:22 . 2009-10-09 21:22 368640 c:\windows\system32\WsmRes.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 139776 c:\windows\system32\WsmAuto.dll
+ 2009-10-09 19:56 . 2009-10-09 19:56 225280 c:\windows\system32\wsmanhttpconfig.exe
+ 2004-08-11 22:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 223232 c:\windows\system32\wksprt.exe
+ 2009-10-09 19:56 . 2009-10-09 19:56 233984 c:\windows\system32\winrscmd.dll
+ 2009-08-01 04:27 . 2009-08-01 04:27 201184 c:\windows\system32\winrm.vbs
+ 2004-08-11 22:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet.dll
+ 2004-08-11 22:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2009-10-09 21:23 . 2009-10-09 21:23 148480 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2009-10-09 19:57 . 2009-10-09 19:57 204800 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2009-10-09 19:56 . 2009-10-09 19:56 448000 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2009-10-09 19:57 . 2009-10-09 19:57 112640 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 15:22 . 2009-07-16 15:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-09 21:23 . 2009-10-09 21:23 178176 c:\windows\system32\wevtfwd.dll
+ 2004-08-11 22:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2004-08-11 22:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
- 2004-08-11 22:00 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2004-08-11 22:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
+ 2004-08-11 22:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-11 22:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2004-08-11 22:00 . 2010-03-19 12:36 576744 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2010-03-19 12:36 115948 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-11 22:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2004-08-11 22:00 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
- 2004-08-11 22:11 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
+ 2004-08-11 22:11 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
+ 2007-08-13 22:54 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
- 2004-08-11 22:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 22:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2008-11-06 19:53 . 2010-03-19 17:48 270524 c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-11-05 15:07 . 2009-09-06 07:09 126976 c:\windows\system32\inetsrv\ftpsvc2.dll
+ 2004-08-11 22:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 22:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:06 . 2010-03-17 21:40 284520 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2009-11-06 14:52 284520 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:00 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 04:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2008-11-05 15:07 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 223232 c:\windows\system32\dllcache\wksprt.exe
+ 2008-09-24 03:37 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-05-14 15:18 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-11-06 14:32 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-11-05 14:14 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 22:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-11 16:41 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2007-08-13 22:44 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-12-11 16:37 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2009-08-18 13:50 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-08-18 13:50 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-10-07 14:16 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-07 14:16 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-11 21:20 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-09-24 03:37 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:39 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-12-11 16:41 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-11-06 14:32 . 2009-09-06 07:09 126976 c:\windows\system32\dllcache\ftpsvc2.dll
+ 2009-12-11 16:41 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 130560 c:\windows\system32\dllcache\aaclient.dll
+ 2008-11-05 15:07 . 2009-10-19 18:06 130560 c:\windows\system32\aaclient.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_uccls8ev.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 233472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_mglo7x00.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 159744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_js_mtucontrol.ascx.cdcab7d2.hlwnnxti.dll
+ 2010-03-19 18:10 . 2010-03-19 18:10 241664 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_ezspvxfg.dll
+ 2010-03-19 17:47 . 2010-03-19 17:47 139264 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\App_Web_aqxlj6o0.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-09-09 19:40 . 2009-09-09 19:40 632320 c:\windows\Installer\b5e7732.msp
+ 2010-03-17 20:05 . 2010-03-17 20:05 429568 c:\windows\Installer\b5e7626.msi
+ 2010-03-09 02:03 . 2010-03-09 02:03 302592 c:\windows\Installer\1ee495ed.msp
+ 2010-03-14 20:36 . 2010-03-14 20:36 103424 c:\windows\Installer\1ee49507.msi
+ 2010-03-17 19:44 . 2010-03-17 19:44 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2008-11-05 17:19 . 2010-03-17 20:16 176128 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2008-11-05 17:19 . 2009-03-24 16:24 176128 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-11-05 17:19 . 2010-03-17 20:16 135168 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-05 17:19 . 2009-03-24 16:24 135168 c:\windows\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-05 17:17 . 2008-12-28 18:04 147456 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-11-05 17:17 . 2010-03-17 20:16 147456 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2008-11-05 17:17 . 2008-12-28 18:04 135168 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-05 17:17 . 2010-03-17 20:16 135168 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.DD6CC3A9.6762.4279.A9EA.73BC8C734F59.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.DD6CC3A9.6762.4279.A9EA.73BC8C734F59.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.884A0563.2C9A.499E.8765.D5F66B6B71D5.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.884A0563.2C9A.499E.8765.D5F66B6B71D5.exe
+ 2009-11-06 14:39 . 2009-11-06 14:39 120408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPOMINT.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2010-03-17 20:22 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-03-17 20:22 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-03-17 20:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-03-17 20:22 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-03-17 20:22 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-03-17 20:22 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-03-17 20:22 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-03-17 20:22 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-03-17 20:22 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-03-17 20:06 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-03-17 20:06 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-03-17 20:06 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2008-11-11 21:20 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-12-11 16:41 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-02-10 17:16 . 2009-02-10 17:16 261632 c:\windows\assembly\temp\ZAQ3GT6JWB\System.Transactions.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 626688 c:\windows\assembly\temp\U3BIQY6EMU\System.Drawing.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 425984 c:\windows\assembly\temp\KS08GOW4CK\System.configuration.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 113664 c:\windows\assembly\temp\HT3DNX7HR1\System.EnterpriseServices.Wrapper.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 258048 c:\windows\assembly\temp\HT3DNX7HR1\System.EnterpriseServices.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 303104 c:\windows\assembly\temp\HPX4CKS08G\System.Runtime.Remoting.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 114688 c:\windows\assembly\temp\6JT3DNX7HR\System.ServiceProcess.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a771b476\System.Drawing.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e5907a34\System.Drawing.Design.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b69b0871\CustomMarshalers.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-03-17 22:06 . 2010-03-17 22:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 452608 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\6e77790c046264de703fce1632252a19\vjswfccw.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\f56c0624a96fb43d01aa30f6b50f84dc\VJSharpCodeProvider.ni.dll
+ 2010-03-17 22:06 . 2010-03-17 22:06 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-03-17 22:06 . 2010-03-17 22:06 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad38ebb07c0d5b5bbf15f8f3c11c6be\System.Messaging.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 250368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\6b73bd61cf54e258356314dedd7c7755\System.Management.Automation.resources.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-03-17 22:05 . 2010-03-17 22:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 584192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\3697ba6043ab9440265cb0841e765613\System.Data.SqlServerCe.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 333824 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbenchProject\2166884186a664287a75b0ee91fd5506\SqlWorkbenchProject.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-03-17 22:37 . 2010-03-17 22:37 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-03-17 22:33 . 2010-03-17 22:33 275456 c:\windows\assembly\NativeImages_v2.0.50727_32\ReportingServicesNa#\83839b2920f4f3afc29d5edc408b287c\ReportingServicesNativeClient.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 614912 c:\windows\assembly\NativeImages_v2.0.50727_32\pfutil90\cfcbe4084151275f71620c012aa38c27\pfutil90.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 904704 c:\windows\assembly\NativeImages_v2.0.50727_32\pfui90\7848126d515d5eba01a2028bf7099254\pfui90.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 905216 c:\windows\assembly\NativeImages_v2.0.50727_32\pfui90\394eae02ce323ed521de7f9f04318623\pfui90.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 775168 c:\windows\assembly\NativeImages_v2.0.50727_32\pfclnt90\6e1bfd862f985d66fa4fd2344c654343\pfclnt90.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorerRepli#\9abeeff7bc86f7a39d360f3070ff8e40\ObjectExplorerReplication.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 754176 c:\windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorerNotif#\ec997b292e16b15a88132869c5f8bca3\ObjectExplorerNotificationServices.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 895488 c:\windows\assembly\NativeImages_v2.0.50727_32\msvcm80\c5abab5bd723b76c7cb9219847c6f9dc\msvcm80.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 344064 c:\windows\assembly\NativeImages_v2.0.50727_32\MsDtsSrvr\66b08ebd2a4c4857668def4e772f2b12\MsDtsSrvr.ni.exe
+ 2010-03-17 22:33 . 2010-03-17 22:33 341504 c:\windows\assembly\NativeImages_v2.0.50727_32\msddsp\d0db338b5f85b30f748c1412e533c0a2\msddsp.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 592896 c:\windows\assembly\NativeImages_v2.0.50727_32\mscomctl\a875dd4d340500794b28144532adcf48\mscomctl.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-03-17 22:38 . 2010-03-17 22:38 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\333d4715b7c6e99d2cdba4a3edc65d51\Microsoft.WSMan.Management.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e647f643edb05199e66e13a7a3cc5b98\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dd2d58486e77be12736d1bae963b918d\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 267776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c0c8a8abd7e21f70c4d5c71cfea6fa3a\Microsoft.VisualStudio.vspConnectionInfo.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 281600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bd9b4da879e257d1c3657c6ff78517e8\Microsoft.VisualStudio.TextManager.Interop.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 529920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ae2d31e6067117a823e4e4de9fe8e98c\Microsoft.VisualStudio.vspGridControl.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a480bed56db83c9e7109fcecbeb8395c\Microsoft.VisualStudio.EnterpriseTools.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 331776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a21642c51204e835a4d1047a4daba10a\Microsoft.VisualStudio.vspSmoEnum.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 109056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\989ebab34d57f8ae4b424862a1741394\Microsoft.VisualStudio.vspRegSvrEnum.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 576512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\985a29d4216c97a3e0460d5a235fac05\Microsoft.VisualStudio.Shell.Interop.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 996352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\92309e24b10082fbb8a5c5b7af6ae17e\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 666112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\873db0c49206f0bedba9e238a30beb8b\Microsoft.VisualStudio.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 381952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5de17ccc7e44e70dd185349946917eee\Microsoft.VisualStudio.Data.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 821760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5709999a66e78894c75aec4e6a2d5077\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 609792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\55d8978391d69b06fd8fe5ee2d455512\Microsoft.VisualStudio.vspBatchParser.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5169c8fa3ecdf6742a1b96548c83224b\Microsoft.VisualStudio.Configuration.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 595968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\50a2835fc7855019f55e29d4d6d82ee3\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 450560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4c7de10dbfa467b4866fb009564b4d26\Microsoft.VisualStudio.Debugger.Interop.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 773632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2967ef7e9df7b735575dcf4bf9d34ffd\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 124416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1fb437ddb9321982444c2ca7bdb2e2f4\Microsoft.VisualStudio.TextManager.Interop.8.0.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0c305fe5a0fdd39a6f22804443ad7e3d\Microsoft.VisualStudio.Shell.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fed459fdec2b8aa8238bf00464a73b6e\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 234496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f61ed337fe4c0ac8c75bd588f76ef40b\Microsoft.SqlServer.TasksMigrationModules.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f33be00db33819155935cd3ea81e0d15\Microsoft.SqlServer.msxml6_interop.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f0a909c6f7e45cc919deefc0074edd5d\Microsoft.SqlServer.Exec80PackageTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dc28c3bc6b411472e8341c3f74ddc16b\Microsoft.SqlServer.TransferSqlServerObjectsTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 118272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dc0e47a4159c38d072106dddfa10eaa2\Microsoft.SqlServer.SQLTask.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 375296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da84f391341395d3bdb1613a3ac2bf04\Microsoft.SqlServer.DTSRuntimeWrap.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 584192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da2890b8bb2d86788dfa56d1aaca9667\Microsoft.SqlServerCe.Dts.Provider.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 165376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d76ab17298ff3582ab8767e41166fb1e\Microsoft.SqlServer.DataStorage.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 342016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d61698c5d468b49f51eae46bf4939661\Microsoft.SqlServer.SmoEnum.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 124928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d1999edcc9bf5a68552fdc0762388619\Microsoft.SqlServer.DTSPipelineWrap.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 529920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ce995aaf81fa2a5e929b18ab3f70d607\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 988160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c1e84da881bf679922bfaca18f942dd5\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 705536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bfed8ddfdc6411efdadc81fa8ccfa1d3\Microsoft.SqlServerCe.Client.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bdd8f7211381632820b9f0e0e466d47d\Microsoft.SqlServer.Dts80.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 658432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\adfe2a39b5491c8d2d06351f19470c5f\Microsoft.SqlServer.ManagedDTS.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 834560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a5392a71698c10e75d069168b6f8ec08\Microsoft.SqlServer.Management.MaintenancePlanWizard.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\977d7390ded2636ff5810a91c6f0a2b2\Microsoft.SqlServer.Setup.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\94821a760ced0730d9b9321cb164472c\Microsoft.SqlServer.ScriptTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\94181c672a00ff3c9b6b36e409f48fc8\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\923bb4eed49873ebbac9b19c958135dc\Microsoft.SqlServer.WizardFramework.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 434688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8ce9811e795c6aeb49995d62490d6002\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\80655da0b96f20009f08c04753026fa8\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7f944bc6816fd7ac6d815200e77d6970\Microsoft.SqlServer.BatchParser.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 104960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7945b94f26d89ef750d0b735b4370f09\Microsoft.SqlServer.BulkInsertTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 120320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\71ff72e2e27e67a969ca947cb72affab\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 137728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7109c6edf9fc2cf51e5cfb761fdcff1b\Microsoft.SqlServer.MSMQTask.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\70fb5837e60d3397ce7e4486c6ff5cea\Microsoft.SqlServer.SQLServerHelperUtil.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 471040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\694ae60ec80657675d2f1f56ffea91e3\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 305152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\60414f73745b4ea43c64a2be0d3f4c7d\Microsoft.SqlServer.TxScript.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 136192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5f18580733f305350ab60940c3169153\Microsoft.SqlServer.MgdSqlDumper.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 178688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\510331414a5fd83ef004f81b3640f269\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 329728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4d57a87993d98dd1da8e2793b2e4a67e\Microsoft.SqlServer.XMLTask.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\46c55dbd790cf6bf7908f66cb440cb06\Microsoft.SqlServer.DtsObjectExplorerUI.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 578560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3a1656aec9e976361678dce50a7605ff\Microsoft.SqlServer.SqlTools.VSIntegration.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 209408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\36949348c89d3e6f70acf28d47b1785e\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 121344 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3332060a7d140d2881caf4171a50b8d8\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 274944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\321e4138834a09e99d55d33e7299c8a1\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 196096 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2da116300a1ee906391c89307e8970e9\Microsoft.SqlServer.ActiveXScriptTaskUtil.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 433152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2c93926eb72b6c1c72f661bbaa4d52a6\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\23b19a85d512b2a625af37798f0afec7\Microsoft.SqlServer.BulkInsertTaskConnections.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 553984 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\074dbe2e6a34ff3be91e9579dbbabfa9\Microsoft.SqlServer.NotificationServices.Rules.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 138240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\dd21f6a72053951ec88a1264c48660fa\Microsoft.ReportViewer.ProcessingObjectModel.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 969216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\b727d1ea342527d9581692e6a07c52b6\Microsoft.ReportViewer.WinForms.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 464896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\f79d4aab888419a0db5cfcf38dcae185\Microsoft.ReportingServices.DataExtensions.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 700416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\8c685ffc29129c9283e0eb70ea8bd8a6\Microsoft.ReportingServices.Design.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c5009f514e6afe56fb257a81bf48ef25\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86affe3b4a1382114b533ccf7f5f560f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\861acb15092a21e516d387e7ee7815e6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4c3ba58468aeb0315c31705354357c99\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2529703d3e0d2f9fd06cc0230f2bda3f\Microsoft.PowerShell.Security.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\6baf27968b8e8b7ff927d9a64afac181\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 145408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MSXML\0b99a1cd6e77fd9f975885dad05ee24f\Microsoft.MSXML.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 556032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\cdf9abb19d0bd20c84c640d162cac3af\Microsoft.DatatransformationServices.DTSExecUI.Controls.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\ca3e1f33d40168c7ef48b93279d6f606\Microsoft.DataTransformationServices.VsIntegration.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 679424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Data.Conn#\8d8260b655261cf44f2523a7ccb6cded\Microsoft.Data.ConnectionUI.Dialog.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 461824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\7fb48a04f5141c28f1577394bdfc9775\Microsoft.CompactFramework.Design.WindowsCE.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\724885637a84e3175992d6bf37622e35\Microsoft.CompactFramework.Design.SmartPhone.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\031ee495edb58586ad810a6ec4b33cf2\Microsoft.CompactFramework.Design.PocketPC.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 102912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Vis#\9feb2dfb105da241cb1ee5ad4793e0e8\Microsoft.Build.VisualJSharp.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 523264 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\fadf16d261bdc265de3340f3427bd21f\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 310272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\d834fe3527f67e17d44e22f23486cf00\Microsoft.AnalysisServices.DeploymentEngine.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 147456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\bb6f5ed3ec85d2193d2ac56255d9731e\Microsoft.AnalysisServices.TimeDimGenerator.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\b4c9d7d68ff221229a99f0cc667dbbb6\Microsoft.AnalysisServices.OneClickCube.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 349696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\425ce70a30e5032170015709e94099d8\Microsoft.AnalysisServices.Graphing.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\060eb10cc1abe02dfa40d176c0f3c587\Microsoft.AnalysisServices.Commands.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 206336 c:\windows\assembly\NativeImages_v2.0.50727_32\MDXQueryGenerator\dcb354aa481887225dd0248a0bba396b\MDXQueryGenerator.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\814ef37fafb90473fab46ab41ea2041f\log4net.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\1d74e8d4e13720846d2da18c4796b8a8\log4net.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\b603c36e60b87178411f5debcf73ecd1\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a7afcee28721ed52eef06cdc540fbf77\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 169472 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.VisioGraph_#\8df5b3d5255d9f40124370ae7c281f76\Interop.VisioGraph_2_100.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 314880 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.ShDocVw\9ec882c5330fbb7018f2e64ff33d80f8\Interop.ShDocVw.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\f4e05dcc1d1b0bea600b19abfd7eceae\Infragistics2.Shared.v8.2.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\58cdf665e094ebc94f592f2b4b68737a\Infragistics2.Shared.v8.2.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\c23036e9cac4a74196c2720081ef62c2\EnvDTE80.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\f54e72cd0939fa7a16d912f067919299\EnvDTE.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 581632 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSMigrationWizard\24a5cb04837d5f04465749546cef2aa9\DTSMigrationWizard.ni.exe
+ 2010-03-17 22:31 . 2010-03-17 22:31 702464 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSInstall\88e523c4f1ce78a1e652aeabff896925\DTSInstall.ni.exe
+ 2010-03-17 22:32 . 2010-03-17 22:32 688128 c:\windows\assembly\NativeImages_v2.0.50727_32\DTAClient\fde25d5d4c309ce963d0b40ab05de8b5\DTAClient.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 688128 c:\windows\assembly\NativeImages_v2.0.50727_32\DTAClient\3243a53ec2c2c54c9b07a9d392912f97\DTAClient.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\DTA\f934b50dbbc206a0ac448a9ceb9e4a56\DTA.ni.exe
+ 2010-03-17 22:35 . 2010-03-17 22:35 451584 c:\windows\assembly\NativeImages_v2.0.50727_32\DBMirroring\5c0b20590646a79b0e2e431ccca59f10\DBMirroring.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 808960 c:\windows\assembly\NativeImages_v2.0.50727_32\DBMaintenanceProper#\9ff37bbfb9257f22f9e936f6506b275f\DBMaintenanceProperties.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\DBMaintenancePlanHi#\3f5b3e18c7d977af314a3d8989bfd3e9\DBMaintenancePlanHistory.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 882176 c:\windows\assembly\NativeImages_v2.0.50727_32\DatabaseMailWizard\02cb513df2e640fdc196618716f0df27\DatabaseMailWizard.ni.exe
+ 2010-03-17 22:37 . 2010-03-17 22:37 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 948224 c:\windows\assembly\NativeImages_v2.0.50727_32\CopyDatabaseWizard\4ef303152ddca89f70c2a1cdd0dc4ff7\CopyDatabaseWizard.ni.exe
+ 2010-03-17 22:37 . 2010-03-17 22:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-03-17 22:30 . 2010-03-17 22:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 265728 c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\a615a5e865eb03456b783b091678842a\ADODB.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 453632 c:\windows\assembly\NativeImages_v2.0.50727_32\ActivityMonitor\956e2da35b501858157bd09b91fc3906\ActivityMonitor.ni.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 174080 c:\windows\assembly\GAC_MSIL\System.Data.SQLite.Linq\2.0.38.0__db937bc2d44ff139\System.Data.SQLite.Linq.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 403456 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 108544 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 471040 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 221184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter.XmlSerializers\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.XmlSerializers.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 208896 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 116736 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 176128 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 397312 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 356640 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 419616 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 270112 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 206112 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2010-03-14 20:34 . 2010-03-14 20:35 120096 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2010-03-14 20:34 . 2010-03-14 20:34 121632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-03-14 20:35 . 2010-03-14 20:35 854016 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.DLL
- 2009-02-10 17:16 . 2009-02-10 17:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-03-17 20:11 . 2010-03-17 20:11 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2004-08-11 22:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-03-17 20:07 . 2009-06-17 23:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2010-03-17 20:07 . 2009-06-17 23:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2009-11-06 14:32 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 04:03 . 2009-07-21 04:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-10-09 21:23 . 2009-10-09 21:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2004-08-11 22:00 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-11 22:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-11 22:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-11 22:00 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-08-11 22:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
- 2004-08-11 22:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-11 22:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2007-05-15 20:43 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 04:05 . 2009-07-21 04:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-11 22:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-11 22:11 . 2009-10-19 18:06 2689024 c:\windows\system32\mstscax.dll
+ 2004-08-11 22:11 . 2009-10-19 18:06 1033728 c:\windows\system32\mstsc.exe
+ 2004-08-11 22:00 . 2009-12-21 19:14 5942784 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:34 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\system32\FM20.DLL
- 2004-08-11 22:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-11 22:00 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-11-05 14:14 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2008-09-24 03:37 . 2009-12-21 19:14 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-11-06 14:32 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-09-24 03:42 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-11-05 14:14 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-11-05 14:14 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-11-05 14:14 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-11-05 14:14 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-11-05 14:14 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-11-05 14:14 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-05 14:14 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-05 15:07 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-11 21:20 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 2689024 c:\windows\system32\dllcache\mstscax.dll
+ 2009-10-19 18:06 . 2009-10-19 18:06 1033728 c:\windows\system32\dllcache\mstsc.exe
+ 2008-09-24 03:37 . 2009-12-21 19:14 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-07 14:16 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-03-19 17:46 . 2010-03-19 17:46 1683456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\eb15243e\008e5bbc_d726c801\dundaswebchart.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 1683456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\eb15243e\008e5bbc_d726c801\dundaswebchart.DLL
- 2009-09-02 13:08 . 2009-09-02 13:08 1167360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\19399e62\00ea5037_c62ac801\AjaxControlToolkit.DLL
+ 2010-03-19 17:46 . 2010-03-19 17:46 1167360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\star\29460c2f\1214582f\assembly\dl3\19399e62\00ea5037_c62ac801\AjaxControlToolkit.DLL
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-20 09:02 . 2009-08-20 09:02 5204992 c:\windows\Installer\b5e7721.msp
+ 2009-08-18 16:58 . 2009-08-18 16:58 8301056 c:\windows\Installer\b5e7714.msp
+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\b5e76fa.msp
+ 2010-01-15 01:26 . 2010-01-15 01:26 5027840 c:\windows\Installer\b5e76df.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\b5e76b0.msp
+ 2009-08-18 16:57 . 2009-08-18 16:57 9122304 c:\windows\Installer\b5e76a8.msp
+ 2009-10-16 11:09 . 2009-10-16 11:09 2518016 c:\windows\Installer\b5e768e.msp
+ 2009-09-29 13:08 . 2009-09-29 13:08 6747648 c:\windows\Installer\b5e766d.msp
+ 2009-07-23 19:36 . 2009-07-23 19:36 7497216 c:\windows\Installer\b5e7663.msp
+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\b5e763e.msp
+ 2010-03-17 19:44 . 2010-03-17 19:44 4192256 c:\windows\Installer\b4938cf.msi
+ 2010-03-09 02:02 . 2010-03-09 02:02 3228160 c:\windows\Installer\1ee495e3.msp
+ 2010-03-09 02:00 . 2010-03-09 02:00 3059200 c:\windows\Installer\1ee495a5.msp
+ 2010-03-14 20:35 . 2010-03-14 20:35 3203072 c:\windows\Installer\1ee494f9.msi
+ 2009-10-27 20:43 . 2010-03-17 20:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.D850DF0F.A510.4A69.8317.7DA6A34179BC.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\Icon.D850DF0F.A510.4A69.8317.7DA6A34179BC.exe
- 2009-10-27 20:43 . 2009-11-06 14:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-27 20:43 . 2010-03-17 20:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-14 20:38 . 2010-03-14 20:38 1959232 c:\windows\Installer\{38975F50-EAA2-012B-ADB4-000000000000}\TurboTax.exe
+ 2007-08-24 12:10 . 2007-08-24 12:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-24 12:10 . 2007-08-24 12:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-10-06 01:31 . 2007-10-06 01:31 5287984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-23 06:03 . 2007-08-23 06:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2010-03-17 20:22 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-03-17 20:22 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-03-17 20:22 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2008-11-05 14:14 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-11-05 14:14 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-11-05 14:14 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-11-05 14:14 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-11-05 14:14 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-11-05 14:14 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-11-05 14:14 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-10 17:16 . 2009-02-10 17:16 5025792 c:\windows\assembly\temp\W8IT3DT6JW\System.Windows.Forms.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 3149824 c:\windows\assembly\temp\GPX5DLT19H\System.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 2933248 c:\windows\assembly\temp\4DLT19HPX5\System.Data.dll
+ 2009-02-10 17:16 . 2009-02-10 17:16 2048000 c:\windows\assembly\temp\3FPZ9JT3DN\System.XML.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f2c5a741\System.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_77971b21\System.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ea45bc7e\System.Xml.dll
+ 2010-03-17 20:10 . 2010-03-17 20:10 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_cd5140fa\System.Xml.dll
+ 2010-03-17 20:10 . 2010-03-17 20:10 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_672d5683\System.Windows.Forms.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3fe220ef\System.Windows.Forms.dll
+ 2010-03-17 20:10 . 2010-03-17 20:10 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7175ab17\System.Drawing.dll
+ 2010-03-17 20:10 . 2010-03-17 20:10 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9ad948c7\System.Design.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7ee62d1b\System.Design.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c56ce3cb\mscorlib.dll
+ 2010-03-17 20:10 . 2010-03-17 20:10 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_466bc6e6\mscorlib.dll
+ 2010-03-17 20:22 . 2010-03-17 20:22 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 3262976 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\216ca98a4efca342e522d957dd2653b6\vjswfchtml.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 7011328 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\0c8826e751ea73415a3b592e7ddac29d\vjswfc.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 2559488 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\da6b517467c4be642f06b679f70dac42\VJSSupUILib.ni.dll
+ 2010-03-17 22:40 . 2010-03-17 22:40 7982592 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\1c7f0f95670f0397ffe5c1874fb6af3e\vjslib.ni.dll
+ 2010-03-17 22:06 . 2010-03-17 22:06 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 4161024 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\f4b599a85606920b4c0db131a633b7b8\ttax.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 4160000 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\a8f7de1d939d55a6a2734265e7759ac0\ttax.ni.dll
+ 2010-03-17 20:22 . 2010-03-17 20:22 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-03-17 22:06 . 2010-03-17 22:06 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 1144320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\06bf4b31d123c5f02c45a8d9067982d1\System.Web.Extensions.ni.dll
+ 2010-03-17 22:05 . 2010-03-17 22:05 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-03-17 22:05 . 2010-03-17 22:05 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4fddbe9c2ff96b543a624459cad647b6\System.Management.Automation.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-03-17 22:05 . 2010-03-17 22:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-03-17 22:30 . 2010-03-17 22:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-03-17 22:39 . 2010-03-17 22:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 5298176 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlMgmt\798053be50e9a80a671da9606502b517\SqlMgmt.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 2200576 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLEditors\f7b062e3b8ebeabf1fd2168cd6fbc898\SQLEditors.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-03-17 22:04 . 2010-03-17 22:04 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-03-17 20:22 . 2010-03-17 20:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 3472384 c:\windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorer\52b2ac855003e9552c0815f979931ac1\ObjectExplorer.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 2982912 c:\windows\assembly\NativeImages_v2.0.50727_32\msmgdsrv\a9831ca5f7f16c94bdb21b2277076a85\msmgdsrv.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 1916416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e5fec333d3961b6767d2be029fbae7b7\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 2805248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\da75a4adc1d9a6b9959873eaca18ee0e\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 2139648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d28b95b385ffec25a8d6168d95cae583\Microsoft.VisualStudio.Modeling.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 3940864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bedb9d2dc1a840654d44c9cd1dfd94bf\Microsoft.VisualStudio.Editors.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 3863552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b980fdf68d07f5cd95d5a8fd9a8bfbac\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 1725952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ade8541e1cf9660a7357498848e3c75a\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 2155008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ac146618bdf5353cbfb211fe1501c8a4\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 1120256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\95cf1a3aa46be61131012600a4f63a07\Microsoft.VisualStudio.Design.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 1191936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\82d74794d4e0d95874e2454e3eda9060\Microsoft.VisualStudio.vspSqlEnum.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 1714688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\824c10598b39228ed62cea02833aa50b\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 4203520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\48262af349741bc19518c55e7496c9fa\Microsoft.VisualStudio.vspSmo.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 4346368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\19b6fd2a57f2a27c3168e839cd928f96\Microsoft.VisualStudio.DataTools.ni.dll
+ 2010-03-17 22:38 . 2010-03-17 22:38 1046528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\033734bb3020611bb37771f890d24695\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e169b6b15a8f9a2cd885f92f026f4aa0\Microsoft.SqlServer.MaintenancePlanTasksUI.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 4550144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d510db979c7c688960f8c6d45766668c\Microsoft.SqlServer.NotificationServices.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 3136512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\96cdf10cd1ddd3c35a3c6b7ec9669121\Microsoft.SqlServer.Replication.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 1240064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\79b3c552f85b6dda525ff8ae400b8705\Microsoft.SqlServer.Rmo.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1010176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\58e6ecc4ded724250114efe63221e838\Microsoft.SqlServer.MaintenancePlanTasksUI.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 4212736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\500a7f8b88da2b20cbf49c47d92c6677\Microsoft.SqlServer.Smo.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 1209344 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0e77d68507d7bbb197fdc4752901aa5e\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 9927168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\03f9c446a194f6d50372dcea46a9a6be\Microsoft.ReportViewer.Common.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 1378304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\f09be4ceb09a8748a654d7d4a6ca8419\Microsoft.ReportingServices.Diagnostics.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 2130944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\b83a70fba5d759194fc7ec20614ebb01\Microsoft.ReportingServices.Modeling.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 1653760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\7f750c9ee68d6401c17c6a7cc3f37694\Microsoft.ReportingServices.QueryDesigners.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 1415680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\555136d8f7cd726903a01e4d4c4944cf\Microsoft.ReportingServices.QueryDesigners.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 2580480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\3c88e686572ec39b76731f6302dd4757\Microsoft.ReportingServices.SemanticQueryDesign.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 1393664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\347f07862b6222a89bb6169ec6342c27\Microsoft.ReportingServices.Diagnostics.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 3722240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d7580a8595db77e165a51e2c1add4720\Microsoft.PowerShell.Editor.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d38b060a0a380c671c5e45c31905d2f0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\74362bea6bc8a906a45d74c393969423\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 1068544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\95ab9029fdff820c6bcde5a2b8f1df99\Microsoft.Office.Interop.Owc11.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 2846208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\723821cc21a44cccda16dfa912482e27\Microsoft.DataWarehouse.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 2868224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\6811e30f6650f456e0e672e226cc3647\Microsoft.DataWarehouse.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 1536000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\47510654efffae92fa341941bd9972dc\Microsoft.DataWarehouse.VsIntegration.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 1779712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\f4ea9c1d400c4a1424330e190544cacc\Microsoft.DatatransformationServices.DataFlowUI.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 7019520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\e062faf5fa9653c4713325dddb52f1dd\Microsoft.DataTransformationServices.Design.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 1574912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\5e0e207500448b606546776121e333e1\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 1199616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\196c1201ceeda1b8f1c679c303bb0f9b\Microsoft.DataTransformationServices.Wizards.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 1863680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\8bcccc35e35a14ba2350ac0c781c86b1\Microsoft.CompactFramework.Design.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 1937408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\f662b461de61469c3521d540d9b2dd5c\Microsoft.AnalysisServices.Viewers.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\eb0887df91fd2d6c848952c0a3d1638c\Microsoft.AnalysisServices.Browse.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 2737664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\e49ee53ff574b31731247ee28c72545f\Microsoft.AnalysisServices.Project.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 5793792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\c9264b5acf1c87a7c7dfc67ecbf54b17\Microsoft.AnalysisServices.Controls.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 5793792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\bba645456b682d99a7573bf737006e5a\Microsoft.AnalysisServices.Controls.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 2920448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\749ea2c0a4f929f10b2bf7f3e53f24c6\Microsoft.AnalysisServices.ManagementDialogs.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 2744832 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\40cbd3c14a7c31c34290d1528c67c42a\Microsoft.AnalysisServices.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 1378304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\3901f5e6d427034614cbef9b47485daf\Microsoft.AnalysisServices.AdomdClient.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\6b2a523cd9305e334c5dc943ec97c42f\Intuit.Ctg.Map.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\2c72be884fffce58defad55d8d391a51\Intuit.Ctg.Map.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\eabdfb292cb60a036c467c9eb40fffb9\Infragistics2.Win.Misc.v8.2.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\e2de66b50ed4b905adb6fb7bdade2a1d\Infragistics2.Win.Misc.v8.2.ni.dll
+ 2010-03-17 22:32 . 2010-03-17 22:32 1135616 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSWizard\aca395273435a2ac52bb1315c4bc1778\DTSWizard.ni.exe
+ 2010-03-17 22:33 . 2010-03-17 22:33 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\DTAShell\36e27141681f4ebc6c8bcf6ffeaf38f6\DTAShell.ni.exe
+ 2010-03-17 22:33 . 2010-03-17 22:33 1554432 c:\windows\assembly\NativeImages_v2.0.50727_32\ConnectionDlg\62ca31c84ceca3133200990cd6600dad\ConnectionDlg.ni.dll
+ 2010-03-17 22:33 . 2010-03-17 22:33 8156672 c:\windows\assembly\NativeImages_v2.0.50727_32\AppIDPackage\0b2e6e85b49e4c516362e3cebd95078c\AppIDPackage.ni.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-03-17 20:07 . 2010-03-17 20:07 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-17 20:20 . 2010-03-17 20:20 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-03-17 20:21 . 2010-03-17 20:21 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-02-10 17:16 . 2009-02-10 17:16 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-10-28 13:36 . 2008-10-28 13:36 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-03-17 20:09 . 2010-03-17 20:09 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-10-28 13:36 . 2008-10-28 13:36 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-08-13 22:54 . 2009-12-21 19:14 11070464 c:\windows\system32\ieframe.dll
+ 2008-10-07 14:16 . 2009-12-21 19:14 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\b5e7756.msp
+ 2009-08-18 17:19 . 2009-08-18 17:19 10098688 c:\windows\Installer\b5e774d.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\b5e7655.msp
+ 2009-08-18 16:50 . 2009-08-18 16:50 12022272 c:\windows\Installer\b5e761d.msp
+ 2010-03-17 20:22 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2010-03-17 22:06 . 2010-03-17 22:06 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-03-17 22:31 . 2010-03-17 22:31 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-03-17 22:36 . 2010-03-17 22:36 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-03-17 22:05 . 2010-03-17 22:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-03-17 22:35 . 2010-03-17 22:35 10560000 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlManagerUI\92928442349a2b063977091144ebb3c2\SqlManagerUI.ni.dll
+ 2010-03-17 22:03 . 2010-03-17 22:03 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-03-17 20:22 . 2010-03-17 20:22 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-03-17 20:22 . 2010-03-17 20:22 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2010-03-17 22:34 . 2010-03-17 22:34 10539008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\e60e8b80fbcbec5c3e1b3b4fe12c83b3\Microsoft.AnalysisServices.Design.ni.dll
+ 2010-03-14 20:37 . 2010-03-14 20:37 10334208 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\8a96293481303eec4b5252f49609f945\Infragistics2.Win.v8.2.ni.dll
+ 2010-03-17 22:37 . 2010-03-17 22:37 10334208 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\1311ffc3990d4c1fa02e9a7096fb0fb9\Infragistics2.Win.v8.2.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@BackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2008-12-04 611768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-27 115560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk.disabled [2009-5-27 2447]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 16:01 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1027974840-963139602-2724130292-1273\Scripts\Logoff\0\0]
"Script"=logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1027974840-963139602-2724130292-1273\Scripts\Logon\0\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1027974840-963139602-2724130292-1273\Scripts\Logon\1\0]
"Script"=mapdrive_all.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 15:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 NEOFLTR_550_12857;Juniper Networks TDI Filter Driver (NEOFLTR_550_12857);c:\windows\system32\drivers\NEOFLTR_550_12857.sys [3/11/2008 12:07 AM 64144]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [1/6/2009 1:04 PM 86552]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 4:45 AM 199384]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/27/2009 4:18 PM 102448]
S2 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/27/2009 11:32 AM 23888]
S3 DCUParse71;STAR DCU Parse 7.2;c:\program files\Hexagram\Star 7\Services\DCU Parse 7\DCUParse7.exe [10/10/2008 12:58 PM 139264]
S3 DQ;DQ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DQ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DQ.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\65.tmp --> c:\windows\system32\65.tmp [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/1/2009 12:11 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/1/2009 12:11 PM 8320]
S3 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [9/1/2009 12:11 PM 91392]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/1/2009 9:43 AM 23936]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [11/17/2008 12:39 PM 58240]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [1/6/2009 1:03 PM 24876]
S3 Star_Routing;STAR Routing;c:\program files\Hexagram\Star 7\Services\Routing\RoutingService.exe [1/15/2009 3:57 PM 11264]
S3 STARAlarm;STAR Alarm Monitoring Service;c:\program files\Hexagram\Star 7\Services\Star Alarm Processor 7\StarAlarmProcessor.exe [12/5/2007 4:11 PM 36864]
S3 STARRouting;STAR Routing 7.1;"c:\program files\Hexagram\Star 7\Services\Star Routing and Redundancy\StarRouting.exe" --> c:\program files\Hexagram\Star 7\Services\Star Routing and Redundancy\StarRouting.exe [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 8:01 AM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aclaratech.com\mail
Trusted Zone: box.net\www
Trusted Zone: citizensbankonline.com\www2
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\MSCHAE~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\65.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1468)
c:\program files\Juniper Networks\Secure Application Manager\samnsp.dll
.
Completion time: 2010-03-23 11:33:47
ComboFix-quarantined-files.txt 2010-03-23 15:33
ComboFix2.txt 2010-03-07 02:49
ComboFix3.txt 2009-10-15 18:30

Pre-Run: 97,403,535,360 bytes free
Post-Run: 97,682,677,760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 711F41AAC749EF1B1C3E78DA61EFBD23
Upload was successful



#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:56 AM

Posted 23 March 2010 - 03:01 PM

Hi there smile.gif

syler has computer problems, so I will work with you now smile.gif

I will review the thread now, in the meantime, please let me know how your system is running and do the following.

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 mark_pgh

mark_pgh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 24 March 2010 - 08:39 AM

Hi schrauber-

The PC seems to be running fine. Only odd thing yet is that I can not log on in safe mode using my login ID. I can get in using admin logon, however. (I get a window saying "Windows is unable to log on" or similar.

OTL did not seem to create an "extra.txt" file as you mentioned..I scanned the entire hard drive for it and found nothing, sorry.

logs below,

thanks!!

----------------
OTL logfile created on: 3/24/2010 9:22:42 AM - Run 8
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mschaefer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 90.79 Gb Free Space | 60.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3904.12 Gb Total Space | 2320.68 Gb Free Space | 59.44% Space Free | Partition Type: NTFS

Computer Name: MSCHAEFER02
Current User Name: mschaefer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mschaefer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
PRC - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\IPSecLog.exe ()
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\mschaefer\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (STARRouting) -- File not found
SRV - (SPBBCSvc) -- File not found
SRV - (SavRoam) -- File not found
SRV - (DQ) -- File not found
SRV - (DefWatch) -- File not found
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Star_Routing) -- c:\program files\hexagram\star 7\services\routing\routingservice.exe (Aclara RF)
SRV - (DCUParse71) -- C:\Program Files\Hexagram\Star 7\Services\DCU Parse 7\DCUParse7.exe (Aclara RF Systems)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (STARAlarm) -- C:\Program Files\Hexagram\Star 7\Services\Star Alarm Processor 7\StarAlarmProcessor.exe (Hexagram, Inc)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MsDtsServer) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (msftesql) SQL Server FullText Search (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080924
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080924

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.2.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2009/08/31 10:44:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 11:42:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/17 15:44:01 | 000,000,000 | ---D | M]

[2009/08/31 11:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Extensions
[2010/03/15 11:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\extensions
[2009/08/31 11:05:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/31 11:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\extensions\firebug@software.joehewitt.com
[2009/08/31 11:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/26 16:17:45 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/03/07 12:27:08 | 000,379,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.moonrider.ru
O1 - Hosts: 127.0.0.1 *.ru
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13104 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKCU\..Trusted Domains: aclaratech.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: box.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: citizensbankonline.com ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238971225436 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aclaratech.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.254 10.10.1.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rf.aclaratech.com
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mschaefer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mschaefer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/23 12:20:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/23 12:08:11 | 000,000,000 | ---D | C] -- C:\Simulation
[2010/03/23 11:24:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/23 11:23:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/17 16:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/03/17 16:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/03/17 16:07:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/03/17 16:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/17 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/03/15 08:58:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/14 16:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\IsolatedStorage
[2010/03/06 11:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/05 10:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/04 21:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/10/27 14:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/27 14:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/27 14:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/12 15:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/24 09:20:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mschaefer\Desktop\OTL.exe
[2010/03/24 09:02:03 | 000,122,167 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/23 11:33:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/23 11:31:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 11:24:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/23 11:18:39 | 003,898,184 | R--- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Combo-Fix.exe
[2010/03/22 16:08:47 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\VPN Client (2).lnk
[2010/03/22 14:34:33 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\mschaefer\NTUSER.DAT
[2010/03/19 08:36:38 | 000,707,100 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 08:36:38 | 000,576,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 08:36:38 | 000,115,948 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 08:33:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/19 08:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 08:30:41 | 3755,962,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 14:18:41 | 014,525,558 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Misc-selected.zip
[2010/03/17 17:40:11 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/17 16:22:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/17 15:44:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/03/16 18:11:47 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/03/15 08:57:55 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\RSIT.exe
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/23 11:24:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/23 11:24:45 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/18 14:18:41 | 014,525,558 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\Misc-selected.zip
[2010/03/17 18:01:52 | 3755,962,368 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/17 15:44:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/03/15 10:05:50 | 003,095,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/15 08:57:50 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\RSIT.exe
[2010/03/14 16:35:03 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2009/07/28 14:52:25 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/07/20 15:18:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/28 12:33:52 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 10:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/11/17 20:56:45 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\fusioncache.dat
[2008/11/11 11:49:55 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/11/06 15:53:45 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/11/06 15:53:45 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/11/06 15:53:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/11/06 15:53:34 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/11/06 15:53:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/11/05 10:37:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\WavXMapDrive.bat
[2008/10/10 10:48:43 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/24 00:06:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/24 00:03:31 | 000,000,835 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/23 23:58:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/23 23:58:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/23 23:23:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/23 23:23:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/23 23:23:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/23 23:23:13 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/23 23:21:41 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2009/08/01 09:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e
[2009/10/26 16:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/04/01 15:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2008/11/06 16:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/01/12 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/01/13 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Bullzip
[2010/02/09 15:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\CoreFTP
[2009/06/02 11:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\EPSON
[2008/12/08 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Ethereal
[2008/11/12 11:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\ICAClient
[2009/08/05 23:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\ImgBurn
[2009/09/01 13:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Juniper Networks
[2008/11/11 18:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mael
[2009/12/01 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mp3tag
[2009/10/26 16:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\MyHeritage
[2008/11/11 18:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Notepad++
[2010/02/12 16:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Online Backup
[2010/01/19 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Smith Micro
[2008/12/07 14:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Wave Systems Corp
[2009/12/09 16:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\webex
[2010/03/18 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\ZipGenius

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/06 15:21:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/06 15:21:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/06 15:21:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/06 15:21:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/09/03 14:17:20 | 000,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\SP2QFE\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}] -> \Device\__max++>\^ -> Mount Point
< End of report >
--------



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:56 AM

Posted 25 March 2010 - 01:09 PM

Hi,

Download and run Win32kDiag:
  1. Download Win32kDiag from any of the following locations and save it to your Desktop.
  2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.




We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 mark_pgh

mark_pgh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 26 March 2010 - 08:31 AM

Hi schrauber-

Logs below

thanks!
-------
Running from: C:\Documents and Settings\mschaefer\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\mschaefer\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^



Finished!

----------------


Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}: MOUNT POINT
Substitute Name: \Device\__max++>\^

...

...

...

...

\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.0.335.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.0.335.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605

..

...

...

...

...

...

...

...

...

...

...

...

...



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:56 AM

Posted 26 March 2010 - 12:35 PM

Hi,


We need to run the tool win32kdiag.exe again, with the following command to fix some malware related changes.
Please make sure that a copy of win32kdiag.exe is located on your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.





We need to reset the permissions altered by the malware on some files.

* Download this tool and save it to your Desktop: <-- Important

Inherit.exe

* Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:

"%userprofile%\desktop\inherit" "c:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine"
"%userprofile%\desktop\inherit" "c:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp"


* If you get a security warning select Run.
* You will get a "Finish" popup. Click OK.
* Do the same for the rest of the lines until you have run all the above commands one by one.




Please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles. How is the system running?


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 mark_pgh

mark_pgh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 28 March 2010 - 02:21 PM

Hi schrauber-

Requested logfiles below. The system seems to be running fine..although I haven't tried the safe mode boot recently. Will check that and let you know.

thanks for your help! And to syler as well!

-----------------

Running from: C:\Documents and Settings\mschaefer\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\mschaefer\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}



Finished!

----------------
OTL logfile created on: 3/28/2010 3:13:28 PM - Run 9
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mschaefer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 94.38 Gb Free Space | 63.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSCHAEFER02
Current User Name: mschaefer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mschaefer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe (Secure Backup and Share)
PRC - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe (Secure Backup and Share)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
PRC - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\mschaefer\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (STARRouting) -- File not found
SRV - (SPBBCSvc) -- File not found
SRV - (SavRoam) -- File not found
SRV - (DQ) -- File not found
SRV - (DefWatch) -- File not found
SRV - (ComcastSecureBackupSharebackup) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe (Secure Backup and Share)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Star_Routing) -- c:\program files\hexagram\star 7\services\routing\routingservice.exe (Aclara RF)
SRV - (DCUParse71) -- C:\Program Files\Hexagram\Star 7\Services\DCU Parse 7\DCUParse7.exe (Aclara RF Systems)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (STARAlarm) -- C:\Program Files\Hexagram\Star 7\Services\Star Alarm Processor 7\StarAlarmProcessor.exe (Hexagram, Inc)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MsDtsServer) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (msftesql) SQL Server FullText Search (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100313.021\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100313.021\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ComcastSecureBackupShareFilter) -- C:\WINDOWS\system32\drivers\ComcastSecureBackupShare.sys (Mozy, Inc.)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.)
DRV - (NEOFLTR_550_12857) Juniper Networks TDI Filter Driver (NEOFLTR_550_12857) -- C:\WINDOWS\system32\drivers\NEOFLTR_550_12857.sys (Juniper Networks)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (AW_HOST) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys (Symantec Corporation)
DRV - (awlegacy) -- C:\WINDOWS\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - (Gernuwa) -- C:\WINDOWS\system32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080924
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080924

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.2.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2009/08/31 10:44:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 11:42:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/17 15:44:01 | 000,000,000 | ---D | M]

[2009/08/31 11:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Extensions
[2010/03/15 11:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\extensions
[2009/08/31 11:05:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/31 11:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mschaefer\Application Data\Mozilla\Firefox\Profiles\3d69tb7z.default\extensions\firebug@software.joehewitt.com
[2009/08/31 11:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/26 16:17:45 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/03/07 12:27:08 | 000,379,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.moonrider.ru
O1 - Hosts: 127.0.0.1 *.ru
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13104 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk = C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe (Secure Backup and Share)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKCU\..Trusted Domains: aclaratech.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: box.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: citizensbankonline.com ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238971225436 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aclaratech.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.77.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rf.aclaratech.com
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mschaefer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mschaefer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b0c13af4-336b-11df-b891-0021707b791d}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c13af4-336b-11df-b891-0021707b791d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0c13af4-336b-11df-b891-0021707b791d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{b0c13afa-336b-11df-b891-0021707b791d}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c13afa-336b-11df-b891-0021707b791d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0c13afa-336b-11df-b891-0021707b791d}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/26 14:22:25 | 001,514,728 | ---- | C] (tzuk) -- C:\Documents and Settings\mschaefer\Desktop\SandboxieInstall.exe
[2010/03/26 11:09:01 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\ComcastSecureBackupShare.sys
[2010/03/26 11:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\SecureBackupShare
[2010/03/26 11:04:02 | 007,324,296 | ---- | C] (Secure Backup and Share) -- C:\Documents and Settings\mschaefer\Desktop\ComcastSecureBackupShare-1_16_4_0_9462.exe
[2010/03/26 09:27:19 | 000,095,616 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2010/03/25 15:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/03/25 15:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/03/25 15:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2010/03/25 15:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\Downloaded Installations
[2010/03/25 15:09:45 | 040,975,536 | ---- | C] (Smith Micro Software, Inc.) -- C:\Documents and Settings\mschaefer\Desktop\VZAM_7.2.8_2466a_Novatel_USB760.exe
[2010/03/25 14:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mschaefer\Application Data\Verizon Wireless
[2010/03/25 14:22:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/25 14:22:18 | 000,090,112 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\pxfhwmcp64.dll
[2010/03/23 12:20:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/23 12:08:11 | 000,000,000 | ---D | C] -- C:\Simulation
[2010/03/23 11:24:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/23 11:23:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/17 16:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/03/17 16:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/03/17 16:07:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/03/17 16:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/17 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/03/15 08:58:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/14 16:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\IsolatedStorage
[2010/03/09 12:50:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/03/09 12:50:03 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/03/09 12:43:15 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/03/09 12:43:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/03/09 12:43:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/03/09 12:43:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2010/03/09 12:43:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2010/03/09 12:43:00 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/03/07 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mschaefer\My Documents\RegRun2
[2010/03/07 11:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/03/07 01:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/03/06 11:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/05 10:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/04 21:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/10/27 14:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/27 14:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/27 14:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/12 15:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/28 15:11:39 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Inherit.exe
[2010/03/28 12:11:22 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Remote Desktop Connection.lnk
[2010/03/28 12:10:43 | 000,327,521 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\snakeoil_supplements_956.png
[2010/03/28 00:02:55 | 000,004,774 | ---- | M] () -- C:\WINDOWS\ComcastSecureBackupShare.blk
[2010/03/28 00:02:55 | 000,000,686 | ---- | M] () -- C:\WINDOWS\ComcastSecureBackupShare.flt
[2010/03/26 14:33:06 | 000,001,256 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/03/26 14:22:49 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Sandboxed Web Browser.lnk
[2010/03/26 14:22:28 | 001,514,728 | ---- | M] (tzuk) -- C:\Documents and Settings\mschaefer\Desktop\SandboxieInstall.exe
[2010/03/26 11:09:04 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk
[2010/03/26 11:04:02 | 007,324,296 | ---- | M] (Secure Backup and Share) -- C:\Documents and Settings\mschaefer\Desktop\ComcastSecureBackupShare-1_16_4_0_9462.exe
[2010/03/26 09:23:33 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Win32kDiag.exe
[2010/03/25 15:12:41 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/03/25 15:12:38 | 000,576,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/25 15:12:38 | 000,115,948 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/25 15:12:37 | 000,707,100 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/25 15:09:47 | 040,975,536 | ---- | M] (Smith Micro Software, Inc.) -- C:\Documents and Settings\mschaefer\Desktop\VZAM_7.2.8_2466a_Novatel_USB760.exe
[2010/03/25 14:55:25 | 000,122,167 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/25 14:55:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/25 14:39:26 | 000,007,591 | ---- | M] () -- C:\Documents and Settings\mschaefer\DModem_Trace.trc
[2010/03/25 09:40:19 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\mschaefer\NTUSER.DAT
[2010/03/24 09:20:56 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mschaefer\Desktop\OTL.exe
[2010/03/23 11:33:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/23 11:31:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 11:24:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/23 11:18:39 | 003,898,184 | R--- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Combo-Fix.exe
[2010/03/22 16:08:47 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\VPN Client (2).lnk
[2010/03/19 08:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 08:30:41 | 3755,962,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 14:18:41 | 014,525,558 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\Misc-selected.zip
[2010/03/17 17:40:11 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/17 16:22:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/17 15:44:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/03/16 18:11:47 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/03/15 08:57:55 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\RSIT.exe
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/09 11:34:21 | 000,162,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/03/08 11:41:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/08 11:41:18 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/03/08 11:41:18 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/03/07 12:27:08 | 000,379,605 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/07 01:45:36 | 001,339,288 | ---- | M] () -- C:\Documents and Settings\mschaefer\Desktop\sar_15_sfx.exe
[2010/03/06 22:44:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100307-112220.backup
[2010/03/05 11:57:58 | 059,088,896 | ---- | M] () -- C:\WINDOWS\System32\DZKWXUQ
[2010/03/04 18:35:10 | 000,122,167 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 15:11:38 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\Inherit.exe
[2010/03/28 12:11:14 | 000,327,521 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\snakeoil_supplements_956.png
[2010/03/26 14:23:06 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\Sandboxed Web Browser.lnk
[2010/03/26 14:23:03 | 000,001,256 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/03/26 11:09:04 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk
[2010/03/26 09:23:33 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\Win32kDiag.exe
[2010/03/25 15:12:41 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/03/25 14:38:58 | 000,007,591 | ---- | C] () -- C:\Documents and Settings\mschaefer\DModem_Trace.trc
[2010/03/23 11:24:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/23 11:24:45 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/18 14:18:41 | 014,525,558 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\Misc-selected.zip
[2010/03/17 18:01:52 | 3755,962,368 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/17 15:44:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/03/15 10:05:50 | 003,095,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/15 08:57:50 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\RSIT.exe
[2010/03/14 16:35:03 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/03/08 16:42:41 | 003,898,184 | R--- | C] () -- C:\Documents and Settings\mschaefer\Desktop\Combo-Fix.exe
[2010/03/07 11:43:26 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/03/07 01:45:32 | 001,339,288 | ---- | C] () -- C:\Documents and Settings\mschaefer\Desktop\sar_15_sfx.exe
[2010/03/06 21:59:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/05 11:55:59 | 059,088,896 | ---- | C] () -- C:\WINDOWS\System32\DZKWXUQ
[2009/07/28 14:52:25 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/07/20 15:18:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/28 12:33:52 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 10:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/11/17 20:56:45 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\fusioncache.dat
[2008/11/11 11:49:55 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/11/06 15:53:45 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/11/06 15:53:45 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/11/06 15:53:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/11/06 15:53:34 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/11/06 15:53:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/11/05 10:37:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mschaefer\Local Settings\Application Data\WavXMapDrive.bat
[2008/10/10 10:48:43 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/24 00:06:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/24 00:03:31 | 000,000,835 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/23 23:58:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/23 23:58:58 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/23 23:23:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/23 23:23:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/23 23:23:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/23 23:23:13 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/23 23:21:41 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
< End of report >
----

OTL Extras logfile created on: 3/28/2010 3:13:33 PM - Run 9
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mschaefer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 94.38 Gb Free Space | 63.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSCHAEFER02
Current User Name: mschaefer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\PGE\ReleaseX\MTU Simulator\1.6\Version 1.6.0000\MTU Simulator.exe" = C:\PGE\ReleaseX\MTU Simulator\1.6\Version 1.6.0000\MTU Simulator.exe:*:Enabled:MTU Simulator -- (Aclara Technologies of ESCO)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{509CC2F3-5449-4342-BEC4-3ACAAB7B93FC}" = VZAccess Manager
"{514213E3-96CF-49A4-B447-95296AB41A7B}" = Nissan DataScan II 1.2
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client 4.0.0.835
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{629CCE02-041D-4577-892C-577861181771}" = Verizon Wireless USB760 Firmware Updates
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7E820A0C-8CD6-44A2-9963-A243B224CDB4}" = TurboTax 2008 wpaiper
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84AA71B3-AD78-4171-BB50-6C6E8275CB79}" = PC5750 Firmware Updates
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{ED2076B8-AB8A-4A7E-AE35-B3E44721B8AB}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9B20F786-D75F-45ED-B98D-CA8DBEE3F5D9}" = SonicWALL Global VPN Client
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC Beta
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C22E00F3-4796-4614-B875-9AB22EA815B7}" = STAR 7.3.1
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBD90220-6A77-F6F0-6CCB-39FB90FE290B}" = Secure Backup and Share
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1030A)
"{F05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC843A65-4030-4D82-B8D9-5A69A20DD2ED}" = MySQL Server 5.1
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.728
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Core FTP LE 2.1" = Core FTP LE 2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Ethereal" = Ethereal 0.99.0
"Fiddler2" = Fiddler2
"FLV Player" = FLV Player 2.0 (build 25)
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{C22E00F3-4796-4614-B875-9AB22EA815B7}" = STAR 7.3.1
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mp3tag" = Mp3tag v2.45
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Online Backup" = Online Backup
"Sandboxie" = Sandboxie 3.44
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2010 11:09:15 AM | Computer Name = MSCHAEFER02 | Source = VSS | ID = 6013
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80004005. SQLSTATE: HY000, Native Error: 0 Source: Microsoft OLE DB Provider
for SQL Server Error message: Cannot generate SSPI context

Error - 3/26/2010 1:48:50 PM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/26/2010 9:48:50 PM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/27/2010 12:07:14 AM | Computer Name = MSCHAEFER02 | Source = VSS | ID = 6013
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80004005. SQLSTATE: HY000, Native Error: 0 Source: Microsoft OLE DB Provider
for SQL Server Error message: Cannot generate SSPI context

Error - 3/27/2010 5:48:50 AM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/27/2010 1:48:50 PM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/27/2010 9:48:50 PM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/28/2010 12:02:29 AM | Computer Name = MSCHAEFER02 | Source = VSS | ID = 6013
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80004005. SQLSTATE: HY000, Native Error: 0 Source: Microsoft OLE DB Provider
for SQL Server Error message: Cannot generate SSPI context

Error - 3/28/2010 5:48:50 AM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/28/2010 1:48:50 PM | Computer Name = MSCHAEFER02 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ StarServicesLog Events ]
Error - 1/5/2009 4:17:50 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 1/5/2009 4:30:32 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 1/6/2009 12:18:16 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 6/26/2009 3:06:33 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 6/26/2009 4:09:16 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 9/6/2009 11:10:32 AM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 9/16/2009 3:25:04 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 10/13/2009 3:41:43 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 10/14/2009 3:04:06 PM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

Error - 10/30/2009 9:29:40 AM | Computer Name = MSCHAEFER02 | Source = DCU Parse | ID = 0
Description = Value was either too large or too small for an Int32.

[ System Events ]
Error - 3/27/2010 8:53:56 AM | Computer Name = MSCHAEFER02 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/27/2010 11:55:34 AM | Computer Name = MSCHAEFER02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain RF due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/27/2010 3:56:26 PM | Computer Name = MSCHAEFER02 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 959 minutes. NtpClient has no source of accurate
time.

Error - 3/27/2010 4:55:34 PM | Computer Name = MSCHAEFER02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain RF due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/27/2010 8:55:34 PM | Computer Name = MSCHAEFER02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain RF due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/28/2010 1:55:34 AM | Computer Name = MSCHAEFER02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain RF due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/28/2010 6:55:34 AM | Computer Name = MSCHAEFER02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain RF due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/28/2010 7:56:26 AM | Computer Name = MSCHAEFER02 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 959 minutes. NtpClient has no source of accurate
time.

Error - 3/28/2010 11:51:02 AM | Computer Name = MSCHAEFER02 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain RF due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/28/2010 3:11:21 PM | Computer Name = MSCHAEFER02 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file '{29F8DDC1- .. C3C1298FF}' on the volume 'HarddiskVolume2'.
It has stopped monitoring the volume.


< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users